Submitted URL: https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fm...
Effective URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest...
Submission: On June 12 via manual from CA — Scanned from CA

Summary

This website contacted 14 IPs in 1 countries across 16 domains to perform 96 HTTP transactions. The main IP is 2606:4700:3031::ac43:cf3a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www45.nathanaeldan.pro.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 15th 2022. Valid for: a year.
This is the only time www45.nathanaeldan.pro was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 22 2606:4700:303... 13335 (CLOUDFLAR...)
10 13.226.36.217 16509 (AMAZON-02)
5 151.101.2.132 54113 (FASTLY)
10 44.195.137.121 14618 (AMAZON-AES)
10 2606:4700:303... 13335 (CLOUDFLAR...)
15 18.67.76.129 16509 (AMAZON-02)
14 2606:4700:303... 13335 (CLOUDFLAR...)
4 192.243.61.225 39572 (ADVANCEDH...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 192.243.59.12 39572 (ADVANCEDH...)
1 142.0.197.108 7979 (SERVERS-COM)
1 44.193.36.135 14618 (AMAZON-AES)
1 3.5.82.173 16509 (AMAZON-02)
96 14
Apex Domain
Subdomains
Transfer
22 nathanaeldan.pro
www56.nathanaeldan.pro
www26.nathanaeldan.pro
www21.nathanaeldan.pro
www23.nathanaeldan.pro
www8.nathanaeldan.pro
www29.nathanaeldan.pro
www82.nathanaeldan.pro
www22.nathanaeldan.pro
www45.nathanaeldan.pro
256 KB
15 ustingexcelle.xyz
ustingexcelle.xyz
14 KB
14 quiremuken.xyz
quiremuken.xyz — Cisco Umbrella Rank: 24699
7 KB
10 freychang.fun
freychang.fun — Cisco Umbrella Rank: 26772
506 KB
10 cloudfront.net
dc5k8fg5ioc8s.cloudfront.net
247 KB
6 biscussexbug.xyz
biscussexbug.xyz
217 B
5 ex.co
player.ex.co — Cisco Umbrella Rank: 11054
922 B
4 sinaunrelean.info
sinaunrelean.info — Cisco Umbrella Rank: 361499
97 KB
3 furstraitsbrowse.com
furstraitsbrowse.com — Cisco Umbrella Rank: 661094
469 B
1 amazonaws.com
webpick-cdn.s3.us-west-2.amazonaws.com — Cisco Umbrella Rank: 92847 Failed
10 KB
1 simplewebanalysis.com
simplewebanalysis.com — Cisco Umbrella Rank: 15427
293 B
1 clenchedyouthmatching.com
clenchedyouthmatching.com — Cisco Umbrella Rank: 190978
159 B
1 dismantlepenantiterrorist.com
dismantlepenantiterrorist.com — Cisco Umbrella Rank: 133547
425 B
1 addresseepaper.com
addresseepaper.com — Cisco Umbrella Rank: 19792
15 KB
1 auntieimpetus.com
auntieimpetus.com — Cisco Umbrella Rank: 801771
594 B
0 venetrigni.com Failed
venetrigni.com Failed
96 16
Domain Requested by
15 ustingexcelle.xyz dc5k8fg5ioc8s.cloudfront.net
sinaunrelean.info
14 quiremuken.xyz www56.nathanaeldan.pro
dc5k8fg5ioc8s.cloudfront.net
www21.nathanaeldan.pro
www8.nathanaeldan.pro
www82.nathanaeldan.pro
www45.nathanaeldan.pro
10 freychang.fun dc5k8fg5ioc8s.cloudfront.net
10 dc5k8fg5ioc8s.cloudfront.net www56.nathanaeldan.pro
ustingexcelle.xyz
www21.nathanaeldan.pro
www8.nathanaeldan.pro
www82.nathanaeldan.pro
www45.nathanaeldan.pro
6 biscussexbug.xyz sinaunrelean.info
5 player.ex.co www56.nathanaeldan.pro
www21.nathanaeldan.pro
www8.nathanaeldan.pro
www82.nathanaeldan.pro
www45.nathanaeldan.pro
4 www82.nathanaeldan.pro 1 redirects www82.nathanaeldan.pro
4 www8.nathanaeldan.pro 1 redirects www8.nathanaeldan.pro
4 www21.nathanaeldan.pro 1 redirects www21.nathanaeldan.pro
4 sinaunrelean.info www56.nathanaeldan.pro
www21.nathanaeldan.pro
www8.nathanaeldan.pro
www82.nathanaeldan.pro
4 www56.nathanaeldan.pro 1 redirects www56.nathanaeldan.pro
3 furstraitsbrowse.com www45.nathanaeldan.pro
2 www45.nathanaeldan.pro www45.nathanaeldan.pro
1 webpick-cdn.s3.us-west-2.amazonaws.com dc5k8fg5ioc8s.cloudfront.net
1 simplewebanalysis.com addresseepaper.com
1 clenchedyouthmatching.com www45.nathanaeldan.pro
1 dismantlepenantiterrorist.com www45.nathanaeldan.pro
1 addresseepaper.com www45.nathanaeldan.pro
1 auntieimpetus.com www45.nathanaeldan.pro
1 www22.nathanaeldan.pro sinaunrelean.info
1 www29.nathanaeldan.pro sinaunrelean.info
1 www23.nathanaeldan.pro sinaunrelean.info
1 www26.nathanaeldan.pro sinaunrelean.info
0 venetrigni.com Failed www45.nathanaeldan.pro
96 24

This site contains links to these domains. Also see Links.

Domain
furstraitsbrowse.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-02-15 -
2023-02-15
a year crt.sh
*.cloudfront.net
Amazon
2022-02-01 -
2023-01-31
a year crt.sh
*.ex.co
Go Daddy Secure Certificate Authority - G2
2022-06-06 -
2023-07-08
a year crt.sh
sinaunrelean.info
R3
2022-05-15 -
2022-08-13
3 months crt.sh
ustingexcelle.xyz
Amazon
2022-05-31 -
2023-06-29
a year crt.sh
biscussexbug.xyz
R3
2022-05-31 -
2022-08-29
3 months crt.sh
auntieimpetus.com
R3
2022-05-30 -
2022-08-28
3 months crt.sh
furstraitsbrowse.com
R3
2022-05-23 -
2022-08-21
3 months crt.sh
*.addresseepaper.com
E1
2022-04-27 -
2022-07-26
3 months crt.sh
dismantlepenantiterrorist.com
R3
2022-05-01 -
2022-07-30
3 months crt.sh
clenchedyouthmatching.com
R3
2022-05-31 -
2022-08-29
3 months crt.sh
simplewebanalysis.com
Amazon
2022-04-01 -
2023-04-30
a year crt.sh
*.s3-us-west-2.amazonaws.com
Amazon
2021-12-17 -
2022-11-29
a year crt.sh

This page contains 7 frames:

Primary Page: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Frame ID: 0FB0CB8B28FF980FDC0CFCC529AA5CFB
Requests: 84 HTTP requests in this frame

Frame: https://ustingexcelle.xyz/eVZTMWQYNDBcWxhrMRcRCzpuFFY/c2F3ABpjOAkCHmM6XgdBJX1SCBYjN1cWFjgnHwocInYDIjQzFXsmI2Y8UzQqbhFVNQ5hGWcUAAU+a1UsHj9UKz0fGnslESARVjEXGCRgCTECY3wmABwRYQMwZDV3AAoQF3wSOB43VCoAbhZVVBVmGnApFgQEawo8LDxpKyEhAHsmDmUZRlASHgdrCjw/J3c0AGI3eBwoc2FzLTwcZ2EJHSAFA10yDz5aNTAuCgMoERdmaTM7LhBlUR0PG3czHDoJWD4/BxppMzsuFnIpLgwbZyccAiMCB0g1KmUJIzkCXwwwGykcISEcOwEIMxcGWSEqDDhnNQEYCmk+MzMGBFcaZzdYIQM5YnINIzIKcC46MxZWQUsUGHATDw4Ecxw4FWtTKypjHFNUCT8aVlxNECkJDyg4NBRWOw9gdzIjEzsJAD8yZWU8AWUFXF0yDzl4IzUUOFYvPBxnYQkdLwZ2NjUMFFI3HWY4Fw4KOT1BWT40Pn4yHiwkRTEa
Frame ID: C342C1EDDE549625E5C284C19006CF2D
Requests: 2 HTTP requests in this frame

Frame: https://ustingexcelle.xyz/NVkzZDNUO1AJDFRkUUJGRzUOQQFzfAEiV1ZsWFxVUmxaC1ANKh0HX1osVwJBWjdHSl1QLRZWdQQOWBcHbwFiUXlzAHc3SgEwayJbeDh7XH5gMldcemAqeCNaRWtnHVB2GnAqZnAbakEBcxRUJnd0GnIScWMPYCpaRQ5yD18NFV89dGYORxBkZBxkPgANPHY1YgQQcjFicjMHEWtSLlI0Sg08diZlWxNfB1V9DWoKZGAbdCx7AQ5lMnVaPEslYH0NYhJlTRB7AgBeEHATcRBrdQFiXQxhLGECEWU9AVNqWC12XWkDAmJNGGEcW0AaXzF+VxELNmJwA0IvWBg+ZSN3DWFrNVBTFElcV2MjeRJWdGB/NgFNLHAIZVYUYCp+dhtbQQFzPGsQcmc0XApmZG1hAgBeEHIMdgAQdQB+YA5bU2RCaXQqYG89YiFqVjxUDGtiNEMId2MPdgYBYBZlInVaPAMXdnAzQFFmYBt0LHsBFWYIQ0U/YVBiZg5AQllGNl0UDkIbRTZbWSxRAUoN
Frame ID: 6CB3EAC8937543DDB17BAFE67B591CE8
Requests: 2 HTTP requests in this frame

Frame: https://ustingexcelle.xyz/UmVkUm0zBwc/UjNYBnQYIAlZd18UQFYUCTFQD2oLNVANPQ5qFkoxAT0QADQfPQsQfAM3EUFgKwgxVRwcBggDIT0TNAsEFyFTIDwjAwMzNgg3MxAiIgAODBAHaxAuOFgLLSYXDhAxJT0sKwkLGikHVjJhWB0sHhsoGTMyIiM1NBAENWdUJysCGQYJNiAdDQM1IhQGUxAEIVcgEQ4VLg42IB0SCCs9NTBUEz4fQFYULmARBRE6CCACOVxrPFQbWBM2IWEvBg4GMwAUBC0QFSM8MiJIYCMzFSs4MVdiHDMIIjMiAyAMCDtnFzMlXGAyLGY8NzIAFgxjFUFgKx8NST1IYCcmEQI5IR0lKRgMAAILEVBSCytjAjNhAWAyLGcsGCEXNyQlNxULPj4XMzxVd1ciExQHKwU/KzMuNWIeHSQyPDkKVA4RPgsELRZZAgRVPScLCRRqPzxcXQpeZzwBPFwxA1RjVAsdDyQpO1EME18mBCcFNwgAMQhVCDATZTsKUUI4Hj0LFG8hIlU3EBsZPQMCLg
Frame ID: 3D26906AFE173EB21ABD66F62DC783FF
Requests: 2 HTTP requests in this frame

Frame: https://ustingexcelle.xyz/cXFmM2sQEwVeVBBMBBUeAx1bFlk3VFR1DxJEDQsNFkQPXAhJAkhQBx4EAlUZHh8SHQUUBUMBLRonM2UvKEI3ASAYQSBgEjQCLAJePCtVdVgnNAJJJwswK3QCJ0UpXy5HIQgDLTclFXEpMhkgcihJGQBfJSI+NWIfMzQKSSIyQSdgPCMbL1QIJhAudQc3BjcFJx9FMXQBNBYsYgQQPCV1BzcZMFwgMgY8ez8aAS9YMTY0VXEfJEAgXQ8mAjN7PwIZKnE6ORIuVxE1ICRED0I/NWEjBUA8XypDEi5XETczVgQIQhUhYRMVFgVlJjwoVXUaIxo8XyE1XCtnLDUwH3kMNBc2dy0cJDJ5DBUfNH05Qz8BUD0/EjZaW0I1DlscFQYkdDkcJBZ4DBYjBXsPCzMkdlk9GB54PiYVV3oqAjYpWgwcIw1qPxU5KGE8HCcUVwc/ND90H0AkCnUFFSUncC4bIFV4ACs2IwApBicgQwYSQzNkOCYgQFkYHh8WDhJDPw0LLQc+MnIA
Frame ID: A85D92ED0620473D19A3AFFE8ECDE3BD
Requests: 2 HTTP requests in this frame

Frame: https://ustingexcelle.xyz/bFhyT20NOhEiUg1lEGkYHjRPal8qfUAJCQ9tGXcLC20bIA5UK1wsAQMtFikfAzYGYQMJLFd9KyoOGRUoCA4VfiY/NyYVFCUuOwoFCwI6BRo9NQY4ISg7EwEENm8zC1ldFzAsJi0vQiksJB0ZCAAhHCsoKAUVHDtdOSIjfCYvFjspByE3OH8FHDsxLAoqaiQmNCgZNAEXXW8/HR5UFQsOGSsiQjY0KB0nFTkfKCInGlwXGysFPiBHJQwkCiMuADYtPzcaXhUbJBcuNkMkCQU3MCk6PmoWGjteAh8BXiJrQyQJBhURAQAuISsaNA07QR1dKA9HJg9edTQHDCg7QAEvB2E7HCABEBgKBDVrKzUPOw4KLgY2LRF8P1wAJgJIXho/JgY2PiUeKzUNFiAiBWAECiVdMxYmID0XCH8dDg4wPjcFDQENFw9vO30rJBAfK18INAYgCCQWQh06XWwRBzs9OR8WXCYKP3onL2EaHRVZMhYXIw45QA0KIQ0aP0sGKx0hHVEcOSIDPRYEGiQqbSMNWCk
Frame ID: 0679A88E6C6E0B6D770ECC8D69C81C69
Requests: 2 HTTP requests in this frame

Frame: https://webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg
Frame ID: 7A183DEEAA0D4AB7EFF6AF9811648095
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

AdFly - Click Allow to continue

Page URL History Show full URLs

  1. https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&... Page URL
  2. https://www26.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=61743083... Page URL
  3. https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&... HTTP 302
    https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=61743083... Page URL
  4. https://www23.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=61743083... Page URL
  5. https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=61743083... HTTP 302
    https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=61743083... Page URL
  6. https://www29.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=61743083... Page URL
  7. https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=61743083... HTTP 302
    https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=61743083... Page URL
  8. https://www22.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=61743083... Page URL
  9. https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=61743083... HTTP 302
    https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=61743083... Page URL

Page Statistics

96
Requests

95 %
HTTPS

31 %
IPv6

16
Domains

24
Subdomains

14
IPs

1
Countries

1151 kB
Transfer

2154 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed Page URL
  2. https://www26.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed Page URL
  3. https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed HTTP 302
    https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed Page URL
  4. https://www23.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed Page URL
  5. https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed HTTP 302
    https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed Page URL
  6. https://www29.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed Page URL
  7. https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed HTTP 302
    https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed Page URL
  8. https://www22.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed Page URL
  9. https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed HTTP 302
    https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20
  • https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed HTTP 302
  • https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Request Chain 36
  • https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed HTTP 302
  • https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Request Chain 52
  • https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed HTTP 302
  • https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed

96 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
www56.nathanaeldan.pro/pushredirect/
6 KB
3 KB
Document
General
Full URL
https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.27
Resource Hash
69f55d3504c70891ea9edc17bf9da51728ca2279b8315931e9cb23f766443c14

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
71a557508dc5ca67-YUL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:52 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PChLI%2BikhtPzjS7TuOJGioCbQSjh0Mz5raHOzaSNrHAmChaTaCokzLRwo%2FiZYh%2F8h2jU%2F68aUMBuaNtBM7lqeXjOfYxqSO%2BEH%2Bsqf4QNw5RGJ4BRKfLi7hzmT8QCvtc8hdxk6BTlj6HhpSczSSblJuY04s5M"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed
/
dc5k8fg5ioc8s.cloudfront.net/
163 KB
49 KB
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by
Host: www56.nathanaeldan.pro
URL: https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
7e6d4d8801a8144849709f2ae050ef40e951c40c3ee38dd4536b406f1e503962

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:52 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length
49631
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
84xxTX3r1mhe1xIS3IbOJy1dNFppJD2mg4GuyD5Ben83oH0zVz82xQ==
logo.png
www56.nathanaeldan.pro/static/image/
10 KB
11 KB
Image
General
Full URL
https://www56.nathanaeldan.pro/static/image/logo.png
Requested by
Host: www56.nathanaeldan.pro
URL: https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:52 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
626
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10726
last-modified
Tue, 10 Nov 2020 09:44:06 GMT
server
cloudflare
etag
"29e6-5faa60e6-b22ed065d915c717;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yWCXKWe686whJimo86Sxcs90H4KtSd59Zalk4l9RHGHOwVbGAvSncqLuAFqav6EjWBgdfi9J5bha0GjTyPfp7%2BgN3sVuuSTymOEvnO7iS2TatZG7HYDO6N4XKplsKUXtJg0NQur6iVaq5HBklaDM%2BzmYSqyZ"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
71a557511e5eca67-YUL
expires
Sun, 19 Jun 2022 20:19:26 GMT
17a72af7-7cb1-4f49-bce5-18314b016d6d
player.ex.co/player/
0
555 B
Script
General
Full URL
https://player.ex.co/player/17a72af7-7cb1-4f49-bce5-18314b016d6d
Requested by
Host: www56.nathanaeldan.pro
URL: https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:52 GMT
via
1.1 varnish, 1.1 varnish
age
53658
x-cache
HIT, HIT
access-control-max-age
600
content-length
0
x-served-by
cache-iad-kcgs7200127-IAD, cache-yul12827-YUL
server
nginx
x-timer
S1655065792.229740,VS0,VE0
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
vary
x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot, x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-pb-reason
requested id was blocked
accept-ranges
bytes
access-control-allow-headers
Accept, Authorization, Content-Type
x-cache-hits
1, 2
am-push-cps.js
www56.nathanaeldan.pro/
92 KB
39 KB
Script
General
Full URL
https://www56.nathanaeldan.pro/am-push-cps.js?puid=21150355&clickid=21150355_3336489&allb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed&ob=https%3A%2F%2Fwww26.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&clb=https%3A%2F%2Fwww26.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&asb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Requested by
Host: www56.nathanaeldan.pro
URL: https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1748a4dc17a0c9ce36d1653df23a75281d05842c3266452fd7bd01ed5351ebfe

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:52 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 10 Nov 2020 09:44:06 GMT
server
cloudflare
etag
W/"171ce-5faa60e6-c109d6004d840eb5;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DggrdSyBHL7b5jY%2F3ui5LlpuoBG3aQense7Tq3HqSIXA7E8pnl3hGr8pGZV3LgXp9kPHsPBOwsTGvngc%2BKJxQQS6WjIklMQpfIEpfE2221IkppsgzO3x79bZSFQjlNGEW1ylZDqvpCp%2FYKL27HglvqEJ%2Fe5Q"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
71a557512ac57133-YUL
expires
Sun, 19 Jun 2022 20:13:00 GMT
TDFkdGw3ExcDMzlDCFZWblkQABw%2FC0tbGztGUUJCIlAQHA0iUAEYCC1fSgQeIx4FGUE8RBccQS9BF1oGPw4UAQUoDFZFXXkBV0FZalIIHQ8nWABJXn0AUURfeQQ7R19%2FB1BMVWpQCBgOcVkQABw%2FFFc1SX53QUYqIVADDQ45HwoRGGkDIgYJKFgWEQ84WAo...
sinaunrelean.info/
59 KB
24 KB
Script
General
Full URL
https://sinaunrelean.info/TDFkdGw3ExcDMzlDCFZWblkQABw%2FC0tbGztGUUJCIlAQHA0iUAEYCC1fSgQeIx4FGUE8RBccQS9BF1oGPw4UAQUoDFZFXXkBV0FZalIIHQ8nWABJXn0AUURfeQQ7R19%2FB1BMVWpQCBgOcVkQABw%2FFFc1SX53QUYqIVADDQ45HwoRGGkDIgYJKFgWEQ84WAoTSX53BTw%2BfFIsOVoASF1HCH9SERY7GloFIyohUDw%2BAABcKgIOHwgJFTs0XSgOLj1UCRhfFmYUDg8mVlAXJCgCAA1VH1NWPgQvXV0DNRt%2FFjgBCkYFDVUhUDMMAGkDIhJfdQhXFl96CFYSCX0GXERfeQhSFQ16A1EXCCkEBhEIal4GSQQ4RRQHSX9wQUYqaQMiAxs7A1JaAi1FDBUCLVQIEA0iHxQGA2kDIgQZP1kWEQglQwEXGGkDIlFfCkUJBEl%2FdVVRXnpfAQAbI0MPUV8IAkFGWiVeF1FfCAFBRlo%2FWBARSX91BRAKIEhBRlovFFcwXWkDUgQcJRRXMF59AFFEX3kEQUZaPFINUV8IB1VDWH8BXEdfeRRWQhhpAiBFWnkEVEJZewRQUV56VQEHGGkCIBwYOEEXUV55AiVRXnkDIlFeeQMiGQ0rSAYBQiJUEFFeeQMiBgkoWBYRDzhYChNJfgRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRll%2BdwJHVXUCBkdadQMCEV17CVRHWXUHBRVafgQHEAl5UwEQSi9dBkkEOEUUB0l%2FcEFGKmkDIgMbOwNSWgItRQwVAi1UCBANIh8UBgNpAyIEGT9ZFhEIJUMBFxhpAyJRXwpFCQRJf3VWUV56XwEAGyNDD1FfCAJBRlolXhdRXwgBQUZaP1gQEUl%2FdQUQCiBIQUZaLxRXMF1pA1IEHCUUVzBefQBRRF95BEFGWjxSDVFfCAdVQ1h%2FAVxHX3kUVkIYaQIgRVp5BFRCWXsEUFFeelUBBxhpAiAcGDhBF1FeeQIlUV55AyJRXnkDIhkNK0gGAUIiVBBRXnkDIgYJKFgWEQ84WAoTSX4EVjINBGNUFyQBBygNVX9VVxcZLmYyHw0bdwkVNAZdKBkiOlM3TQEtZhwYIDZzFREBIAI%2BIxw2Ug4TWC95AEcINQg3Fl4GWQcYVTtoMzoeAFwiAw01CAkVOzRdQUZZfncCR1V1AgZHWnUDAhFdewlUR1l1BwUVWn4EBxAJeVMBEEotQgZJBDhFFAdJf3BBRippAyIZDStIBgFCIlQQUV4KQwEQBT5UBwAFIlZBRioteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIUV4KV1dNVX9TV0JVflcBRVt0AVdBVXpQBUJeeVIAEVkuVABWQG5CCRJOdgBIVhgtVjsdCG4LRkxddANcQk5gExcBDhNYAEVOdhNWRV15AVdBWW4dRgcZLm4NEF5uC0ZGXX0EVEdZeW5XR196BVxNTmATBRgALhNeVgQ4RRQHVmMeCRULNVMRWgIpRUsGCShYFhEPOFgKE0MteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIWwp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWAy4TXlYEOEUUB1ZjHhMDG34HShoNOFkFGg0pXQAVAmJBFhtDPEQXHB4pVQ0GCS9FS0sYIUFZRUoiVBADAz5aWUdKJV4XSVxqQg0ACXFQABIANRcHSV1qQRQdUX4AVUFcfwRRUhwvWFlCXXsFV0RUfwJRUhhxAFJBWXwHUUNZeBcAER84DAwAGDxCQUctaQMiUV4KXAUTFS5EShoJOBRWMh4pVQ0GCS9FDRoLaQMiFSQeAQc8IXp9HU1fKAIHAQ4bZw8VOwpcBSwmIH0JOhouYl0ZDRtJCDgWDkABGQB%2FazMEFi9bA0APBFVXEBV1YgZGJiRSCE0bFWYqBiAhdxMVFXVcBSMUIBRWMgp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWDyBTRk5OJEUQBB92HksDGzsDUloCLUUMFQItVAgQDSIfFAYDY0ERBwQ%2BVAAdHilSEFtTOFwUSV5qXwEAGyNDD0lfalgLB1F8FxcdGCkMBRAKIEhCF1F9FxQEBXEDVUVZfAJRQUo8Ug1JWn0GUEdcdAJXQUo4DFVCWXkBUkFbeQVCEAk%2FRVkcGDhBF1FfDRRWMkl%2BdwkVCzVTEVoCKUVBRio%2BVAAdHilSEB0CKxRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRioqAl1NXy4CUk1eKlRVQ1R8AlFNWi1QUkZZL1UBQQ4pVUZYTi1CBlZWblkQABw%2FC0tbAS1WHRYZYl8BAEM%2BVAAdHilSEB0CKx4FPD58Uiw5WgBIXUcIf1IRFjsaWgUjKiFQPD4AAFwqAg4fCAkVOzRdKA4uPVQJGF8WZhQODyZWUBckKAIADVUfU1Y%2BBC9dXQM1G38WOAEKRgUNVSFQMwwAY1dXTVV%2FU1dCVX5XAUVbdAFXQVV6UAVCXnlSABFZLlQAVhE
Requested by
Host: www56.nathanaeldan.pro
URL: https://www56.nathanaeldan.pro/am-push-cps.js?puid=21150355&clickid=21150355_3336489&allb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed&ob=https%3A%2F%2Fwww26.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&clb=https%3A%2F%2Fwww26.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&asb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/ Express
Resource Hash
7500e4741020333848a25ad2bb1b5c2c8e7e983c4cd5eb44006a06c879f0b819

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"eb48-thxwkA7EM/jtiNH5b7nAoPez3Jo"
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
asd100.bin
freychang.fun/
100 KB
101 KB
Fetch
General
Full URL
https://freychang.fun/asd100.bin
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:52 GMT
access-control-allow-methods
GET
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4630
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sun, 12 Jun 2022 19:12:42 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GKAnRLy3cEz8AEcPMJB1uvHd7nfDJxuwRXOdHyvPYYkwNt%2BF5IxSE3nVbX%2BCj6wr97AFhbJQTkOhmUrNnGo0qEmfGnhmjSKkmAqk4xPXv3dtOBzEQg3vxDjhRkaAWzEu9uY%2FgpctpojPhqLO"}],"group":"cf-nel","max_age":604800}
content-type
binary/octet-stream
access-control-allow-origin
https://www56.nathanaeldan.pro
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
71a557526c847133-YUL
access-control-allow-headers
X-Requested-With, content-type
/
freychang.fun/
26 B
383 B
Fetch
General
Full URL
https://freychang.fun/
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd5e6093c607e9b1b2906aa2f746ce4bc2dac857f095e86bcc45e33a9c4b0793

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:52 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
https://www56.nathanaeldan.pro
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RCTxzsWh4fRV2KtdOlyxG59s9ml2FVzbxIouPNlyzCQa4%2BkoKFshfuFIMj%2FP5Yks1LJVKaIPrPoBT%2BtS4ypSQg2MK9SjHbaKwdNJB7Rz5xRkeyHnXdZLr3EHxERgzuFD1peEPAQRb3vf9WCA"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
71a557526c877133-YUL
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
ustingexcelle.xyz/
0
496 B
XHR
General
Full URL
https://ustingexcelle.xyz/utx?cb=BE54izUxXuSC&top=www56.nathanaeldan.pro&tid=824473
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:52 GMT
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www56.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
JNOAD1-nr4Uxo0XZ-iGA4Jyy6IKXLCnr89GnUGzlX5Wl63CRo2MBNg==
BxppMzsuFnIpLgwbZyccAiMCB0g1KmUJIzkCXwwwGykcISEcOwEIMxcGWSEqDDhnNQEYCmk+MzMGBFcaZzdYIQM5YnINIzIKcC46MxZWQUsUGHATDw4Ecxw4FWtTKypjHFNUCT8aVlxNECkJDyg4NBRWOw9gdzIjEzsJAD8yZWU8AWUFXF0yDzl4IzUUOFYvPBxnY...
ustingexcelle.xyz/eVZTMWQYNDBcWxhrMRcRCzpuFFY/c2F3ABpjOAkCHmM6XgdBJX1SCBYjN1cWFjgnHwocInYDIjQzFXsmI2Y8UzQqbhFVNQ5hGWcUAAU+a1UsHj9UKz0fGnslESARVjEXGCRgCTECY3wmABwRYQMwZDV3AAoQF3wSOB43VCoAbhZVVBVmGnA... Frame C342
3 KB
2 KB
Document
General
Full URL
https://ustingexcelle.xyz/eVZTMWQYNDBcWxhrMRcRCzpuFFY/c2F3ABpjOAkCHmM6XgdBJX1SCBYjN1cWFjgnHwocInYDIjQzFXsmI2Y8UzQqbhFVNQ5hGWcUAAU+a1UsHj9UKz0fGnslESARVjEXGCRgCTECY3wmABwRYQMwZDV3AAoQF3wSOB43VCoAbhZVVBVmGnApFgQEawo8LDxpKyEhAHsmDmUZRlASHgdrCjw/J3c0AGI3eBwoc2FzLTwcZ2EJHSAFA10yDz5aNTAuCgMoERdmaTM7LhBlUR0PG3czHDoJWD4/BxppMzsuFnIpLgwbZyccAiMCB0g1KmUJIzkCXwwwGykcISEcOwEIMxcGWSEqDDhnNQEYCmk+MzMGBFcaZzdYIQM5YnINIzIKcC46MxZWQUsUGHATDw4Ecxw4FWtTKypjHFNUCT8aVlxNECkJDyg4NBRWOw9gdzIjEzsJAD8yZWU8AWUFXF0yDzl4IzUUOFYvPBxnYQkdLwZ2NjUMFFI3HWY4Fw4KOT1BWT40Pn4yHiwkRTEa
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
f59b7a71a1eb00d688a892425e083f01fe81bf22da5fb219c6e8c02252f020e9

Request headers

Referer
https://www56.nathanaeldan.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1230
content-type
text/html
date
Sun, 12 Jun 2022 20:29:52 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
x-amz-cf-id
l1cBYYEPfMmXnlQ9_ZZ9Lfy7nK2gYZ3EiHX8thIca0nNGFwfnYrsGQ==
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
U3QzBjYOb3JEd1didUd1W2BwRnU
quiremuken.xyz/YlJDckJNbSABfzdiCT8gGBgkFgpTCAIlBBU3LxUAO2EJSxQVA2UGKwZve0B2VmVwVDILNn5BcEQhNxM2FyF+Q2QLPCUdf0QkfkJsWnx7XHBEJ35DZBYiIhV/
0
493 B
Image
General
Full URL
https://quiremuken.xyz/YlJDckJNbSABfzdiCT8gGBgkFgpTCAIlBBU3LxUAO2EJSxQVA2UGKwZve0B2VmVwVDILNn5BcEQhNxM2FyF+Q2QLPCUdf0QkfkJsWnx7XHBEJ35DZBYiIhV/U3QzBjYOb3JEd1didUd1W2BwRnU
Requested by
Host: www56.nathanaeldan.pro
URL: https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:52 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WegtTHXsXiz%2F5DNIZsAA8kJiQo5zJBnjNyEZ9mgq4J8SvLcRZWhVA6RGvTmjNNqT236k1u4wBdwodu8Hzf94wIlZyjkNeKsVoigEChb3u1ypu8vZ%2Bur7Ha0Fa1D9aZlAEekEpmixFiYsAES83w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a5575278174bd6-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
e2kHABJxYFQ2H24sXjxncGoDbG17fkcxPnVrBX4pPDlDLSl1agdobW4xWT41dWoRLmd4dg92YmZqES1neX5DKDsvZQZ+KjwsW2Vrfm0CaGx9bw5qaXxh
quiremuken.xyz/WFpIWDd3ZSsrCjofcRZkMz4uPW8gYiweAmE/
0
262 B
Image
General
Full URL
https://quiremuken.xyz/WFpIWDd3ZSsrCjofcRZkMz4uPW8gYiweAmE/e2kHABJxYFQ2H24sXjxncGoDbG17fkcxPnVrBX4pPDlDLSl1agdobW4xWT41dWoRLmd4dg92YmZqES1neX5DKDsvZQZ+KjwsW2Vrfm0CaGx9bw5qaXxh
Requested by
Host: www56.nathanaeldan.pro
URL: https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:52 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kS%2BFUKFT1YQ7ZTXAXb4vZ3yuMEwONPDsriKDWVcAoFVdf%2B%2BBO4PtdOsCQs5XI4fb0sL0liJbKdnaKQDv9w8oBA%2FsZHCPT7c8bpNDZAOTi9FX4o8IRMu3lf13cNXZV6gw7Rr5oMm2etbB8vFeZg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a55752781b4bd6-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
ustingexcelle.xyz/
0
496 B
XHR
General
Full URL
https://ustingexcelle.xyz/utx?tid=818286&top=www56.nathanaeldan.pro&cb=cO3P1t6W17l8
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/TDFkdGw3ExcDMzlDCFZWblkQABw%2FC0tbGztGUUJCIlAQHA0iUAEYCC1fSgQeIx4FGUE8RBccQS9BF1oGPw4UAQUoDFZFXXkBV0FZalIIHQ8nWABJXn0AUURfeQQ7R19%2FB1BMVWpQCBgOcVkQABw%2FFFc1SX53QUYqIVADDQ45HwoRGGkDIgYJKFgWEQ84WAoTSX53BTw%2BfFIsOVoASF1HCH9SERY7GloFIyohUDw%2BAABcKgIOHwgJFTs0XSgOLj1UCRhfFmYUDg8mVlAXJCgCAA1VH1NWPgQvXV0DNRt%2FFjgBCkYFDVUhUDMMAGkDIhJfdQhXFl96CFYSCX0GXERfeQhSFQ16A1EXCCkEBhEIal4GSQQ4RRQHSX9wQUYqaQMiAxs7A1JaAi1FDBUCLVQIEA0iHxQGA2kDIgQZP1kWEQglQwEXGGkDIlFfCkUJBEl%2FdVVRXnpfAQAbI0MPUV8IAkFGWiVeF1FfCAFBRlo%2FWBARSX91BRAKIEhBRlovFFcwXWkDUgQcJRRXMF59AFFEX3kEQUZaPFINUV8IB1VDWH8BXEdfeRRWQhhpAiBFWnkEVEJZewRQUV56VQEHGGkCIBwYOEEXUV55AiVRXnkDIlFeeQMiGQ0rSAYBQiJUEFFeeQMiBgkoWBYRDzhYChNJfgRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRll%2BdwJHVXUCBkdadQMCEV17CVRHWXUHBRVafgQHEAl5UwEQSi9dBkkEOEUUB0l%2FcEFGKmkDIgMbOwNSWgItRQwVAi1UCBANIh8UBgNpAyIEGT9ZFhEIJUMBFxhpAyJRXwpFCQRJf3VWUV56XwEAGyNDD1FfCAJBRlolXhdRXwgBQUZaP1gQEUl%2FdQUQCiBIQUZaLxRXMF1pA1IEHCUUVzBefQBRRF95BEFGWjxSDVFfCAdVQ1h%2FAVxHX3kUVkIYaQIgRVp5BFRCWXsEUFFeelUBBxhpAiAcGDhBF1FeeQIlUV55AyJRXnkDIhkNK0gGAUIiVBBRXnkDIgYJKFgWEQ84WAoTSX4EVjINBGNUFyQBBygNVX9VVxcZLmYyHw0bdwkVNAZdKBkiOlM3TQEtZhwYIDZzFREBIAI%2BIxw2Ug4TWC95AEcINQg3Fl4GWQcYVTtoMzoeAFwiAw01CAkVOzRdQUZZfncCR1V1AgZHWnUDAhFdewlUR1l1BwUVWn4EBxAJeVMBEEotQgZJBDhFFAdJf3BBRippAyIZDStIBgFCIlQQUV4KQwEQBT5UBwAFIlZBRioteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIUV4KV1dNVX9TV0JVflcBRVt0AVdBVXpQBUJeeVIAEVkuVABWQG5CCRJOdgBIVhgtVjsdCG4LRkxddANcQk5gExcBDhNYAEVOdhNWRV15AVdBWW4dRgcZLm4NEF5uC0ZGXX0EVEdZeW5XR196BVxNTmATBRgALhNeVgQ4RRQHVmMeCRULNVMRWgIpRUsGCShYFhEPOFgKE0MteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIWwp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWAy4TXlYEOEUUB1ZjHhMDG34HShoNOFkFGg0pXQAVAmJBFhtDPEQXHB4pVQ0GCS9FS0sYIUFZRUoiVBADAz5aWUdKJV4XSVxqQg0ACXFQABIANRcHSV1qQRQdUX4AVUFcfwRRUhwvWFlCXXsFV0RUfwJRUhhxAFJBWXwHUUNZeBcAER84DAwAGDxCQUctaQMiUV4KXAUTFS5EShoJOBRWMh4pVQ0GCS9FDRoLaQMiFSQeAQc8IXp9HU1fKAIHAQ4bZw8VOwpcBSwmIH0JOhouYl0ZDRtJCDgWDkABGQB%2FazMEFi9bA0APBFVXEBV1YgZGJiRSCE0bFWYqBiAhdxMVFXVcBSMUIBRWMgp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWDyBTRk5OJEUQBB92HksDGzsDUloCLUUMFQItVAgQDSIfFAYDY0ERBwQ%2BVAAdHilSEFtTOFwUSV5qXwEAGyNDD0lfalgLB1F8FxcdGCkMBRAKIEhCF1F9FxQEBXEDVUVZfAJRQUo8Ug1JWn0GUEdcdAJXQUo4DFVCWXkBUkFbeQVCEAk%2FRVkcGDhBF1FfDRRWMkl%2BdwkVCzVTEVoCKUVBRio%2BVAAdHilSEB0CKxRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRioqAl1NXy4CUk1eKlRVQ1R8AlFNWi1QUkZZL1UBQQ4pVUZYTi1CBlZWblkQABw%2FC0tbAS1WHRYZYl8BAEM%2BVAAdHilSEB0CKx4FPD58Uiw5WgBIXUcIf1IRFjsaWgUjKiFQPD4AAFwqAg4fCAkVOzRdKA4uPVQJGF8WZhQODyZWUBckKAIADVUfU1Y%2BBC9dXQM1G38WOAEKRgUNVSFQMwwAY1dXTVV%2FU1dCVX5XAUVbdAFXQVV6UAVCXnlSABFZLlQAVhE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:52 GMT
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www56.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
zvM-uuZYe1Ghvk65dCHe8U7C3ub5ZPCluTNpV0BrkQdvwzJH-vKYPA==
MeFJBZ0obPS8BdQw7JVpySmZ1UHleODIIJAhvBgUnNwQmHT0MByJBPgI2fFdsFDMvAHdeNy8Ed0l0IAMoRWZnEzoXOXwSJBw3Jw4kHTZnEitFPy4dIxQ+IEJ4PmdvV29KYmkQIxY2LhA5XWBxCT5dYHFWelZiZFQIXWBxECMWZHVCeTp3c1cyTmZoQnhIMz-EXJh0...
dc5k8fg5ioc8s.cloudfront.net/ Frame C342
415 B
612 B
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/MeFJBZ0obPS8BdQw7JVpySmZ1UHleODIIJAhvBgUnNwQmHT0MByJBPgI2fFdsFDMvAHdeNy8Ed0l0IAMoRWZnEzoXOXwSJBw3Jw4kHTZnEitFPy4dIxQ+IEJ4PmdvV29KYmkQIxY2LhA5XWBxCT5dYHFWelZiZFQIXWBxECMWZHVCeTp3c1cyTmZoQnhIMz-EXJh0lJAUhESZkVQxNYXZJeU53c1diEzo1CiZdYAJCeEg+KAwvXWBxAC8bOS5Ob0piIg84Fz8kQng+Y3FVZEh8dFd6TXx3Vm9KYjIGLBkgKEJ4PmdyUGRLZGcSd0k
Requested by
Host: ustingexcelle.xyz
URL: https://ustingexcelle.xyz/eVZTMWQYNDBcWxhrMRcRCzpuFFY/c2F3ABpjOAkCHmM6XgdBJX1SCBYjN1cWFjgnHwocInYDIjQzFXsmI2Y8UzQqbhFVNQ5hGWcUAAU+a1UsHj9UKz0fGnslESARVjEXGCRgCTECY3wmABwRYQMwZDV3AAoQF3wSOB43VCoAbhZVVBVmGnApFgQEawo8LDxpKyEhAHsmDmUZRlASHgdrCjw/J3c0AGI3eBwoc2FzLTwcZ2EJHSAFA10yDz5aNTAuCgMoERdmaTM7LhBlUR0PG3czHDoJWD4/BxppMzsuFnIpLgwbZyccAiMCB0g1KmUJIzkCXwwwGykcISEcOwEIMxcGWSEqDDhnNQEYCmk+MzMGBFcaZzdYIQM5YnINIzIKcC46MxZWQUsUGHATDw4Ecxw4FWtTKypjHFNUCT8aVlxNECkJDyg4NBRWOw9gdzIjEzsJAD8yZWU8AWUFXF0yDzl4IzUUOFYvPBxnYQkdLwZ2NjUMFFI3HWY4Fw4KOT1BWT40Pn4yHiwkRTEa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
ce8a0a40e1f1cf1997fcc8f47bd8517627927f6782c7b8c0b5ffbbee73142f9c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ustingexcelle.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:52 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=31556926
content-length
335
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
MUtJMCB19XwWDkmQvZ--0zleBcqaigwfyzM11xFBxYPS_ECte1gtzQ==
/
biscussexbug.xyz/
0
37 B
XHR
General
Full URL
https://biscussexbug.xyz/
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/TDFkdGw3ExcDMzlDCFZWblkQABw%2FC0tbGztGUUJCIlAQHA0iUAEYCC1fSgQeIx4FGUE8RBccQS9BF1oGPw4UAQUoDFZFXXkBV0FZalIIHQ8nWABJXn0AUURfeQQ7R19%2FB1BMVWpQCBgOcVkQABw%2FFFc1SX53QUYqIVADDQ45HwoRGGkDIgYJKFgWEQ84WAoTSX53BTw%2BfFIsOVoASF1HCH9SERY7GloFIyohUDw%2BAABcKgIOHwgJFTs0XSgOLj1UCRhfFmYUDg8mVlAXJCgCAA1VH1NWPgQvXV0DNRt%2FFjgBCkYFDVUhUDMMAGkDIhJfdQhXFl96CFYSCX0GXERfeQhSFQ16A1EXCCkEBhEIal4GSQQ4RRQHSX9wQUYqaQMiAxs7A1JaAi1FDBUCLVQIEA0iHxQGA2kDIgQZP1kWEQglQwEXGGkDIlFfCkUJBEl%2FdVVRXnpfAQAbI0MPUV8IAkFGWiVeF1FfCAFBRlo%2FWBARSX91BRAKIEhBRlovFFcwXWkDUgQcJRRXMF59AFFEX3kEQUZaPFINUV8IB1VDWH8BXEdfeRRWQhhpAiBFWnkEVEJZewRQUV56VQEHGGkCIBwYOEEXUV55AiVRXnkDIlFeeQMiGQ0rSAYBQiJUEFFeeQMiBgkoWBYRDzhYChNJfgRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRll%2BdwJHVXUCBkdadQMCEV17CVRHWXUHBRVafgQHEAl5UwEQSi9dBkkEOEUUB0l%2FcEFGKmkDIgMbOwNSWgItRQwVAi1UCBANIh8UBgNpAyIEGT9ZFhEIJUMBFxhpAyJRXwpFCQRJf3VWUV56XwEAGyNDD1FfCAJBRlolXhdRXwgBQUZaP1gQEUl%2FdQUQCiBIQUZaLxRXMF1pA1IEHCUUVzBefQBRRF95BEFGWjxSDVFfCAdVQ1h%2FAVxHX3kUVkIYaQIgRVp5BFRCWXsEUFFeelUBBxhpAiAcGDhBF1FeeQIlUV55AyJRXnkDIhkNK0gGAUIiVBBRXnkDIgYJKFgWEQ84WAoTSX4EVjINBGNUFyQBBygNVX9VVxcZLmYyHw0bdwkVNAZdKBkiOlM3TQEtZhwYIDZzFREBIAI%2BIxw2Ug4TWC95AEcINQg3Fl4GWQcYVTtoMzoeAFwiAw01CAkVOzRdQUZZfncCR1V1AgZHWnUDAhFdewlUR1l1BwUVWn4EBxAJeVMBEEotQgZJBDhFFAdJf3BBRippAyIZDStIBgFCIlQQUV4KQwEQBT5UBwAFIlZBRioteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIUV4KV1dNVX9TV0JVflcBRVt0AVdBVXpQBUJeeVIAEVkuVABWQG5CCRJOdgBIVhgtVjsdCG4LRkxddANcQk5gExcBDhNYAEVOdhNWRV15AVdBWW4dRgcZLm4NEF5uC0ZGXX0EVEdZeW5XR196BVxNTmATBRgALhNeVgQ4RRQHVmMeCRULNVMRWgIpRUsGCShYFhEPOFgKE0MteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIWwp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWAy4TXlYEOEUUB1ZjHhMDG34HShoNOFkFGg0pXQAVAmJBFhtDPEQXHB4pVQ0GCS9FS0sYIUFZRUoiVBADAz5aWUdKJV4XSVxqQg0ACXFQABIANRcHSV1qQRQdUX4AVUFcfwRRUhwvWFlCXXsFV0RUfwJRUhhxAFJBWXwHUUNZeBcAER84DAwAGDxCQUctaQMiUV4KXAUTFS5EShoJOBRWMh4pVQ0GCS9FDRoLaQMiFSQeAQc8IXp9HU1fKAIHAQ4bZw8VOwpcBSwmIH0JOhouYl0ZDRtJCDgWDkABGQB%2FazMEFi9bA0APBFVXEBV1YgZGJiRSCE0bFWYqBiAhdxMVFXVcBSMUIBRWMgp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWDyBTRk5OJEUQBB92HksDGzsDUloCLUUMFQItVAgQDSIfFAYDY0ERBwQ%2BVAAdHilSEFtTOFwUSV5qXwEAGyNDD0lfalgLB1F8FxcdGCkMBRAKIEhCF1F9FxQEBXEDVUVZfAJRQUo8Ug1JWn0GUEdcdAJXQUo4DFVCWXkBUkFbeQVCEAk%2FRVkcGDhBF1FfDRRWMkl%2BdwkVCzVTEVoCKUVBRio%2BVAAdHilSEB0CKxRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRioqAl1NXy4CUk1eKlRVQ1R8AlFNWi1QUkZZL1UBQQ4pVUZYTi1CBlZWblkQABw%2FC0tbAS1WHRYZYl8BAEM%2BVAAdHilSEB0CKx4FPD58Uiw5WgBIXUcIf1IRFjsaWgUjKiFQPD4AAFwqAg4fCAkVOzRdKA4uPVQJGF8WZhQODyZWUBckKAIADVUfU1Y%2BBC9dXQM1G38WOAEKRgUNVSFQMwwAY1dXTVV%2FU1dCVX5XAUVbdAFXQVV6UAVCXnlSABFZLlQAVhE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www56.nathanaeldan.pro/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
content-length
0
/
biscussexbug.xyz/
0
36 B
XHR
General
Full URL
https://biscussexbug.xyz/
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/TDFkdGw3ExcDMzlDCFZWblkQABw%2FC0tbGztGUUJCIlAQHA0iUAEYCC1fSgQeIx4FGUE8RBccQS9BF1oGPw4UAQUoDFZFXXkBV0FZalIIHQ8nWABJXn0AUURfeQQ7R19%2FB1BMVWpQCBgOcVkQABw%2FFFc1SX53QUYqIVADDQ45HwoRGGkDIgYJKFgWEQ84WAoTSX53BTw%2BfFIsOVoASF1HCH9SERY7GloFIyohUDw%2BAABcKgIOHwgJFTs0XSgOLj1UCRhfFmYUDg8mVlAXJCgCAA1VH1NWPgQvXV0DNRt%2FFjgBCkYFDVUhUDMMAGkDIhJfdQhXFl96CFYSCX0GXERfeQhSFQ16A1EXCCkEBhEIal4GSQQ4RRQHSX9wQUYqaQMiAxs7A1JaAi1FDBUCLVQIEA0iHxQGA2kDIgQZP1kWEQglQwEXGGkDIlFfCkUJBEl%2FdVVRXnpfAQAbI0MPUV8IAkFGWiVeF1FfCAFBRlo%2FWBARSX91BRAKIEhBRlovFFcwXWkDUgQcJRRXMF59AFFEX3kEQUZaPFINUV8IB1VDWH8BXEdfeRRWQhhpAiBFWnkEVEJZewRQUV56VQEHGGkCIBwYOEEXUV55AiVRXnkDIlFeeQMiGQ0rSAYBQiJUEFFeeQMiBgkoWBYRDzhYChNJfgRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRll%2BdwJHVXUCBkdadQMCEV17CVRHWXUHBRVafgQHEAl5UwEQSi9dBkkEOEUUB0l%2FcEFGKmkDIgMbOwNSWgItRQwVAi1UCBANIh8UBgNpAyIEGT9ZFhEIJUMBFxhpAyJRXwpFCQRJf3VWUV56XwEAGyNDD1FfCAJBRlolXhdRXwgBQUZaP1gQEUl%2FdQUQCiBIQUZaLxRXMF1pA1IEHCUUVzBefQBRRF95BEFGWjxSDVFfCAdVQ1h%2FAVxHX3kUVkIYaQIgRVp5BFRCWXsEUFFeelUBBxhpAiAcGDhBF1FeeQIlUV55AyJRXnkDIhkNK0gGAUIiVBBRXnkDIgYJKFgWEQ84WAoTSX4EVjINBGNUFyQBBygNVX9VVxcZLmYyHw0bdwkVNAZdKBkiOlM3TQEtZhwYIDZzFREBIAI%2BIxw2Ug4TWC95AEcINQg3Fl4GWQcYVTtoMzoeAFwiAw01CAkVOzRdQUZZfncCR1V1AgZHWnUDAhFdewlUR1l1BwUVWn4EBxAJeVMBEEotQgZJBDhFFAdJf3BBRippAyIZDStIBgFCIlQQUV4KQwEQBT5UBwAFIlZBRioteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIUV4KV1dNVX9TV0JVflcBRVt0AVdBVXpQBUJeeVIAEVkuVABWQG5CCRJOdgBIVhgtVjsdCG4LRkxddANcQk5gExcBDhNYAEVOdhNWRV15AVdBWW4dRgcZLm4NEF5uC0ZGXX0EVEdZeW5XR196BVxNTmATBRgALhNeVgQ4RRQHVmMeCRULNVMRWgIpRUsGCShYFhEPOFgKE0MteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIWwp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWAy4TXlYEOEUUB1ZjHhMDG34HShoNOFkFGg0pXQAVAmJBFhtDPEQXHB4pVQ0GCS9FS0sYIUFZRUoiVBADAz5aWUdKJV4XSVxqQg0ACXFQABIANRcHSV1qQRQdUX4AVUFcfwRRUhwvWFlCXXsFV0RUfwJRUhhxAFJBWXwHUUNZeBcAER84DAwAGDxCQUctaQMiUV4KXAUTFS5EShoJOBRWMh4pVQ0GCS9FDRoLaQMiFSQeAQc8IXp9HU1fKAIHAQ4bZw8VOwpcBSwmIH0JOhouYl0ZDRtJCDgWDkABGQB%2FazMEFi9bA0APBFVXEBV1YgZGJiRSCE0bFWYqBiAhdxMVFXVcBSMUIBRWMgp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWDyBTRk5OJEUQBB92HksDGzsDUloCLUUMFQItVAgQDSIfFAYDY0ERBwQ%2BVAAdHilSEFtTOFwUSV5qXwEAGyNDD0lfalgLB1F8FxcdGCkMBRAKIEhCF1F9FxQEBXEDVUVZfAJRQUo8Ug1JWn0GUEdcdAJXQUo4DFVCWXkBUkFbeQVCEAk%2FRVkcGDhBF1FfDRRWMkl%2BdwkVCzVTEVoCKUVBRio%2BVAAdHilSEB0CKxRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRioqAl1NXy4CUk1eKlRVQ1R8AlFNWi1QUkZZL1UBQQ4pVUZYTi1CBlZWblkQABw%2FC0tbAS1WHRYZYl8BAEM%2BVAAdHilSEB0CKx4FPD58Uiw5WgBIXUcIf1IRFjsaWgUjKiFQPD4AAFwqAg4fCAkVOzRdKA4uPVQJGF8WZhQODyZWUBckKAIADVUfU1Y%2BBC9dXQM1G38WOAEKRgUNVSFQMwwAY1dXTVV%2FU1dCVX5XAUVbdAFXQVV6UAVCXnlSABFZLlQAVhE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www56.nathanaeldan.pro/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
content-length
0
/
www26.nathanaeldan.pro/pushredirect/
118 B
373 B
Document
General
Full URL
https://www26.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/TDFkdGw3ExcDMzlDCFZWblkQABw%2FC0tbGztGUUJCIlAQHA0iUAEYCC1fSgQeIx4FGUE8RBccQS9BF1oGPw4UAQUoDFZFXXkBV0FZalIIHQ8nWABJXn0AUURfeQQ7R19%2FB1BMVWpQCBgOcVkQABw%2FFFc1SX53QUYqIVADDQ45HwoRGGkDIgYJKFgWEQ84WAoTSX53BTw%2BfFIsOVoASF1HCH9SERY7GloFIyohUDw%2BAABcKgIOHwgJFTs0XSgOLj1UCRhfFmYUDg8mVlAXJCgCAA1VH1NWPgQvXV0DNRt%2FFjgBCkYFDVUhUDMMAGkDIhJfdQhXFl96CFYSCX0GXERfeQhSFQ16A1EXCCkEBhEIal4GSQQ4RRQHSX9wQUYqaQMiAxs7A1JaAi1FDBUCLVQIEA0iHxQGA2kDIgQZP1kWEQglQwEXGGkDIlFfCkUJBEl%2FdVVRXnpfAQAbI0MPUV8IAkFGWiVeF1FfCAFBRlo%2FWBARSX91BRAKIEhBRlovFFcwXWkDUgQcJRRXMF59AFFEX3kEQUZaPFINUV8IB1VDWH8BXEdfeRRWQhhpAiBFWnkEVEJZewRQUV56VQEHGGkCIBwYOEEXUV55AiVRXnkDIlFeeQMiGQ0rSAYBQiJUEFFeeQMiBgkoWBYRDzhYChNJfgRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRll%2BdwJHVXUCBkdadQMCEV17CVRHWXUHBRVafgQHEAl5UwEQSi9dBkkEOEUUB0l%2FcEFGKmkDIgMbOwNSWgItRQwVAi1UCBANIh8UBgNpAyIEGT9ZFhEIJUMBFxhpAyJRXwpFCQRJf3VWUV56XwEAGyNDD1FfCAJBRlolXhdRXwgBQUZaP1gQEUl%2FdQUQCiBIQUZaLxRXMF1pA1IEHCUUVzBefQBRRF95BEFGWjxSDVFfCAdVQ1h%2FAVxHX3kUVkIYaQIgRVp5BFRCWXsEUFFeelUBBxhpAiAcGDhBF1FeeQIlUV55AyJRXnkDIhkNK0gGAUIiVBBRXnkDIgYJKFgWEQ84WAoTSX4EVjINBGNUFyQBBygNVX9VVxcZLmYyHw0bdwkVNAZdKBkiOlM3TQEtZhwYIDZzFREBIAI%2BIxw2Ug4TWC95AEcINQg3Fl4GWQcYVTtoMzoeAFwiAw01CAkVOzRdQUZZfncCR1V1AgZHWnUDAhFdewlUR1l1BwUVWn4EBxAJeVMBEEotQgZJBDhFFAdJf3BBRippAyIZDStIBgFCIlQQUV4KQwEQBT5UBwAFIlZBRioteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIUV4KV1dNVX9TV0JVflcBRVt0AVdBVXpQBUJeeVIAEVkuVABWQG5CCRJOdgBIVhgtVjsdCG4LRkxddANcQk5gExcBDhNYAEVOdhNWRV15AVdBWW4dRgcZLm4NEF5uC0ZGXX0EVEdZeW5XR196BVxNTmATBRgALhNeVgQ4RRQHVmMeCRULNVMRWgIpRUsGCShYFhEPOFgKE0MteTZEDwR8UjgVdQIARw85UzMiBy1mIhkNFHsIOAECRwYnVSFQMwwAAEsmBQkhXVcuOzxLBx4LeFIsEF8oSF0nDn57DBcAdUY9IyI%2BfQkyGy1IXRkNG0kIWwp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWAy4TXlYEOEUUB1ZjHhMDG34HShoNOFkFGg0pXQAVAmJBFhtDPEQXHB4pVQ0GCS9FS0sYIUFZRUoiVBADAz5aWUdKJV4XSVxqQg0ACXFQABIANRcHSV1qQRQdUX4AVUFcfwRRUhwvWFlCXXsFV0RUfwJRUhhxAFJBWXwHUUNZeBcAER84DAwAGDxCQUctaQMiUV4KXAUTFS5EShoJOBRWMh4pVQ0GCS9FDRoLaQMiFSQeAQc8IXp9HU1fKAIHAQ4bZw8VOwpcBSwmIH0JOhouYl0ZDRtJCDgWDkABGQB%2FazMEFi9bA0APBFVXEBV1YgZGJiRSCE0bFWYqBiAhdxMVFXVcBSMUIBRWMgp%2FCF1HDn8HXUYKKQBTTFx%2FBF1CDS0HVkEPKFRRFgkoE0hWDyBTRk5OJEUQBB92HksDGzsDUloCLUUMFQItVAgQDSIfFAYDY0ERBwQ%2BVAAdHilSEFtTOFwUSV5qXwEAGyNDD0lfalgLB1F8FxcdGCkMBRAKIEhCF1F9FxQEBXEDVUVZfAJRQUo8Ug1JWn0GUEdcdAJXQUo4DFVCWXkBUkFbeQVCEAk%2FRVkcGDhBF1FfDRRWMkl%2BdwkVCzVTEVoCKUVBRio%2BVAAdHilSEB0CKxRWMg0EY1QXJAEHKA1Vf1VXFxkuZjIfDRt3CRU0Bl0oGSI6UzdNAS1mHBggNnMVEQEgAj4jHDZSDhNYL3kARwg1CDcWXgZZBxhVO2gzOh4AXCIDDTUICRU7NF1BRioqAl1NXy4CUk1eKlRVQ1R8AlFNWi1QUkZZL1UBQQ4pVUZYTi1CBlZWblkQABw%2FC0tbAS1WHRYZYl8BAEM%2BVAAdHilSEB0CKx4FPD58Uiw5WgBIXUcIf1IRFjsaWgUjKiFQPD4AAFwqAg4fCAkVOzRdKA4uPVQJGF8WZhQODyZWUBckKAIADVUfU1Y%2BBC9dXQM1G38WOAEKRgUNVSFQMwwAY1dXTVV%2FU1dCVX5XAUVbdAFXQVV6UAVCXnlSABFZLlQAVhE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.27
Resource Hash

Request headers

Referer
https://www56.nathanaeldan.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
71a55754ba82ca67-YUL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:52 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L8h4OBKEhzD4p30FIETvTK2XdxyRgLbLiMfzXGjRRPZslJxHA%2BWQtHSjonN7jht2Wk9WM%2B2D%2FQCyeIttD6rKrLLa%2FPFnp7sRbJFMO7vqM1I2YR5o7ElLvOqmUaBzJS%2Bwylg5xbxDdn7%2FEmPYZ4qiMg2Mo%2Bxn"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed
popunder.gif
quiremuken.xyz/
35 B
628 B
Image
General
Full URL
https://quiremuken.xyz/popunder.gif
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www56.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Sun, 12 Jun 2022 20:29:52 GMT
cf-cache-status
HIT
last-modified
Sat, 11 Jun 2022 01:00:15 GMT
server
cloudflare
age
156577
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bK6MlNBeFt3ylkUByW5YVGyA0j8qdsZO4AM6nTnquxNumXvtyl2EI01EOyYuE2pTdSIJoM%2BqrqqRdBJ4O00Efp6fRxxJkmfPsuSll3JGK2MxjfRWFkXqjY3EBb64Xgv0tnuGFr5Xm4Huc0nu6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
71a55754efefecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
T2x3QnlgUxQxRB00Hw0ofSJFFhd2XSIKHQQJPxAoKzkfZ0sJCUYXXzsFE39BfVhDdUppHB4mRHxeUTENLhgCMUR9XEd1XyYCES1EfUoBf0lhVFl6V31KAn9PeFlDckh8XER0SnhdRnBfOxwWJUR+Sgc2DSNRRnRMelxBd052Xk9ySA
quiremuken.xyz/
0
0

floater
ustingexcelle.xyz/
0
0

/
www21.nathanaeldan.pro/pushredirect/
Redirect Chain
  • https://www56.nathanaeldan.pro/pushredirect/?network=3&site=adfly&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBq...
  • https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJl...
6 KB
3 KB
Document
General
Full URL
https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.27
Resource Hash
990b0d39b0b7d246a3640bc848812d320581f4caf8f2e95236dece81f9ce3b2c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
71a55755fc5bca67-YUL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:53 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BNkyI3Tcy1%2FZ5O5vcsxXH9LiRytVChcSx0s%2FF0agUB9o0WtfXjWyeqvhF7nK2ATF5BqubDcGMBHXJN4RrZmCcZlDeKKjOiyHGkMAlHOMf46DYD1gXdFJF37AsdGjU8N2jWz0FPvOo82u7lwAQC9ucB5hRPey"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
71a5575558a17133-YUL
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:52 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nPTvf1WydwUhsLU%2Figj0GI0eBMR3zan9oE9a%2FuFs4BWdHtD46HMYdByP9XjJGqsPIwWQGT%2FsELmQx65qHnzv2d8w3kB3IBsQEPKnTSM%2FEntGdPqYQ9YwqzaLqUB5Q6I475lQjJGtCnUsHLmai2Sm9Wn0YUHG"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed
/
dc5k8fg5ioc8s.cloudfront.net/
163 KB
49 KB
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by
Host: www21.nathanaeldan.pro
URL: https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
7e6d4d8801a8144849709f2ae050ef40e951c40c3ee38dd4536b406f1e503962

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:53 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length
49631
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
wAYtvE0i5LtQ4cLtGbOfLt3yWU8qE1bB-lhzH9In8i_KxAhmkjKJgw==
logo.png
www21.nathanaeldan.pro/static/image/
10 KB
11 KB
Image
General
Full URL
https://www21.nathanaeldan.pro/static/image/logo.png
Requested by
Host: www21.nathanaeldan.pro
URL: https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10726
last-modified
Tue, 10 Nov 2020 09:44:06 GMT
server
cloudflare
etag
"29e6-5faa60e6-b22ed065d915c717;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1BgH6H47KTOd%2Be9sanMSw1VVYa80dCy5Yvdn%2F%2FT0i3Y8zAOo%2FcJTT%2FOweGVTSIsYroWTpJgWbzcrBPPmenYbYBx9v5mdc2q82cuofOaDkLdYbIC%2BaDj9Ib%2FeBVIYUuz7giqosVHUuVsw2P%2FK1brfRgzWd9su"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
71a557567a7c7133-YUL
expires
Sun, 19 Jun 2022 20:29:53 GMT
17a72af7-7cb1-4f49-bce5-18314b016d6d
player.ex.co/player/
0
95 B
Script
General
Full URL
https://player.ex.co/player/17a72af7-7cb1-4f49-bce5-18314b016d6d
Requested by
Host: www21.nathanaeldan.pro
URL: https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
via
1.1 varnish, 1.1 varnish
age
53658
x-cache
HIT, HIT
access-control-max-age
600
content-length
0
x-served-by
cache-iad-kcgs7200127-IAD, cache-yul12827-YUL
server
nginx
x-timer
S1655065793.043939,VS0,VE1
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
vary
x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot, x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-pb-reason
requested id was blocked
accept-ranges
bytes
access-control-allow-headers
Accept, Authorization, Content-Type
x-cache-hits
1, 3
am-push-cps.js
www21.nathanaeldan.pro/
92 KB
39 KB
Script
General
Full URL
https://www21.nathanaeldan.pro/am-push-cps.js?puid=21150355&clickid=21150355_5033145&allb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed&ob=https%3A%2F%2Fwww23.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&clb=https%3A%2F%2Fwww23.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&asb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Requested by
Host: www21.nathanaeldan.pro
URL: https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1748a4dc17a0c9ce36d1653df23a75281d05842c3266452fd7bd01ed5351ebfe

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 10 Nov 2020 09:44:06 GMT
server
cloudflare
etag
W/"171ce-5faa60e6-c109d6004d840eb5;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AruE0JgunJL8gYjOtjBa8aigh4GeGyeftYnPZWCZDyKOBdymNujzIB9H9OMEUOceUVd71PEN5bRCG6VxoUAniwpNsU2%2F0c6OupkMzuhN%2BqMbDGJExsda8p0TChsd14wYQTz5wHElXfXtiffo6nTiHIsutK%2Bj"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
71a557568a967133-YUL
expires
Sun, 19 Jun 2022 20:27:23 GMT
bWVXelcWRyQNCBgXO1htTw0jDiceX3hVIBoSZUt5AwQjEjYDBDIWMwwLeQolAko2F3odECQSeg4VJFQ9HlonDz4JWGVLZlhVZE9iSwY7EzQGDDNHZVxUYkpkWFAIT2deVmZOYksEOxY1UA0jDiceQGQ7cl8jckgRAAQwAzUYSzkfI0hXEQgyCQwlHzQZDDkdcl8jN...
sinaunrelean.info/
59 KB
24 KB
Script
General
Full URL
https://sinaunrelean.info/bWVXelcWRyQNCBgXO1htTw0jDiceX3hVIBoSZUt5AwQjEjYDBDIWMwwLeQolAko2F3odECQSeg4VJFQ9HlonDz4JWGVLZlhVZE9iSwY7EzQGDDNHZVxUYkpkWFAIT2deVmZOYksEOxY1UA0jDiceQGQ7cl8jckgRAAQwAzUYSzkfI0hXEQgyCQwlHzQZDDkdcl8jNjIFXQYfN2EhHG5JM14GIhgAOw42LREABA8wOyEIGQw1Plw6GwAVCRsAFRwAOhZkNzInADQHAmMZHwlWMwNuPgdlMD8OCW4NDjorJTY6KxI2A24ABAACO0hXERxkVFxkGGRbXGUcMlxSb0pkWFxhGzZbV2IZMwhQNR8zSwo1Rz8ZEScJcl4kckgRSFcRDSAaV2RUOQwRPxs5DAA7HjYDSycIOEhXEQoiHg0lHzMEFzIZI0hXEV9kKxE6CnJeIWZfZVsLMg4gAhc8X2QpVnJIYQQKJF9kKVVySGEeDCMfcl4hNh4xARxySGEOQGQ%2BZUhXYQonBEBkPmVcVGJKZFhQckhhHQY%2BX2QpU2ZNY15Vb0lkWEBlTCNIVhNLYVhQZ0xiWlBjX2VbATIJI0hWExIjGRUkX2VYVhZfZVhXEV9lWFcRFzYKHDUPeQMAI19lWFcRCDIJDCUfNBkMOR1yX1BlPDYlN2cZHyBTGwNuXgFkGSIPMgERNjojOhsPJwkbFxkbBwRDOgwyLxYbFycmHzoBVg0tJxcGPR1jDi0zSTMUXAQYZScNNBZuGjwANCUhCBENNhRcOhsAFQlySGJfIzFJblRWNUlhVFcxH2ZaXWdJYlRTNhthX1A0HjJYBzIecQ4JNUc%2FGREnCXJeJHJIEUhXEQ0gGldkVDkMET8bOQwAOx42A0snCDhIVxEKIh4NJR8zBBcyGSNIVxFfZCsROgpyXiFlX2VbCzIOIAIXPF9kKVZySGEECiRfZClVckhhHgwjH3JeITYeMQEcckhhDkBkPmVIV2EKJwRAZD5lXFRiSmRYUHJIYR0GPl9kKVNmTWNeVW9JZFhAZUwjSFYTS2FYUGdMYlpQY19lWwEyCSNIVhMSIxkVJF9lWFYWX2VYVxFfZVhXERc2Chw1D3kDACNfZVhXEQgyCQwlHzQZDDkdcl9QZTw2JTdnGR8gUxsDbl4BZBkiDzIBETY6IzobDycJGxcZGwcEQzoMMi8WGxcnJh86AVYNLScXBj0dYw4tM0kzFFwEGGUnDTQWbho8ADQlIQgRDTYUXDobABUJckhiXyMxSW5UVjVJYVRXMR9mWl1nSWJUUzYbYV9QNB4yWAcyHnEMFjVHPxkRJwlyXiRySBFIVxEXNgocNQ95AwAjX2UrFzIePh8ANA4%2BAwJySBEMLQVKNCUoYTYuVFYzSTQYBwAsPAwyERc2NS87NjojEzUpbgAEAAI7IR8VCzIACWQgAB0fNBAwWQYfHmQJHG4pNV8vPxk7VBIOLRkfKTo8IAwcbhc2Oh07X2UrA2RDbl4HZExuXwMyS2BVVWRPblsENkxlWAYzH2IPADNYe08WOhx1V1R7WCMMAggTM09fdUJmVVdvTHVBRyQPNTIMM0t1V0dlS2ZYVWRPYk9JdQkiDzo%2BHmVPX3VIZlxQZ0liWDpiSmReVGNPdUFHNhY7D0dtWD8ZEScJbUJKOhswFAciVDkIEXgIMgkMJR80GQw5HXgMLQVKNCUoYTYuVFYzSTQYBwAsPAwyERc2NS87NjojEzUpbgAEAAI7IR8VCzIACWQgAB0fNBAwWQYfHmQJHG4pNV8vPxk7VBIOLRkfKTo8IAwcbhc2Oh07VTFeXG5JNV5TbkgxCFRgQmdeUG5MNgxTZU80CQBiGDIJR3tYOA9HbVg%2FGREnCW1CSiANIF9WeRQ2GQ02FDYICTMbOUMVJRV4HRAkEiUIAT4IMg4ReEUjABVqS3EDACMNOB8OaklxBAokR2dLFj4OMlAEMxw7FEM0R2VLFScTal9UZk9nXlBiXCcODGpMZlpRZEpvXlZiXCNQVGFPYl1TYk1iWUMzHyQZWD8OIx0WckkWSFcRX2UrCDYdLg8QeRQyGUBlPCUIAT4IMg4RPhQwSFcRGx8%2FVTQyGlspLkNkCVY0DzU6MzwbACsINiIdASk6NCEPNm4XNjodOzYtLxQyFztePwAKLQ4PME40JQFkHi5UNjVIHQUGO0MgNDIZCBsAIyAbLlQINi0vAUBlPDFeXG5JNV5TbkgxCFRgQmdeUG5MNgxTZU80CQBiGDIJR3tYNAEHdUB1BREjCiRXSngNIBpXZFQ5DBE%2FGzkMADseNgNLJwg4QhUiCT8fADMTJQgGI1VoGQgnR2VLCzIOIAIXPEdkSww4CWpdQyQTIwhYNh4xARxxGWpfQycKPlBXZktiXVZiT3EdBj5HYVxSY0lnVVZkT3EZWGZMYlhVYU9gWFFxHjIeEWoSIxkVJF9kLEBlPHJfIzobMBQHIlQ5CBFySBEfADMTJQgGIxM5CkBlPDYlN2cZHyBTGwNuXgFkGSIPMgERNjojOhsPJwkbFxkbBwRDOgwyLxYbFycmHzoBVg0tJxcGPR1jDi0zSTMUXAQYZScNNBZuGjwANCUhCBENNhRcOhsAFQlySBELVm5DZA9WYUNlCwBmTW9dVmJDYQwEYUhiDgEyTzUIAXVWdQwWNVhtTw0jDiceX3hVOgwCLhgiQwsyDngfADMTJQgGIxM5Cko2MgVdBh83YSEcbkkzXgYiGAA7DjYtEQAEDzA7IQgZDDU%2BXDobABUJGwAVHAA6FmQ3MicANAcCYxkfCVYzA24%2BB2UwPw4Jbg0OOislNjorEjYDbgAEAAI7QgNkQ25eB2RMbl8DMktgVVVkT25bBDZMZVgGMx9iDwAzWCo
Requested by
Host: www21.nathanaeldan.pro
URL: https://www21.nathanaeldan.pro/am-push-cps.js?puid=21150355&clickid=21150355_5033145&allb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed&ob=https%3A%2F%2Fwww23.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&clb=https%3A%2F%2Fwww23.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D2%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&asb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/ Express
Resource Hash
614eab3e9aad0a32ea74caea66a05c9d137034f7c9a0bde69a26284bc9cd9d88

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"eb48-VFjL159KuCw10KKQfjLQDo/Ki9s"
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
asd100.bin
freychang.fun/
100 KB
101 KB
Fetch
General
Full URL
https://freychang.fun/asd100.bin
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
access-control-allow-methods
GET
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sun, 12 Jun 2022 17:57:07 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eyb1G8PW96VCqs0eC92x45Qn6HT62QKUoaXMUw9L8H2SBflBGAS6Xs2mCWZD63Wxtl5pqmGaq%2FnZi4eIjgFYWwIaVgMdK3atTLgdy%2F%2BBGhX50qJSHz2UsMnExoThDYapyqy1HIOGL%2F9AeoA7"}],"group":"cf-nel","max_age":604800}
content-type
binary/octet-stream
access-control-allow-origin
https://www21.nathanaeldan.pro
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
71a55757693dece2-YUL
access-control-allow-headers
X-Requested-With, content-type
/
freychang.fun/
26 B
662 B
Fetch
General
Full URL
https://freychang.fun/
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd5e6093c607e9b1b2906aa2f746ce4bc2dac857f095e86bcc45e33a9c4b0793

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
https://www21.nathanaeldan.pro
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BvtBvJvMTuTf0mg6qyC2W%2FfbKm368LOxSb3W9GM2lC%2FzN8sSKJWuioe0wlalxvVIvgsNkTl%2BDr3F%2B4MD%2FUJ%2B3FYb2Vyli%2BMVxN387MFWD2WiqiuEuOKjYifdDFzgSggxbTiTQoyh1xGKiVl9"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
71a557576940ece2-YUL
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
ustingexcelle.xyz/
0
494 B
XHR
General
Full URL
https://ustingexcelle.xyz/utx?cb=bnIv4LlTxx40&top=www21.nathanaeldan.pro&tid=824473
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:53 GMT
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www21.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
5Ic0c1ttYxvbppzJghzI7H1Z-KwXsn1PjMF1uug_1pGTH5KDrTe6oQ==
YVBiZg5AQllGNl0UDkIbRTZbWSxRAUoN
ustingexcelle.xyz/NVkzZDNUO1AJDFRkUUJGRzUOQQFzfAEiV1ZsWFxVUmxaC1ANKh0HX1osVwJBWjdHSl1QLRZWdQQOWBcHbwFiUXlzAHc3SgEwayJbeDh7XH5gMldcemAqeCNaRWtnHVB2GnAqZnAbakEBcxRUJnd0GnIScWMPYCpaRQ5yD18NFV89dGYORxB... Frame 6CB3
3 KB
2 KB
Document
General
Full URL
https://ustingexcelle.xyz/NVkzZDNUO1AJDFRkUUJGRzUOQQFzfAEiV1ZsWFxVUmxaC1ANKh0HX1osVwJBWjdHSl1QLRZWdQQOWBcHbwFiUXlzAHc3SgEwayJbeDh7XH5gMldcemAqeCNaRWtnHVB2GnAqZnAbakEBcxRUJnd0GnIScWMPYCpaRQ5yD18NFV89dGYORxBkZBxkPgANPHY1YgQQcjFicjMHEWtSLlI0Sg08diZlWxNfB1V9DWoKZGAbdCx7AQ5lMnVaPEslYH0NYhJlTRB7AgBeEHATcRBrdQFiXQxhLGECEWU9AVNqWC12XWkDAmJNGGEcW0AaXzF+VxELNmJwA0IvWBg+ZSN3DWFrNVBTFElcV2MjeRJWdGB/NgFNLHAIZVYUYCp+dhtbQQFzPGsQcmc0XApmZG1hAgBeEHIMdgAQdQB+YA5bU2RCaXQqYG89YiFqVjxUDGtiNEMId2MPdgYBYBZlInVaPAMXdnAzQFFmYBt0LHsBFWYIQ0U/YVBiZg5AQllGNl0UDkIbRTZbWSxRAUoN
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
dce76037cfaa1a987e66daca923ed29cabaa9b36a12434ce7760ca453a89adf9

Request headers

Referer
https://www21.nathanaeldan.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1229
content-type
text/html
date
Sun, 12 Jun 2022 20:29:53 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
x-amz-cf-id
PKQreLnJoTpW1VwjgxQKzqh2HFKu4h2_8OygKE4eWFGyLc3QmsL1FA==
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
Q1oUJ3pcTkYiJgpVA3Q3GRxeb3ZbXQdicVhfC2F2WFk
quiremuken.xyz/MlJHbWgdbSQeVVBgK1w7SBAmOgNoZwZcHFMAHwIpahQrLw1jC2EZAVZvf19cBmV0SxhbNnpeWhQhMwwcRyF6XE5bPCECVRQkel1GCnx/
0
477 B
Image
General
Full URL
https://quiremuken.xyz/MlJHbWgdbSQeVVBgK1w7SBAmOgNoZwZcHFMAHwIpahQrLw1jC2EZAVZvf19cBmV0SxhbNnpeWhQhMwwcRyF6XE5bPCECVRQkel1GCnx/Q1oUJ3pcTkYiJgpVA3Q3GRxeb3ZbXQdicVhfC2F2WFk
Requested by
Host: www21.nathanaeldan.pro
URL: https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8kAf74b0hzg3EAyynvrK03XIsKubh2o%2FnKjzzgumINobB2H4sIfDZta%2BmR%2BhHpBUbMdHNaqrSweu3zqm8yAfQqSM5u2m%2FxGxsBMrOkRu%2B8H81eQTPh9bys%2B7W817MqcaD0jl7ZPbOizySUgpww%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a557574aaeecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
WFlfSGFERwRNflAVAREoS1BXADsCDUxBeUNUQUZ6QVhCQXpE
quiremuken.xyz/cXBPdmFeTywFXD82CkUwJhcNLwYjChgBIxgyfDQ4M0IKMgJARGkCCBVNd0RVRUd8UBEYFHJFU1cDOxcVBANyRFFBR2kfDxcfckRHB01/
0
479 B
Image
General
Full URL
https://quiremuken.xyz/cXBPdmFeTywFXD82CkUwJhcNLwYjChgBIxgyfDQ4M0IKMgJARGkCCBVNd0RVRUd8UBEYFHJFU1cDOxcVBANyRFFBR2kfDxcfckRHB01/WFlfSGFERwRNflAVAREoS1BXADsCDUxBeUNUQUZ6QVhCQXpE
Requested by
Host: www21.nathanaeldan.pro
URL: https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MerEkghJvoTKQ%2BZQoYrVwEIvi1sgJoNjCttYCNcnady%2FqODV1GgIOSy14X1TF%2B1z4fJhsCfsly%2F590YArL7GvtY4pM%2F4ssP7WhSIYDxe%2BdgUO00r950zzNMBXhqV6%2BZD4DsYvHwxnObyIHbLpg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a557574aafecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
ustingexcelle.xyz/
0
495 B
XHR
General
Full URL
https://ustingexcelle.xyz/utx?tid=818286&top=www21.nathanaeldan.pro&cb=X8FLFaPUkrVG
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/bWVXelcWRyQNCBgXO1htTw0jDiceX3hVIBoSZUt5AwQjEjYDBDIWMwwLeQolAko2F3odECQSeg4VJFQ9HlonDz4JWGVLZlhVZE9iSwY7EzQGDDNHZVxUYkpkWFAIT2deVmZOYksEOxY1UA0jDiceQGQ7cl8jckgRAAQwAzUYSzkfI0hXEQgyCQwlHzQZDDkdcl8jNjIFXQYfN2EhHG5JM14GIhgAOw42LREABA8wOyEIGQw1Plw6GwAVCRsAFRwAOhZkNzInADQHAmMZHwlWMwNuPgdlMD8OCW4NDjorJTY6KxI2A24ABAACO0hXERxkVFxkGGRbXGUcMlxSb0pkWFxhGzZbV2IZMwhQNR8zSwo1Rz8ZEScJcl4kckgRSFcRDSAaV2RUOQwRPxs5DAA7HjYDSycIOEhXEQoiHg0lHzMEFzIZI0hXEV9kKxE6CnJeIWZfZVsLMg4gAhc8X2QpVnJIYQQKJF9kKVVySGEeDCMfcl4hNh4xARxySGEOQGQ%2BZUhXYQonBEBkPmVcVGJKZFhQckhhHQY%2BX2QpU2ZNY15Vb0lkWEBlTCNIVhNLYVhQZ0xiWlBjX2VbATIJI0hWExIjGRUkX2VYVhZfZVhXEV9lWFcRFzYKHDUPeQMAI19lWFcRCDIJDCUfNBkMOR1yX1BlPDYlN2cZHyBTGwNuXgFkGSIPMgERNjojOhsPJwkbFxkbBwRDOgwyLxYbFycmHzoBVg0tJxcGPR1jDi0zSTMUXAQYZScNNBZuGjwANCUhCBENNhRcOhsAFQlySGJfIzFJblRWNUlhVFcxH2ZaXWdJYlRTNhthX1A0HjJYBzIecQ4JNUc%2FGREnCXJeJHJIEUhXEQ0gGldkVDkMET8bOQwAOx42A0snCDhIVxEKIh4NJR8zBBcyGSNIVxFfZCsROgpyXiFlX2VbCzIOIAIXPF9kKVZySGEECiRfZClVckhhHgwjH3JeITYeMQEcckhhDkBkPmVIV2EKJwRAZD5lXFRiSmRYUHJIYR0GPl9kKVNmTWNeVW9JZFhAZUwjSFYTS2FYUGdMYlpQY19lWwEyCSNIVhMSIxkVJF9lWFYWX2VYVxFfZVhXERc2Chw1D3kDACNfZVhXEQgyCQwlHzQZDDkdcl9QZTw2JTdnGR8gUxsDbl4BZBkiDzIBETY6IzobDycJGxcZGwcEQzoMMi8WGxcnJh86AVYNLScXBj0dYw4tM0kzFFwEGGUnDTQWbho8ADQlIQgRDTYUXDobABUJckhiXyMxSW5UVjVJYVRXMR9mWl1nSWJUUzYbYV9QNB4yWAcyHnEMFjVHPxkRJwlyXiRySBFIVxEXNgocNQ95AwAjX2UrFzIePh8ANA4%2BAwJySBEMLQVKNCUoYTYuVFYzSTQYBwAsPAwyERc2NS87NjojEzUpbgAEAAI7IR8VCzIACWQgAB0fNBAwWQYfHmQJHG4pNV8vPxk7VBIOLRkfKTo8IAwcbhc2Oh07X2UrA2RDbl4HZExuXwMyS2BVVWRPblsENkxlWAYzH2IPADNYe08WOhx1V1R7WCMMAggTM09fdUJmVVdvTHVBRyQPNTIMM0t1V0dlS2ZYVWRPYk9JdQkiDzo%2BHmVPX3VIZlxQZ0liWDpiSmReVGNPdUFHNhY7D0dtWD8ZEScJbUJKOhswFAciVDkIEXgIMgkMJR80GQw5HXgMLQVKNCUoYTYuVFYzSTQYBwAsPAwyERc2NS87NjojEzUpbgAEAAI7IR8VCzIACWQgAB0fNBAwWQYfHmQJHG4pNV8vPxk7VBIOLRkfKTo8IAwcbhc2Oh07VTFeXG5JNV5TbkgxCFRgQmdeUG5MNgxTZU80CQBiGDIJR3tYOA9HbVg%2FGREnCW1CSiANIF9WeRQ2GQ02FDYICTMbOUMVJRV4HRAkEiUIAT4IMg4ReEUjABVqS3EDACMNOB8OaklxBAokR2dLFj4OMlAEMxw7FEM0R2VLFScTal9UZk9nXlBiXCcODGpMZlpRZEpvXlZiXCNQVGFPYl1TYk1iWUMzHyQZWD8OIx0WckkWSFcRX2UrCDYdLg8QeRQyGUBlPCUIAT4IMg4RPhQwSFcRGx8%2FVTQyGlspLkNkCVY0DzU6MzwbACsINiIdASk6NCEPNm4XNjodOzYtLxQyFztePwAKLQ4PME40JQFkHi5UNjVIHQUGO0MgNDIZCBsAIyAbLlQINi0vAUBlPDFeXG5JNV5TbkgxCFRgQmdeUG5MNgxTZU80CQBiGDIJR3tYNAEHdUB1BREjCiRXSngNIBpXZFQ5DBE%2FGzkMADseNgNLJwg4QhUiCT8fADMTJQgGI1VoGQgnR2VLCzIOIAIXPEdkSww4CWpdQyQTIwhYNh4xARxxGWpfQycKPlBXZktiXVZiT3EdBj5HYVxSY0lnVVZkT3EZWGZMYlhVYU9gWFFxHjIeEWoSIxkVJF9kLEBlPHJfIzobMBQHIlQ5CBFySBEfADMTJQgGIxM5CkBlPDYlN2cZHyBTGwNuXgFkGSIPMgERNjojOhsPJwkbFxkbBwRDOgwyLxYbFycmHzoBVg0tJxcGPR1jDi0zSTMUXAQYZScNNBZuGjwANCUhCBENNhRcOhsAFQlySBELVm5DZA9WYUNlCwBmTW9dVmJDYQwEYUhiDgEyTzUIAXVWdQwWNVhtTw0jDiceX3hVOgwCLhgiQwsyDngfADMTJQgGIxM5Cko2MgVdBh83YSEcbkkzXgYiGAA7DjYtEQAEDzA7IQgZDDU%2BXDobABUJGwAVHAA6FmQ3MicANAcCYxkfCVYzA24%2BB2UwPw4Jbg0OOislNjorEjYDbgAEAAI7QgNkQ25eB2RMbl8DMktgVVVkT25bBDZMZVgGMx9iDwAzWCo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www21.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:53 GMT
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www21.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
n6THdvyA0WJwx67RqZSoW6YMsnLozcouyEofiQQZ6_O_cOtNHX2VGA==
eXtARmonUQ4Rf3kIAhE5IFdMUWh7Ww0GNSZdQEYceghXWmplDVVEb2UOVFFoe0sEEjs5UUBGHH4LUlppfR4QSWs
dc5k8fg5ioc8s.cloudfront.net/1Wks4ZXQ5JFYDSy4iXFhMaH8MUkd8IUsKGip2TycCCCNUEBY/MgBDACAvBVVSNipWAkl8LlYGSWttWQEWZ38eEQQ1IAUQGj4uXgwaPy8eEBVnJlcfHTYnWUBGHH4WVVFoexASHTQvVxIHf3kICwB/eQhURHR7HVY2f3kIEh0... Frame 6CB3
415 B
614 B
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/1Wks4ZXQ5JFYDSy4iXFhMaH8MUkd8IUsKGip2TycCCCNUEBY/MgBDACAvBVVSNipWAkl8LlYGSWttWQEWZ38eEQQ1IAUQGj4uXgwaPy8eEBVnJlcfHTYnWUBGHH4WVVFoexASHTQvVxIHf3kICwB/eQhURHR7HVY2f3kIEh00fQxARxhuClUMbH8RQEZqKk-gVGD88XQcfMz8dVzJveA9LR2xuClVcMSNMCBh/eXtARmonUQ4Rf3kIAhE5IFdMUWh7Ww0GNSZdQEYceghXWmplDVVEb2UOVFFoe0sEEjs5UUBGHH4LUlppfR4QSWs
Requested by
Host: ustingexcelle.xyz
URL: https://ustingexcelle.xyz/NVkzZDNUO1AJDFRkUUJGRzUOQQFzfAEiV1ZsWFxVUmxaC1ANKh0HX1osVwJBWjdHSl1QLRZWdQQOWBcHbwFiUXlzAHc3SgEwayJbeDh7XH5gMldcemAqeCNaRWtnHVB2GnAqZnAbakEBcxRUJnd0GnIScWMPYCpaRQ5yD18NFV89dGYORxBkZBxkPgANPHY1YgQQcjFicjMHEWtSLlI0Sg08diZlWxNfB1V9DWoKZGAbdCx7AQ5lMnVaPEslYH0NYhJlTRB7AgBeEHATcRBrdQFiXQxhLGECEWU9AVNqWC12XWkDAmJNGGEcW0AaXzF+VxELNmJwA0IvWBg+ZSN3DWFrNVBTFElcV2MjeRJWdGB/NgFNLHAIZVYUYCp+dhtbQQFzPGsQcmc0XApmZG1hAgBeEHIMdgAQdQB+YA5bU2RCaXQqYG89YiFqVjxUDGtiNEMId2MPdgYBYBZlInVaPAMXdnAzQFFmYBt0LHsBFWYIQ0U/YVBiZg5AQllGNl0UDkIbRTZbWSxRAUoN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
04c057f8238a64d86fa99e098e8fee7ae0a8033d9a0a7d2487ce598fefb32b65

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ustingexcelle.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=31556926
content-length
336
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
3BvTg8zyofP16W2yVNVXw9VB1jzIE28ET6Cvrq13YyLzFN4wZrriWQ==
/
biscussexbug.xyz/
0
36 B
XHR
General
Full URL
https://biscussexbug.xyz/
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/bWVXelcWRyQNCBgXO1htTw0jDiceX3hVIBoSZUt5AwQjEjYDBDIWMwwLeQolAko2F3odECQSeg4VJFQ9HlonDz4JWGVLZlhVZE9iSwY7EzQGDDNHZVxUYkpkWFAIT2deVmZOYksEOxY1UA0jDiceQGQ7cl8jckgRAAQwAzUYSzkfI0hXEQgyCQwlHzQZDDkdcl8jNjIFXQYfN2EhHG5JM14GIhgAOw42LREABA8wOyEIGQw1Plw6GwAVCRsAFRwAOhZkNzInADQHAmMZHwlWMwNuPgdlMD8OCW4NDjorJTY6KxI2A24ABAACO0hXERxkVFxkGGRbXGUcMlxSb0pkWFxhGzZbV2IZMwhQNR8zSwo1Rz8ZEScJcl4kckgRSFcRDSAaV2RUOQwRPxs5DAA7HjYDSycIOEhXEQoiHg0lHzMEFzIZI0hXEV9kKxE6CnJeIWZfZVsLMg4gAhc8X2QpVnJIYQQKJF9kKVVySGEeDCMfcl4hNh4xARxySGEOQGQ%2BZUhXYQonBEBkPmVcVGJKZFhQckhhHQY%2BX2QpU2ZNY15Vb0lkWEBlTCNIVhNLYVhQZ0xiWlBjX2VbATIJI0hWExIjGRUkX2VYVhZfZVhXEV9lWFcRFzYKHDUPeQMAI19lWFcRCDIJDCUfNBkMOR1yX1BlPDYlN2cZHyBTGwNuXgFkGSIPMgERNjojOhsPJwkbFxkbBwRDOgwyLxYbFycmHzoBVg0tJxcGPR1jDi0zSTMUXAQYZScNNBZuGjwANCUhCBENNhRcOhsAFQlySGJfIzFJblRWNUlhVFcxH2ZaXWdJYlRTNhthX1A0HjJYBzIecQ4JNUc%2FGREnCXJeJHJIEUhXEQ0gGldkVDkMET8bOQwAOx42A0snCDhIVxEKIh4NJR8zBBcyGSNIVxFfZCsROgpyXiFlX2VbCzIOIAIXPF9kKVZySGEECiRfZClVckhhHgwjH3JeITYeMQEcckhhDkBkPmVIV2EKJwRAZD5lXFRiSmRYUHJIYR0GPl9kKVNmTWNeVW9JZFhAZUwjSFYTS2FYUGdMYlpQY19lWwEyCSNIVhMSIxkVJF9lWFYWX2VYVxFfZVhXERc2Chw1D3kDACNfZVhXEQgyCQwlHzQZDDkdcl9QZTw2JTdnGR8gUxsDbl4BZBkiDzIBETY6IzobDycJGxcZGwcEQzoMMi8WGxcnJh86AVYNLScXBj0dYw4tM0kzFFwEGGUnDTQWbho8ADQlIQgRDTYUXDobABUJckhiXyMxSW5UVjVJYVRXMR9mWl1nSWJUUzYbYV9QNB4yWAcyHnEMFjVHPxkRJwlyXiRySBFIVxEXNgocNQ95AwAjX2UrFzIePh8ANA4%2BAwJySBEMLQVKNCUoYTYuVFYzSTQYBwAsPAwyERc2NS87NjojEzUpbgAEAAI7IR8VCzIACWQgAB0fNBAwWQYfHmQJHG4pNV8vPxk7VBIOLRkfKTo8IAwcbhc2Oh07X2UrA2RDbl4HZExuXwMyS2BVVWRPblsENkxlWAYzH2IPADNYe08WOhx1V1R7WCMMAggTM09fdUJmVVdvTHVBRyQPNTIMM0t1V0dlS2ZYVWRPYk9JdQkiDzo%2BHmVPX3VIZlxQZ0liWDpiSmReVGNPdUFHNhY7D0dtWD8ZEScJbUJKOhswFAciVDkIEXgIMgkMJR80GQw5HXgMLQVKNCUoYTYuVFYzSTQYBwAsPAwyERc2NS87NjojEzUpbgAEAAI7IR8VCzIACWQgAB0fNBAwWQYfHmQJHG4pNV8vPxk7VBIOLRkfKTo8IAwcbhc2Oh07VTFeXG5JNV5TbkgxCFRgQmdeUG5MNgxTZU80CQBiGDIJR3tYOA9HbVg%2FGREnCW1CSiANIF9WeRQ2GQ02FDYICTMbOUMVJRV4HRAkEiUIAT4IMg4ReEUjABVqS3EDACMNOB8OaklxBAokR2dLFj4OMlAEMxw7FEM0R2VLFScTal9UZk9nXlBiXCcODGpMZlpRZEpvXlZiXCNQVGFPYl1TYk1iWUMzHyQZWD8OIx0WckkWSFcRX2UrCDYdLg8QeRQyGUBlPCUIAT4IMg4RPhQwSFcRGx8%2FVTQyGlspLkNkCVY0DzU6MzwbACsINiIdASk6NCEPNm4XNjodOzYtLxQyFztePwAKLQ4PME40JQFkHi5UNjVIHQUGO0MgNDIZCBsAIyAbLlQINi0vAUBlPDFeXG5JNV5TbkgxCFRgQmdeUG5MNgxTZU80CQBiGDIJR3tYNAEHdUB1BREjCiRXSngNIBpXZFQ5DBE%2FGzkMADseNgNLJwg4QhUiCT8fADMTJQgGI1VoGQgnR2VLCzIOIAIXPEdkSww4CWpdQyQTIwhYNh4xARxxGWpfQycKPlBXZktiXVZiT3EdBj5HYVxSY0lnVVZkT3EZWGZMYlhVYU9gWFFxHjIeEWoSIxkVJF9kLEBlPHJfIzobMBQHIlQ5CBFySBEfADMTJQgGIxM5CkBlPDYlN2cZHyBTGwNuXgFkGSIPMgERNjojOhsPJwkbFxkbBwRDOgwyLxYbFycmHzoBVg0tJxcGPR1jDi0zSTMUXAQYZScNNBZuGjwANCUhCBENNhRcOhsAFQlySBELVm5DZA9WYUNlCwBmTW9dVmJDYQwEYUhiDgEyTzUIAXVWdQwWNVhtTw0jDiceX3hVOgwCLhgiQwsyDngfADMTJQgGIxM5Cko2MgVdBh83YSEcbkkzXgYiGAA7DjYtEQAEDzA7IQgZDDU%2BXDobABUJGwAVHAA6FmQ3MicANAcCYxkfCVYzA24%2BB2UwPw4Jbg0OOislNjorEjYDbgAEAAI7QgNkQ25eB2RMbl8DMktgVVVkT25bBDZMZVgGMx9iDwAzWCo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www21.nathanaeldan.pro/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
content-length
0
/
www23.nathanaeldan.pro/pushredirect/
118 B
368 B
Document
General
Full URL
https://www23.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/bWVXelcWRyQNCBgXO1htTw0jDiceX3hVIBoSZUt5AwQjEjYDBDIWMwwLeQolAko2F3odECQSeg4VJFQ9HlonDz4JWGVLZlhVZE9iSwY7EzQGDDNHZVxUYkpkWFAIT2deVmZOYksEOxY1UA0jDiceQGQ7cl8jckgRAAQwAzUYSzkfI0hXEQgyCQwlHzQZDDkdcl8jNjIFXQYfN2EhHG5JM14GIhgAOw42LREABA8wOyEIGQw1Plw6GwAVCRsAFRwAOhZkNzInADQHAmMZHwlWMwNuPgdlMD8OCW4NDjorJTY6KxI2A24ABAACO0hXERxkVFxkGGRbXGUcMlxSb0pkWFxhGzZbV2IZMwhQNR8zSwo1Rz8ZEScJcl4kckgRSFcRDSAaV2RUOQwRPxs5DAA7HjYDSycIOEhXEQoiHg0lHzMEFzIZI0hXEV9kKxE6CnJeIWZfZVsLMg4gAhc8X2QpVnJIYQQKJF9kKVVySGEeDCMfcl4hNh4xARxySGEOQGQ%2BZUhXYQonBEBkPmVcVGJKZFhQckhhHQY%2BX2QpU2ZNY15Vb0lkWEBlTCNIVhNLYVhQZ0xiWlBjX2VbATIJI0hWExIjGRUkX2VYVhZfZVhXEV9lWFcRFzYKHDUPeQMAI19lWFcRCDIJDCUfNBkMOR1yX1BlPDYlN2cZHyBTGwNuXgFkGSIPMgERNjojOhsPJwkbFxkbBwRDOgwyLxYbFycmHzoBVg0tJxcGPR1jDi0zSTMUXAQYZScNNBZuGjwANCUhCBENNhRcOhsAFQlySGJfIzFJblRWNUlhVFcxH2ZaXWdJYlRTNhthX1A0HjJYBzIecQ4JNUc%2FGREnCXJeJHJIEUhXEQ0gGldkVDkMET8bOQwAOx42A0snCDhIVxEKIh4NJR8zBBcyGSNIVxFfZCsROgpyXiFlX2VbCzIOIAIXPF9kKVZySGEECiRfZClVckhhHgwjH3JeITYeMQEcckhhDkBkPmVIV2EKJwRAZD5lXFRiSmRYUHJIYR0GPl9kKVNmTWNeVW9JZFhAZUwjSFYTS2FYUGdMYlpQY19lWwEyCSNIVhMSIxkVJF9lWFYWX2VYVxFfZVhXERc2Chw1D3kDACNfZVhXEQgyCQwlHzQZDDkdcl9QZTw2JTdnGR8gUxsDbl4BZBkiDzIBETY6IzobDycJGxcZGwcEQzoMMi8WGxcnJh86AVYNLScXBj0dYw4tM0kzFFwEGGUnDTQWbho8ADQlIQgRDTYUXDobABUJckhiXyMxSW5UVjVJYVRXMR9mWl1nSWJUUzYbYV9QNB4yWAcyHnEMFjVHPxkRJwlyXiRySBFIVxEXNgocNQ95AwAjX2UrFzIePh8ANA4%2BAwJySBEMLQVKNCUoYTYuVFYzSTQYBwAsPAwyERc2NS87NjojEzUpbgAEAAI7IR8VCzIACWQgAB0fNBAwWQYfHmQJHG4pNV8vPxk7VBIOLRkfKTo8IAwcbhc2Oh07X2UrA2RDbl4HZExuXwMyS2BVVWRPblsENkxlWAYzH2IPADNYe08WOhx1V1R7WCMMAggTM09fdUJmVVdvTHVBRyQPNTIMM0t1V0dlS2ZYVWRPYk9JdQkiDzo%2BHmVPX3VIZlxQZ0liWDpiSmReVGNPdUFHNhY7D0dtWD8ZEScJbUJKOhswFAciVDkIEXgIMgkMJR80GQw5HXgMLQVKNCUoYTYuVFYzSTQYBwAsPAwyERc2NS87NjojEzUpbgAEAAI7IR8VCzIACWQgAB0fNBAwWQYfHmQJHG4pNV8vPxk7VBIOLRkfKTo8IAwcbhc2Oh07VTFeXG5JNV5TbkgxCFRgQmdeUG5MNgxTZU80CQBiGDIJR3tYOA9HbVg%2FGREnCW1CSiANIF9WeRQ2GQ02FDYICTMbOUMVJRV4HRAkEiUIAT4IMg4ReEUjABVqS3EDACMNOB8OaklxBAokR2dLFj4OMlAEMxw7FEM0R2VLFScTal9UZk9nXlBiXCcODGpMZlpRZEpvXlZiXCNQVGFPYl1TYk1iWUMzHyQZWD8OIx0WckkWSFcRX2UrCDYdLg8QeRQyGUBlPCUIAT4IMg4RPhQwSFcRGx8%2FVTQyGlspLkNkCVY0DzU6MzwbACsINiIdASk6NCEPNm4XNjodOzYtLxQyFztePwAKLQ4PME40JQFkHi5UNjVIHQUGO0MgNDIZCBsAIyAbLlQINi0vAUBlPDFeXG5JNV5TbkgxCFRgQmdeUG5MNgxTZU80CQBiGDIJR3tYNAEHdUB1BREjCiRXSngNIBpXZFQ5DBE%2FGzkMADseNgNLJwg4QhUiCT8fADMTJQgGI1VoGQgnR2VLCzIOIAIXPEdkSww4CWpdQyQTIwhYNh4xARxxGWpfQycKPlBXZktiXVZiT3EdBj5HYVxSY0lnVVZkT3EZWGZMYlhVYU9gWFFxHjIeEWoSIxkVJF9kLEBlPHJfIzobMBQHIlQ5CBFySBEfADMTJQgGIxM5CkBlPDYlN2cZHyBTGwNuXgFkGSIPMgERNjojOhsPJwkbFxkbBwRDOgwyLxYbFycmHzoBVg0tJxcGPR1jDi0zSTMUXAQYZScNNBZuGjwANCUhCBENNhRcOhsAFQlySBELVm5DZA9WYUNlCwBmTW9dVmJDYQwEYUhiDgEyTzUIAXVWdQwWNVhtTw0jDiceX3hVOgwCLhgiQwsyDngfADMTJQgGIxM5Cko2MgVdBh83YSEcbkkzXgYiGAA7DjYtEQAEDzA7IQgZDDU%2BXDobABUJGwAVHAA6FmQ3MicANAcCYxkfCVYzA24%2BB2UwPw4Jbg0OOislNjorEjYDbgAEAAI7QgNkQ25eB2RMbl8DMktgVVVkT25bBDZMZVgGMx9iDwAzWCo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.27
Resource Hash

Request headers

Referer
https://www21.nathanaeldan.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
71a557594ffbca67-YUL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:53 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9R4K6QRPqmMJJc6sAqWMRHchQiYyBr1RBjRqA7X01OGFIGUMstE41SVkLF4TJXkx3lObHguvBg6LOP9DT6UDgQjzb6s%2B4JZbOsZ0Th%2FxCgPwgUWS3FOxzNRCJoJwZQWwxjmybLZWz94CF3yCYTN8CeYRm4A"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed
/
www8.nathanaeldan.pro/pushredirect/
Redirect Chain
  • https://www21.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJl...
  • https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlL...
6 KB
3 KB
Document
General
Full URL
https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.27
Resource Hash
d4b659ff9b6e8166d48d49654c7148a95350c0c2353d592ac64aca94a635f8a0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
71a5575a6977ca67-YUL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:53 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDjt6I6CFFewG0ZRCp3Fs%2BmDy0QphC7AAGzxlAhpvtSuI0ArzaI1cjkURV34zDXm3vgU%2Boblf6%2BnyBOiA2EzN%2FZSSH75N4Cu8sw6ujMjLzO4ZRe0YNJEcFJzZNUo%2B7Ih0rUr6KbcVnR3fxTQICkjoQY1IgA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
71a55759dfa87133-YUL
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:53 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyZYFH6yWkhu6k7VcxMxnpZc4qhxABxpBaQpKnvr0gj%2BWd6z5GVqnVSVE3ZWkqsKqyEpKQIwrPbFOnwN9ZoVX%2FtOHfP0D48oUjnhEUsGG9W1t0TRu9dpon30z79aojr%2Fh6ZmAywN082uHGFWrgJ85nA8Ex1V"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed
/
dc5k8fg5ioc8s.cloudfront.net/
163 KB
49 KB
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by
Host: www8.nathanaeldan.pro
URL: https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
7e6d4d8801a8144849709f2ae050ef40e951c40c3ee38dd4536b406f1e503962

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:53 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length
49631
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
WVaOv0_7N7wTmXWRnb5rI8HRywCcTTlMovrBp8uQud6hwPbCeuiyuQ==
logo.png
www8.nathanaeldan.pro/static/image/
10 KB
11 KB
Image
General
Full URL
https://www8.nathanaeldan.pro/static/image/logo.png
Requested by
Host: www8.nathanaeldan.pro
URL: https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
879
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10726
last-modified
Tue, 10 Nov 2020 09:44:06 GMT
server
cloudflare
etag
"29e6-5faa60e6-f392dafc4c855335;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FtncKOTwTWwWsW7Q%2Bol2N1Kp0MTxO3EDiULUzgDFaPBtYhrxOv6b3SLBnhekWb3DPA8wKyLwnaycplazGJ1VPS3uGVz6H8cGWXytFw5SnIZmTQvagN4JlW88LI7yazZiytH2J%2BmfVfvv8zoCIb0%2Fbb5rpL4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
71a5575ad90a7133-YUL
expires
Sun, 19 Jun 2022 20:15:14 GMT
17a72af7-7cb1-4f49-bce5-18314b016d6d
player.ex.co/player/
0
77 B
Script
General
Full URL
https://player.ex.co/player/17a72af7-7cb1-4f49-bce5-18314b016d6d
Requested by
Host: www8.nathanaeldan.pro
URL: https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
via
1.1 varnish, 1.1 varnish
age
53659
x-cache
HIT, HIT
access-control-max-age
600
content-length
0
x-served-by
cache-iad-kcgs7200127-IAD, cache-yul12827-YUL
server
nginx
x-timer
S1655065794.740090,VS0,VE0
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
vary
x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot, x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-pb-reason
requested id was blocked
accept-ranges
bytes
access-control-allow-headers
Accept, Authorization, Content-Type
x-cache-hits
1, 4
am-push-cps.js
www8.nathanaeldan.pro/
92 KB
39 KB
Script
General
Full URL
https://www8.nathanaeldan.pro/am-push-cps.js?puid=21150355&clickid=21150355_6565115&allb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed&ob=https%3A%2F%2Fwww29.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D3%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&clb=https%3A%2F%2Fwww29.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D3%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&asb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Requested by
Host: www8.nathanaeldan.pro
URL: https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1748a4dc17a0c9ce36d1653df23a75281d05842c3266452fd7bd01ed5351ebfe

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 10 Nov 2020 09:44:06 GMT
server
cloudflare
etag
W/"171ce-5faa60e6-c109d6004d840eb5;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zHLAqHh0KEODOnIIMyZ%2FMLE7Sa2iZV5mWSBZyyLjSRo1QtB5UCDRDYWgDbb2Wn%2FFv%2FETi4R%2BB0mI%2Blse6H%2BwGqzwZi8o5CbNnz%2B3fPqLI%2FAJMFNEVeCKDvhfwNvb2ssoTJUQJVV7F820JvdiJ78tEqcdd3o%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
71a5575ae91a7133-YUL
expires
Sun, 19 Jun 2022 20:13:00 GMT
cGxLYjkLTjgVZgUeJ0ADUgQ%2FFkkDVmRNTgcbc0xXERgjA1cRCScGWB5COxBWXw0mT0kFHyNPWgAfZQhKTxw%2BC11NXnpTDEBfflcfEwAiAVIZCHZQCEFZe1EMRTN9Vw9FXXpXHxEAJwAEGBg%2FEkpVXwpHCzZJeSRUEQsyAExeAi4WHEIqOQddGR4uAU0ZAix...
sinaunrelean.info/
59 KB
24 KB
Script
General
Full URL
https://sinaunrelean.info/cGxLYjkLTjgVZgUeJ0ADUgQ%2FFkkDVmRNTgcbc0xXERgjA1cRCScGWB5COxBWXw0mT0kFHyNPWgAfZQhKTxw%2BC11NXnpTDEBfflcfEwAiAVIZCHZQCEFZe1EMRTN9Vw9FXXpXHxEAJwAEGBg%2FEkpVXwpHCzZJeSRUEQsyAExeAi4WHEIqOQddGR4uAU0ZAixHCzYNAzAJEyQGVHUJVXgGChMZKTVvGw0cJFQRNAEOdR0iPQBqSQEqNUEcIDEgSBUBJ1FjJxwxAVMXWCgqXUMIMltqEl4BClocVTw7bj4eBw9%2FBw0yW1QROzMOHEIqLVEASV8pUQ9JXi0HCEdUe1EMSVoqAw9CWSgGXEUOLgYfHw52Ck0EHDhHCjFJeSQcQio8FU5CVWUMWAQEKgxYFQAvA1deHDkNHEIqOxdKGB4uBlACCSgWHEIqblF%2FBAE7Rwo0XW5QDx4JPxVWAgduUX1DSXlUUB8fblF9QEl5VEoZGC5HCjQNLwRVCUl5VFpVXw9RHEJaOxJQVV8PUAhBWXtRDEVJeVRJEwVuUX1GXXxWCkBUeFEMVV59FhxDKHpUDEVcfVcORVhuUA8UCTgWHEMoIxZNAB9uUAxDLW5QDEIqblAMQiomA14JDj5MVxUYblAMQio5B10ZHi4BTRkCLEcLRV4NA3EiXCgqdEYgMlsKFF8oF1snOiADbjYBKjpzHCAmLE8SP3IPWCcUJy5DMh0uD1VDNhwSQxMGLFZaOAh4BkBJPylQcxgPJ1tOKTsFEHUdKjwDQEkBKjVBHEl5Vws2CnhbAEMOeFQAQgouUw5IXHhXAEYNKlQLRQ8vBwwSCS9EWhwOdgpNBBw4RwoxSXkkHEIqPBVOQlVlDFgEBCoMWBUALwNXXhw5DRxCKjsXShgeLgZQAgkoFhxCKm5RfwQBO0cKNF5uUA8eCT8VVgIHblF9Q0l5VFAfH25RfUBJeVRKGRguRwo0DS8EVQlJeVRaVV8PURxCWjsSUFVfD1AIQVl7UQxFSXlUSRMFblF9Rl18VgpAVHhRDFVefRYcQyh6VAxFXH1XDkVYblAPFAk4FhxDKCMWTQAfblAMQy1uUAxCKm5QDEIqJgNeCQ4%2BTFcVGG5QDEIqOQddGR4uAU0ZAixHC0VeDQNxIlwoKnRGIDJbChRfKBdbJzogA242ASo6cxwgJixPEj9yD1gnFCcuQzIdLg9VQzYcEkMTBixWWjgIeAZAST8pUHMYDydbTik7BRB1HSo8A0BJASo1QRxJeVcLNgp4WwBDDnhUAEIKLlMOSFx4VwBGDSpUC0UPLwcMEgkvRFgDDnYKTQQcOEcKMUl5JBxCKiYDXgkOPkxXFRhuUH8CCS8LSxUPPwtXF0l5JFg4PnsBcT1aBxsAQwh4AUwSOx0JWCcqJgNhOgAHD3cGDhhbVBE7Mw51Ci46B1QcXxE1SQoPIQUNEyQvUV0JVRgACzoEKA4ABzUcLEs8AQ0VWAlVJgNuCABuUH8WX3JbChJffVsLFgl6VQFAX35bDxENfVAMEwguV1sVCGlOGwMBLUADQUBpFlgXMyIGG0pOc1MBQlR9QBVSHz4AZhkIekADUl56UwxAX35XG1xOOBdbLwUvUBtKTnlTCEVceFcML1p%2BVAxBXX5AFVINJw5bUlZpCk0EHDhYFl8BKgVAEhllDFwEQzkHXRkeLgFNGQIsTVg4PnsBcT1aBxsAQwh4AUwSOx0JWCcqJgNhOgAHD3cGDhhbVBE7Mw51Ci46B1QcXxE1SQoPIQUNEyQvUV0JVRgACzoEKA4ABzUcLEs8AQ0VWAlVJgNuCABkBApJVXgACkZVeQRcQVtzUgpFVX0DWEZefgFdFVkpB11SQGkNW1JWaQpNBBw4WBZfGzwVC0lCJQNNGA0lA1wcCCoMFwAeJE1JBR8jEFwUBTkHWgRDdBZUAFF6RFcVGDwNSxtReERQHx92Uh8DBT8HBBEILQ5AVg92UR8AHCJfC0FdflIKRVltEloZUX1TDkRfe1oKQ1ltFgRBWn5XCUZZfFcNVgguEU1NBD8WSQNJeCMcQipuUH8dDSwbWwVCJQdNVV4NEFwUBTkHWgQFJQUcQioqKmtADwMvDzwVclFdQw8%2BAG4mByo1fx0NEyhVPAEFFFsjVSYDbggABxh7AQkmDgoqOzsYWhoLfwFxFF8vGwAjDnkoURMAchVgJyI5LlQ2GyobAB0NHBpVVV4NBApJVXgACkZVeQRcQVtzUgpFVX0DWEZefgFdFVkpB11SQGkBVRJOcUBRBBg7EQNfQzwVTkJVZQxYBAQqDFgVAC8DV14cOQ0WABk4CksVCCIQXBMYZF1NHRx2UB8eCT8VVgIHdlEfGQM4XwlWHyIWXE0NLwRVCUooXwpWHDsLBEJdelcJQ1l%2BREkTBXZUCEdYeFIBQ19%2BRE1NXX1XDEBaflUMREovB0oEUSMWTQAfblF4VV4NRws2ASoFQBIZZQxcBEl5JEsVCCIQXBMYIgxeVV4NA3EiXCgqdEYgMlsKFF8oF1snOiADbjYBKjpzHCAmLE8SP3IPWCcUJy5DMh0uD1VDNhwSQxMGLFZaOAh4BkBJPylQcxgPJ1tOKTsFEHUdKjwDQEkBKjVBHEl5JF9DVXJRW0NaclBfFV18WglDWXJUWBFaeVdaFAl%2BAFwUTmdAWAMOaVgbGBg%2FEkpKQ2QPWBcVKRcXHgk%2FTUsVCCIQXBMYIgxeXw0DMAkTJAZUdQlVeAYKExkpNW8bDRwkVBE0AQ51HSI9AGpJASo1QRwgMSBIFQEnUWMnHDEBUxdYKCpdQwgyW2oSXgEKWhxVPDtuPh4HD38HDTJbVBE7Mw4WFl9yWwoSX31bCxYJelUBQF9%2BWw8RDX1QDBMILldbFQhpHw
Requested by
Host: www8.nathanaeldan.pro
URL: https://www8.nathanaeldan.pro/am-push-cps.js?puid=21150355&clickid=21150355_6565115&allb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed&ob=https%3A%2F%2Fwww29.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D3%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&clb=https%3A%2F%2Fwww29.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D3%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&asb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/ Express
Resource Hash
6c58cb075b5a230702bf1f11e07c94d91894e845896457bd0c7d47dd6d234e3b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"eb46-s2LTbTBolkJ68kRR+H32xvXyx8E"
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
asd100.bin
freychang.fun/
100 KB
101 KB
Fetch
General
Full URL
https://freychang.fun/asd100.bin
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
access-control-allow-methods
GET
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4423
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sun, 12 Jun 2022 19:16:10 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nQ%2FgELwbw25lGf9hRUoUqEIQq5PF6DiO2mKR5sqmyV6paPRKcEn3LG5rJlyc9cVQ1JqzlItdhJ0HfQ40jlh%2FUuHiiib6hyleWHvkU%2F43VlUIFk0dcBjm0zGuqYljCyfeWpCGe9LC3hL5nqcZ"}],"group":"cf-nel","max_age":604800}
content-type
binary/octet-stream
access-control-allow-origin
https://www8.nathanaeldan.pro
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
71a5575b8fefece2-YUL
access-control-allow-headers
X-Requested-With, content-type
/
freychang.fun/
26 B
626 B
Fetch
General
Full URL
https://freychang.fun/
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd5e6093c607e9b1b2906aa2f746ce4bc2dac857f095e86bcc45e33a9c4b0793

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
https://www8.nathanaeldan.pro
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LCG02CUYpFjlj1xL4vVcghWitQAdY%2FOP6%2FW0vXML1NO%2FSKqX%2F3649W5ctXKt7k3dMpKIE1EtfWfnpoT%2Fs4EH%2BcsCaWJK76OM45galKUrF77VXyyFNjVfiqmfMG349HRVU%2Bs3cXx0Q2%2FcKPDi"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
71a5575b8ff2ece2-YUL
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
ustingexcelle.xyz/
0
495 B
XHR
General
Full URL
https://ustingexcelle.xyz/utx?cb=LClv0le7s945&top=www8.nathanaeldan.pro&tid=824473
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:53 GMT
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www8.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
-i7EqCjFkj4H8fz4NWWiOiuh66dSJE4L_TluSYGz-8ZkmPbwsf55Xw==
KzMuNWIeHSQyPDkKVA4RPgsELRZZAgRVPScLCRRqPzxcXQpeZzwBPFwxA1RjVAsdDyQpO1EME18mBCcFNwgAMQhVCDATZTsKUUI4Hj0LFG8hIlU3EBsZPQMCLg
ustingexcelle.xyz/UmVkUm0zBwc/UjNYBnQYIAlZd18UQFYUCTFQD2oLNVANPQ5qFkoxAT0QADQfPQsQfAM3EUFgKwgxVRwcBggDIT0TNAsEFyFTIDwjAwMzNgg3MxAiIgAODBAHaxAuOFgLLSYXDhAxJT0sKwkLGikHVjJhWB0sHhsoGTMyIiM1NBAENWdUJys... Frame 3D26
3 KB
2 KB
Document
General
Full URL
https://ustingexcelle.xyz/UmVkUm0zBwc/UjNYBnQYIAlZd18UQFYUCTFQD2oLNVANPQ5qFkoxAT0QADQfPQsQfAM3EUFgKwgxVRwcBggDIT0TNAsEFyFTIDwjAwMzNgg3MxAiIgAODBAHaxAuOFgLLSYXDhAxJT0sKwkLGikHVjJhWB0sHhsoGTMyIiM1NBAENWdUJysCGQYJNiAdDQM1IhQGUxAEIVcgEQ4VLg42IB0SCCs9NTBUEz4fQFYULmARBRE6CCACOVxrPFQbWBM2IWEvBg4GMwAUBC0QFSM8MiJIYCMzFSs4MVdiHDMIIjMiAyAMCDtnFzMlXGAyLGY8NzIAFgxjFUFgKx8NST1IYCcmEQI5IR0lKRgMAAILEVBSCytjAjNhAWAyLGcsGCEXNyQlNxULPj4XMzxVd1ciExQHKwU/KzMuNWIeHSQyPDkKVA4RPgsELRZZAgRVPScLCRRqPzxcXQpeZzwBPFwxA1RjVAsdDyQpO1EME18mBCcFNwgAMQhVCDATZTsKUUI4Hj0LFG8hIlU3EBsZPQMCLg
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
5d1d99550a6d86d9f154f81a828bfbd680513bc1ddcde317cf5a76d3986ad10b

Request headers

Referer
https://www8.nathanaeldan.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1229
content-type
text/html
date
Sun, 12 Jun 2022 20:29:53 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
x-amz-cf-id
p89hYWnWoGYP82ATcWezYtqf4VV0Ssw2hsaPwuWYPKYjZOmEnJHKUA==
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
ZBVEQjY5DgUAd2ADAgN1bAAMAnE
quiremuken.xyz/VTM0NkJ6DFdFfxhecgQjHWZ4YQcXaWVRMgRnBVoAFgJmcBcAUBJCKzEODAR2YQQHEDI8VwkFcHNAQFc2IEAJB2Q8XVJZf3NFCQZsbR0MGHBzRgkHZCFDVVF/
0
475 B
Image
General
Full URL
https://quiremuken.xyz/VTM0NkJ6DFdFfxhecgQjHWZ4YQcXaWVRMgRnBVoAFgJmcBcAUBJCKzEODAR2YQQHEDI8VwkFcHNAQFc2IEAJB2Q8XVJZf3NFCQZsbR0MGHBzRgkHZCFDVVF/ZBVEQjY5DgUAd2ADAgN1bAAMAnE
Requested by
Host: www8.nathanaeldan.pro
URL: https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dWbV4MQR0KpPw1kK0J%2F807Q0kJm3hF5rZbQN92MSJOxYvZvB8S0wG8BA9V%2F2ZhTEHT5Li2pN%2B3hInZcyp6TMffU2E%2BazuQIlm08InmYFvRUZT8ccKif7uM2a2us3SZhC0IHpsycxiDWsElDycA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a5575b9ff1ecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
HmIyFAsOB1YFISIKSEN8cgBDVzgvU01CemBEBBA8M0RNQ3h2AFYYJiBYTUNuMApAX3BoD15DbjMKQVc8NlYXTHlgRwQFJHsGRkR9dgFFRnF1D0RF
quiremuken.xyz/RjdwcUhpCBMCdRx/JgUFEw4UJQ41dhU3MANhMTN/
0
472 B
Image
General
Full URL
https://quiremuken.xyz/RjdwcUhpCBMCdRx/JgUFEw4UJQ41dhU3MANhMTN/HmIyFAsOB1YFISIKSEN8cgBDVzgvU01CemBEBBA8M0RNQ3h2AFYYJiBYTUNuMApAX3BoD15DbjMKQVc8NlYXTHlgRwQFJHsGRkR9dgFFRnF1D0RF
Requested by
Host: www8.nathanaeldan.pro
URL: https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fNSktE3zgDuCv2FFxnMDJxraX1wd5g%2FiOJexiTPt58fXmIq1z1FtHyJmQoDWa3Hy2Ug336pyPtmrFttvzA7OwfT4VLGmiiPhx9bDIlZfELi5VplU%2FKXEVancF2pdrzqN0MdXsvDYkzTfpXAudw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a5575b9ff2ecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
AyUNamFaKQ0sOAVnTX1jCSYaID4Pa1oJYlp8Rn99X35Yen1cf019YxkvDi4hA2taCWZZeUZ8ZUw7VX4
dc5k8fg5ioc8s.cloudfront.net/ZT1NqTmgsPAQoVzs6DnNQfWdeeVtpORkhBj9uJj5YHBEcBTAoAyloHDU3V35OIzIEKVVpNgQtVX51CyoKcmdMOhggOFc7Bis2DCcGKjdMOwlyPgU0ASM/C2taCWZEfk19Y0I5ASE3BTkbamFaIBxqYVp/WGFjT30qamFaOQE... Frame 3D26
415 B
614 B
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/ZT1NqTmgsPAQoVzs6DnNQfWdeeVtpORkhBj9uJj5YHBEcBTAoAyloHDU3V35OIzIEKVVpNgQtVX51CyoKcmdMOhggOFc7Bis2DCcGKjdMOwlyPgU0ASM/C2taCWZEfk19Y0I5ASE3BTkbamFaIBxqYVp/WGFjT30qamFaOQEhZV5rWw12WH4QeWdDa1p/Mh-o+BCokDywDJidPfC56YF1gW3l2WH5AJDseIwRqYSlrWn8/AyUNamFaKQ0sOAVnTX1jCSYaID4Pa1oJYlp8Rn99X35Yen1cf019YxkvDi4hA2taCWZZeUZ8ZUw7VX4
Requested by
Host: ustingexcelle.xyz
URL: https://ustingexcelle.xyz/UmVkUm0zBwc/UjNYBnQYIAlZd18UQFYUCTFQD2oLNVANPQ5qFkoxAT0QADQfPQsQfAM3EUFgKwgxVRwcBggDIT0TNAsEFyFTIDwjAwMzNgg3MxAiIgAODBAHaxAuOFgLLSYXDhAxJT0sKwkLGikHVjJhWB0sHhsoGTMyIiM1NBAENWdUJysCGQYJNiAdDQM1IhQGUxAEIVcgEQ4VLg42IB0SCCs9NTBUEz4fQFYULmARBRE6CCACOVxrPFQbWBM2IWEvBg4GMwAUBC0QFSM8MiJIYCMzFSs4MVdiHDMIIjMiAyAMCDtnFzMlXGAyLGY8NzIAFgxjFUFgKx8NST1IYCcmEQI5IR0lKRgMAAILEVBSCytjAjNhAWAyLGcsGCEXNyQlNxULPj4XMzxVd1ciExQHKwU/KzMuNWIeHSQyPDkKVA4RPgsELRZZAgRVPScLCRRqPzxcXQpeZzwBPFwxA1RjVAsdDyQpO1EME18mBCcFNwgAMQhVCDATZTsKUUI4Hj0LFG8hIlU3EBsZPQMCLg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
e182a507d08965701ad9c606cce2533a2fa9e35474cee0ded41b007b64eaf0b3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ustingexcelle.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:53 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=31556926
content-length
336
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
jwfefDVEI-P7yHB43g5mAXLjXwGi-cLMhvW1XWV5k9OYRrLIMfBksg==
utx
ustingexcelle.xyz/
0
495 B
XHR
General
Full URL
https://ustingexcelle.xyz/utx?tid=818286&top=www8.nathanaeldan.pro&cb=G3V05jKWPrtA
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/cGxLYjkLTjgVZgUeJ0ADUgQ%2FFkkDVmRNTgcbc0xXERgjA1cRCScGWB5COxBWXw0mT0kFHyNPWgAfZQhKTxw%2BC11NXnpTDEBfflcfEwAiAVIZCHZQCEFZe1EMRTN9Vw9FXXpXHxEAJwAEGBg%2FEkpVXwpHCzZJeSRUEQsyAExeAi4WHEIqOQddGR4uAU0ZAixHCzYNAzAJEyQGVHUJVXgGChMZKTVvGw0cJFQRNAEOdR0iPQBqSQEqNUEcIDEgSBUBJ1FjJxwxAVMXWCgqXUMIMltqEl4BClocVTw7bj4eBw9%2FBw0yW1QROzMOHEIqLVEASV8pUQ9JXi0HCEdUe1EMSVoqAw9CWSgGXEUOLgYfHw52Ck0EHDhHCjFJeSQcQio8FU5CVWUMWAQEKgxYFQAvA1deHDkNHEIqOxdKGB4uBlACCSgWHEIqblF%2FBAE7Rwo0XW5QDx4JPxVWAgduUX1DSXlUUB8fblF9QEl5VEoZGC5HCjQNLwRVCUl5VFpVXw9RHEJaOxJQVV8PUAhBWXtRDEVJeVRJEwVuUX1GXXxWCkBUeFEMVV59FhxDKHpUDEVcfVcORVhuUA8UCTgWHEMoIxZNAB9uUAxDLW5QDEIqblAMQiomA14JDj5MVxUYblAMQio5B10ZHi4BTRkCLEcLRV4NA3EiXCgqdEYgMlsKFF8oF1snOiADbjYBKjpzHCAmLE8SP3IPWCcUJy5DMh0uD1VDNhwSQxMGLFZaOAh4BkBJPylQcxgPJ1tOKTsFEHUdKjwDQEkBKjVBHEl5Vws2CnhbAEMOeFQAQgouUw5IXHhXAEYNKlQLRQ8vBwwSCS9EWhwOdgpNBBw4RwoxSXkkHEIqPBVOQlVlDFgEBCoMWBUALwNXXhw5DRxCKjsXShgeLgZQAgkoFhxCKm5RfwQBO0cKNF5uUA8eCT8VVgIHblF9Q0l5VFAfH25RfUBJeVRKGRguRwo0DS8EVQlJeVRaVV8PURxCWjsSUFVfD1AIQVl7UQxFSXlUSRMFblF9Rl18VgpAVHhRDFVefRYcQyh6VAxFXH1XDkVYblAPFAk4FhxDKCMWTQAfblAMQy1uUAxCKm5QDEIqJgNeCQ4%2BTFcVGG5QDEIqOQddGR4uAU0ZAixHC0VeDQNxIlwoKnRGIDJbChRfKBdbJzogA242ASo6cxwgJixPEj9yD1gnFCcuQzIdLg9VQzYcEkMTBixWWjgIeAZAST8pUHMYDydbTik7BRB1HSo8A0BJASo1QRxJeVcLNgp4WwBDDnhUAEIKLlMOSFx4VwBGDSpUC0UPLwcMEgkvRFgDDnYKTQQcOEcKMUl5JBxCKiYDXgkOPkxXFRhuUH8CCS8LSxUPPwtXF0l5JFg4PnsBcT1aBxsAQwh4AUwSOx0JWCcqJgNhOgAHD3cGDhhbVBE7Mw51Ci46B1QcXxE1SQoPIQUNEyQvUV0JVRgACzoEKA4ABzUcLEs8AQ0VWAlVJgNuCABuUH8WX3JbChJffVsLFgl6VQFAX35bDxENfVAMEwguV1sVCGlOGwMBLUADQUBpFlgXMyIGG0pOc1MBQlR9QBVSHz4AZhkIekADUl56UwxAX35XG1xOOBdbLwUvUBtKTnlTCEVceFcML1p%2BVAxBXX5AFVINJw5bUlZpCk0EHDhYFl8BKgVAEhllDFwEQzkHXRkeLgFNGQIsTVg4PnsBcT1aBxsAQwh4AUwSOx0JWCcqJgNhOgAHD3cGDhhbVBE7Mw51Ci46B1QcXxE1SQoPIQUNEyQvUV0JVRgACzoEKA4ABzUcLEs8AQ0VWAlVJgNuCABkBApJVXgACkZVeQRcQVtzUgpFVX0DWEZefgFdFVkpB11SQGkNW1JWaQpNBBw4WBZfGzwVC0lCJQNNGA0lA1wcCCoMFwAeJE1JBR8jEFwUBTkHWgRDdBZUAFF6RFcVGDwNSxtReERQHx92Uh8DBT8HBBEILQ5AVg92UR8AHCJfC0FdflIKRVltEloZUX1TDkRfe1oKQ1ltFgRBWn5XCUZZfFcNVgguEU1NBD8WSQNJeCMcQipuUH8dDSwbWwVCJQdNVV4NEFwUBTkHWgQFJQUcQioqKmtADwMvDzwVclFdQw8%2BAG4mByo1fx0NEyhVPAEFFFsjVSYDbggABxh7AQkmDgoqOzsYWhoLfwFxFF8vGwAjDnkoURMAchVgJyI5LlQ2GyobAB0NHBpVVV4NBApJVXgACkZVeQRcQVtzUgpFVX0DWEZefgFdFVkpB11SQGkBVRJOcUBRBBg7EQNfQzwVTkJVZQxYBAQqDFgVAC8DV14cOQ0WABk4CksVCCIQXBMYZF1NHRx2UB8eCT8VVgIHdlEfGQM4XwlWHyIWXE0NLwRVCUooXwpWHDsLBEJdelcJQ1l%2BREkTBXZUCEdYeFIBQ19%2BRE1NXX1XDEBaflUMREovB0oEUSMWTQAfblF4VV4NRws2ASoFQBIZZQxcBEl5JEsVCCIQXBMYIgxeVV4NA3EiXCgqdEYgMlsKFF8oF1snOiADbjYBKjpzHCAmLE8SP3IPWCcUJy5DMh0uD1VDNhwSQxMGLFZaOAh4BkBJPylQcxgPJ1tOKTsFEHUdKjwDQEkBKjVBHEl5JF9DVXJRW0NaclBfFV18WglDWXJUWBFaeVdaFAl%2BAFwUTmdAWAMOaVgbGBg%2FEkpKQ2QPWBcVKRcXHgk%2FTUsVCCIQXBMYIgxeXw0DMAkTJAZUdQlVeAYKExkpNW8bDRwkVBE0AQ51HSI9AGpJASo1QRwgMSBIFQEnUWMnHDEBUxdYKCpdQwgyW2oSXgEKWhxVPDtuPh4HD38HDTJbVBE7Mw4WFl9yWwoSX31bCxYJelUBQF9%2BWw8RDX1QDBMILldbFQhpHw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www8.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:53 GMT
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www8.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
uXEJJOwonB1Mb8rtq0VYvD7ZOBwFcC4ZM5SsFpKUuig9QEQTpVgs7Q==
/
biscussexbug.xyz/
0
36 B
XHR
General
Full URL
https://biscussexbug.xyz/
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/cGxLYjkLTjgVZgUeJ0ADUgQ%2FFkkDVmRNTgcbc0xXERgjA1cRCScGWB5COxBWXw0mT0kFHyNPWgAfZQhKTxw%2BC11NXnpTDEBfflcfEwAiAVIZCHZQCEFZe1EMRTN9Vw9FXXpXHxEAJwAEGBg%2FEkpVXwpHCzZJeSRUEQsyAExeAi4WHEIqOQddGR4uAU0ZAixHCzYNAzAJEyQGVHUJVXgGChMZKTVvGw0cJFQRNAEOdR0iPQBqSQEqNUEcIDEgSBUBJ1FjJxwxAVMXWCgqXUMIMltqEl4BClocVTw7bj4eBw9%2FBw0yW1QROzMOHEIqLVEASV8pUQ9JXi0HCEdUe1EMSVoqAw9CWSgGXEUOLgYfHw52Ck0EHDhHCjFJeSQcQio8FU5CVWUMWAQEKgxYFQAvA1deHDkNHEIqOxdKGB4uBlACCSgWHEIqblF%2FBAE7Rwo0XW5QDx4JPxVWAgduUX1DSXlUUB8fblF9QEl5VEoZGC5HCjQNLwRVCUl5VFpVXw9RHEJaOxJQVV8PUAhBWXtRDEVJeVRJEwVuUX1GXXxWCkBUeFEMVV59FhxDKHpUDEVcfVcORVhuUA8UCTgWHEMoIxZNAB9uUAxDLW5QDEIqblAMQiomA14JDj5MVxUYblAMQio5B10ZHi4BTRkCLEcLRV4NA3EiXCgqdEYgMlsKFF8oF1snOiADbjYBKjpzHCAmLE8SP3IPWCcUJy5DMh0uD1VDNhwSQxMGLFZaOAh4BkBJPylQcxgPJ1tOKTsFEHUdKjwDQEkBKjVBHEl5Vws2CnhbAEMOeFQAQgouUw5IXHhXAEYNKlQLRQ8vBwwSCS9EWhwOdgpNBBw4RwoxSXkkHEIqPBVOQlVlDFgEBCoMWBUALwNXXhw5DRxCKjsXShgeLgZQAgkoFhxCKm5RfwQBO0cKNF5uUA8eCT8VVgIHblF9Q0l5VFAfH25RfUBJeVRKGRguRwo0DS8EVQlJeVRaVV8PURxCWjsSUFVfD1AIQVl7UQxFSXlUSRMFblF9Rl18VgpAVHhRDFVefRYcQyh6VAxFXH1XDkVYblAPFAk4FhxDKCMWTQAfblAMQy1uUAxCKm5QDEIqJgNeCQ4%2BTFcVGG5QDEIqOQddGR4uAU0ZAixHC0VeDQNxIlwoKnRGIDJbChRfKBdbJzogA242ASo6cxwgJixPEj9yD1gnFCcuQzIdLg9VQzYcEkMTBixWWjgIeAZAST8pUHMYDydbTik7BRB1HSo8A0BJASo1QRxJeVcLNgp4WwBDDnhUAEIKLlMOSFx4VwBGDSpUC0UPLwcMEgkvRFgDDnYKTQQcOEcKMUl5JBxCKiYDXgkOPkxXFRhuUH8CCS8LSxUPPwtXF0l5JFg4PnsBcT1aBxsAQwh4AUwSOx0JWCcqJgNhOgAHD3cGDhhbVBE7Mw51Ci46B1QcXxE1SQoPIQUNEyQvUV0JVRgACzoEKA4ABzUcLEs8AQ0VWAlVJgNuCABuUH8WX3JbChJffVsLFgl6VQFAX35bDxENfVAMEwguV1sVCGlOGwMBLUADQUBpFlgXMyIGG0pOc1MBQlR9QBVSHz4AZhkIekADUl56UwxAX35XG1xOOBdbLwUvUBtKTnlTCEVceFcML1p%2BVAxBXX5AFVINJw5bUlZpCk0EHDhYFl8BKgVAEhllDFwEQzkHXRkeLgFNGQIsTVg4PnsBcT1aBxsAQwh4AUwSOx0JWCcqJgNhOgAHD3cGDhhbVBE7Mw51Ci46B1QcXxE1SQoPIQUNEyQvUV0JVRgACzoEKA4ABzUcLEs8AQ0VWAlVJgNuCABkBApJVXgACkZVeQRcQVtzUgpFVX0DWEZefgFdFVkpB11SQGkNW1JWaQpNBBw4WBZfGzwVC0lCJQNNGA0lA1wcCCoMFwAeJE1JBR8jEFwUBTkHWgRDdBZUAFF6RFcVGDwNSxtReERQHx92Uh8DBT8HBBEILQ5AVg92UR8AHCJfC0FdflIKRVltEloZUX1TDkRfe1oKQ1ltFgRBWn5XCUZZfFcNVgguEU1NBD8WSQNJeCMcQipuUH8dDSwbWwVCJQdNVV4NEFwUBTkHWgQFJQUcQioqKmtADwMvDzwVclFdQw8%2BAG4mByo1fx0NEyhVPAEFFFsjVSYDbggABxh7AQkmDgoqOzsYWhoLfwFxFF8vGwAjDnkoURMAchVgJyI5LlQ2GyobAB0NHBpVVV4NBApJVXgACkZVeQRcQVtzUgpFVX0DWEZefgFdFVkpB11SQGkBVRJOcUBRBBg7EQNfQzwVTkJVZQxYBAQqDFgVAC8DV14cOQ0WABk4CksVCCIQXBMYZF1NHRx2UB8eCT8VVgIHdlEfGQM4XwlWHyIWXE0NLwRVCUooXwpWHDsLBEJdelcJQ1l%2BREkTBXZUCEdYeFIBQ19%2BRE1NXX1XDEBaflUMREovB0oEUSMWTQAfblF4VV4NRws2ASoFQBIZZQxcBEl5JEsVCCIQXBMYIgxeVV4NA3EiXCgqdEYgMlsKFF8oF1snOiADbjYBKjpzHCAmLE8SP3IPWCcUJy5DMh0uD1VDNhwSQxMGLFZaOAh4BkBJPylQcxgPJ1tOKTsFEHUdKjwDQEkBKjVBHEl5JF9DVXJRW0NaclBfFV18WglDWXJUWBFaeVdaFAl%2BAFwUTmdAWAMOaVgbGBg%2FEkpKQ2QPWBcVKRcXHgk%2FTUsVCCIQXBMYIgxeXw0DMAkTJAZUdQlVeAYKExkpNW8bDRwkVBE0AQ51HSI9AGpJASo1QRwgMSBIFQEnUWMnHDEBUxdYKCpdQwgyW2oSXgEKWhxVPDtuPh4HD38HDTJbVBE7Mw4WFl9yWwoSX31bCxYJelUBQF9%2BWw8RDX1QDBMILldbFQhpHw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www8.nathanaeldan.pro/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
content-length
0
/
www29.nathanaeldan.pro/pushredirect/
118 B
398 B
Document
General
Full URL
https://www29.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/cGxLYjkLTjgVZgUeJ0ADUgQ%2FFkkDVmRNTgcbc0xXERgjA1cRCScGWB5COxBWXw0mT0kFHyNPWgAfZQhKTxw%2BC11NXnpTDEBfflcfEwAiAVIZCHZQCEFZe1EMRTN9Vw9FXXpXHxEAJwAEGBg%2FEkpVXwpHCzZJeSRUEQsyAExeAi4WHEIqOQddGR4uAU0ZAixHCzYNAzAJEyQGVHUJVXgGChMZKTVvGw0cJFQRNAEOdR0iPQBqSQEqNUEcIDEgSBUBJ1FjJxwxAVMXWCgqXUMIMltqEl4BClocVTw7bj4eBw9%2FBw0yW1QROzMOHEIqLVEASV8pUQ9JXi0HCEdUe1EMSVoqAw9CWSgGXEUOLgYfHw52Ck0EHDhHCjFJeSQcQio8FU5CVWUMWAQEKgxYFQAvA1deHDkNHEIqOxdKGB4uBlACCSgWHEIqblF%2FBAE7Rwo0XW5QDx4JPxVWAgduUX1DSXlUUB8fblF9QEl5VEoZGC5HCjQNLwRVCUl5VFpVXw9RHEJaOxJQVV8PUAhBWXtRDEVJeVRJEwVuUX1GXXxWCkBUeFEMVV59FhxDKHpUDEVcfVcORVhuUA8UCTgWHEMoIxZNAB9uUAxDLW5QDEIqblAMQiomA14JDj5MVxUYblAMQio5B10ZHi4BTRkCLEcLRV4NA3EiXCgqdEYgMlsKFF8oF1snOiADbjYBKjpzHCAmLE8SP3IPWCcUJy5DMh0uD1VDNhwSQxMGLFZaOAh4BkBJPylQcxgPJ1tOKTsFEHUdKjwDQEkBKjVBHEl5Vws2CnhbAEMOeFQAQgouUw5IXHhXAEYNKlQLRQ8vBwwSCS9EWhwOdgpNBBw4RwoxSXkkHEIqPBVOQlVlDFgEBCoMWBUALwNXXhw5DRxCKjsXShgeLgZQAgkoFhxCKm5RfwQBO0cKNF5uUA8eCT8VVgIHblF9Q0l5VFAfH25RfUBJeVRKGRguRwo0DS8EVQlJeVRaVV8PURxCWjsSUFVfD1AIQVl7UQxFSXlUSRMFblF9Rl18VgpAVHhRDFVefRYcQyh6VAxFXH1XDkVYblAPFAk4FhxDKCMWTQAfblAMQy1uUAxCKm5QDEIqJgNeCQ4%2BTFcVGG5QDEIqOQddGR4uAU0ZAixHC0VeDQNxIlwoKnRGIDJbChRfKBdbJzogA242ASo6cxwgJixPEj9yD1gnFCcuQzIdLg9VQzYcEkMTBixWWjgIeAZAST8pUHMYDydbTik7BRB1HSo8A0BJASo1QRxJeVcLNgp4WwBDDnhUAEIKLlMOSFx4VwBGDSpUC0UPLwcMEgkvRFgDDnYKTQQcOEcKMUl5JBxCKiYDXgkOPkxXFRhuUH8CCS8LSxUPPwtXF0l5JFg4PnsBcT1aBxsAQwh4AUwSOx0JWCcqJgNhOgAHD3cGDhhbVBE7Mw51Ci46B1QcXxE1SQoPIQUNEyQvUV0JVRgACzoEKA4ABzUcLEs8AQ0VWAlVJgNuCABuUH8WX3JbChJffVsLFgl6VQFAX35bDxENfVAMEwguV1sVCGlOGwMBLUADQUBpFlgXMyIGG0pOc1MBQlR9QBVSHz4AZhkIekADUl56UwxAX35XG1xOOBdbLwUvUBtKTnlTCEVceFcML1p%2BVAxBXX5AFVINJw5bUlZpCk0EHDhYFl8BKgVAEhllDFwEQzkHXRkeLgFNGQIsTVg4PnsBcT1aBxsAQwh4AUwSOx0JWCcqJgNhOgAHD3cGDhhbVBE7Mw51Ci46B1QcXxE1SQoPIQUNEyQvUV0JVRgACzoEKA4ABzUcLEs8AQ0VWAlVJgNuCABkBApJVXgACkZVeQRcQVtzUgpFVX0DWEZefgFdFVkpB11SQGkNW1JWaQpNBBw4WBZfGzwVC0lCJQNNGA0lA1wcCCoMFwAeJE1JBR8jEFwUBTkHWgRDdBZUAFF6RFcVGDwNSxtReERQHx92Uh8DBT8HBBEILQ5AVg92UR8AHCJfC0FdflIKRVltEloZUX1TDkRfe1oKQ1ltFgRBWn5XCUZZfFcNVgguEU1NBD8WSQNJeCMcQipuUH8dDSwbWwVCJQdNVV4NEFwUBTkHWgQFJQUcQioqKmtADwMvDzwVclFdQw8%2BAG4mByo1fx0NEyhVPAEFFFsjVSYDbggABxh7AQkmDgoqOzsYWhoLfwFxFF8vGwAjDnkoURMAchVgJyI5LlQ2GyobAB0NHBpVVV4NBApJVXgACkZVeQRcQVtzUgpFVX0DWEZefgFdFVkpB11SQGkBVRJOcUBRBBg7EQNfQzwVTkJVZQxYBAQqDFgVAC8DV14cOQ0WABk4CksVCCIQXBMYZF1NHRx2UB8eCT8VVgIHdlEfGQM4XwlWHyIWXE0NLwRVCUooXwpWHDsLBEJdelcJQ1l%2BREkTBXZUCEdYeFIBQ19%2BRE1NXX1XDEBaflUMREovB0oEUSMWTQAfblF4VV4NRws2ASoFQBIZZQxcBEl5JEsVCCIQXBMYIgxeVV4NA3EiXCgqdEYgMlsKFF8oF1snOiADbjYBKjpzHCAmLE8SP3IPWCcUJy5DMh0uD1VDNhwSQxMGLFZaOAh4BkBJPylQcxgPJ1tOKTsFEHUdKjwDQEkBKjVBHEl5JF9DVXJRW0NaclBfFV18WglDWXJUWBFaeVdaFAl%2BAFwUTmdAWAMOaVgbGBg%2FEkpKQ2QPWBcVKRcXHgk%2FTUsVCCIQXBMYIgxeXw0DMAkTJAZUdQlVeAYKExkpNW8bDRwkVBE0AQ51HSI9AGpJASo1QRwgMSBIFQEnUWMnHDEBUxdYKCpdQwgyW2oSXgEKWhxVPDtuPh4HD38HDTJbVBE7Mw4WFl9yWwoSX31bCxYJelUBQF9%2BWw8RDX1QDBMILldbFQhpHw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.27
Resource Hash

Request headers

Referer
https://www8.nathanaeldan.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
71a5575d3ca7ca67-YUL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gAD0glD8D34hb%2BKLWepf57jg7IDrZ74Na7AmS%2FM1uY9OAFT8I%2B4s8WN7U1vjid0ZkLi%2F62WxQte2ku0SZS%2FqvYPsuaAVDZJFeW7g%2Fd7C%2FflkpHqawpOrX5jwyhb%2BeQV%2FchkYcWswvcBhXxhx0Q59%2Bc1hKK3l"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed
/
www82.nathanaeldan.pro/pushredirect/
Redirect Chain
  • https://www8.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=2&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlL...
  • https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJl...
6 KB
3 KB
Document
General
Full URL
https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.27
Resource Hash
0892cc180f6cdabdac7c2366bae79aecb3038b3dd47ee668756ec5feea2f748b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
71a5575e4de8ca67-YUL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BYBzf98wSf%2BPq7j04HtswosFarjkuSh3fUH1MgliZPJnELcMVsFhaDl3HvHCHHhvTeeXuxjfS1wcyhnWS9bKEh62vvGODSKu4sxmiCmHDSVWofh9MiGgIytWizZQpyeGxHHtftt2WnS4FldbbLl56x6f%2FQm3"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
71a5575dcef47133-YUL
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PuqSDGQmkYq5kXEEgnVvqHkLLwzYebU%2FJfYE1PmPUyWCunMsvLWo7Cg%2BQB%2BmBaJHdJp7IqPbnA7jFEGfA6htW14vte87ByirbKJ%2BV7pCQBghrsQK2ApW1QSmiZY0GkkwGmQ6zkV9G5bN1TzYRfuJrx15tFU%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed
/
dc5k8fg5ioc8s.cloudfront.net/
163 KB
49 KB
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by
Host: www82.nathanaeldan.pro
URL: https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
7e6d4d8801a8144849709f2ae050ef40e951c40c3ee38dd4536b406f1e503962

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:54 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length
49631
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
P0ptJf8yhGc9E4hk_rpb_InGbcMRvejh7_XhqkK-5pKBdMd0jPv3pA==
logo.png
www82.nathanaeldan.pro/static/image/
10 KB
11 KB
Image
General
Full URL
https://www82.nathanaeldan.pro/static/image/logo.png
Requested by
Host: www82.nathanaeldan.pro
URL: https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:54 GMT
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10726
last-modified
Tue, 10 Nov 2020 09:44:06 GMT
server
cloudflare
etag
"29e6-5faa60e6-b22ed065d915c717;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BAXhK71ByD6JCkytDhYLthPXT8r48E1ONxyG0DKBQtHcFKuaZGnalGg9o8LJgJzSPJ0tHXvQDu4oDoX75eA6Ic3BXpyR05IVBRFsyxGBpvDLUnB3XY7nLahi9qZdKxdDUS3mVTu%2Fw9enb7W6rR54FVWaz3dX"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
71a5575ec9657133-YUL
expires
Sun, 19 Jun 2022 20:29:54 GMT
17a72af7-7cb1-4f49-bce5-18314b016d6d
player.ex.co/player/
0
100 B
Script
General
Full URL
https://player.ex.co/player/17a72af7-7cb1-4f49-bce5-18314b016d6d
Requested by
Host: www82.nathanaeldan.pro
URL: https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:54 GMT
via
1.1 varnish, 1.1 varnish
age
53660
x-cache
HIT, HIT
access-control-max-age
600
content-length
0
x-served-by
cache-iad-kcgs7200127-IAD, cache-yul12827-YUL
server
nginx
x-timer
S1655065794.370719,VS0,VE0
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
vary
x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot, x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-pb-reason
requested id was blocked
accept-ranges
bytes
access-control-allow-headers
Accept, Authorization, Content-Type
x-cache-hits
1, 5
am-push-cps.js
www82.nathanaeldan.pro/
92 KB
39 KB
Script
General
Full URL
https://www82.nathanaeldan.pro/am-push-cps.js?puid=21150355&clickid=21150355_191880&allb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed&ob=https%3A%2F%2Fwww22.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&clb=https%3A%2F%2Fwww22.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&asb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Requested by
Host: www82.nathanaeldan.pro
URL: https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1748a4dc17a0c9ce36d1653df23a75281d05842c3266452fd7bd01ed5351ebfe

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:54 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 10 Nov 2020 09:44:06 GMT
server
cloudflare
etag
W/"171ce-5faa60e6-c109d6004d840eb5;gz"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WktY6ied4p7RE3DGR8q%2FCnvuRFyquhnCswuLWaDMU2488lTwBMLqIXKrdxuS%2B%2BGNkIcwgSawqM9UdA6DIalB2m1vLhqXMYfRstTqdE%2BvKdFZ92CRGM%2ByNEcIuY7beTUSQ2qXSOOgtwPNneW0wtuWwgaHcfAJ"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
71a5575ed9727133-YUL
expires
Sun, 19 Jun 2022 20:21:20 GMT
ZlJ0cGkdcAcHNhMgGFJTRDoABBkVaFtfHhElTEJHCDMAGAgIMxEcDQc8WgAbCX0VHUQWJwcYRAUiB14DFW0EBQACb0ZBWFNiR0VcQDEYGQoNOxBNW1djQUBaU2crQVBXakxATwc%2BGBJUDiYAABpDYTVVWyB3RjYEBzUNEhxIPBEETFQUBhUNDyAREx0PPBNVWyA...
sinaunrelean.info/
59 KB
24 KB
Script
General
Full URL
https://sinaunrelean.info/ZlJ0cGkdcAcHNhMgGFJTRDoABBkVaFtfHhElTEJHCDMAGAgIMxEcDQc8WgAbCX0VHUQWJwcYRAUiB14DFW0EBQACb0ZBWFNiR0VcQDEYGQoNOxBNW1djQUBaU2crQVBXakxATwc%2BGBJUDiYAABpDYTVVWyB3RjYEBzUNEhxIPBEETFQUBhUNDyAREx0PPBNVWyAzPCJZBRo5RiUfa0cUWgUnFic%2FDTMjNgQHCj4cJQscAhI6Xz8VJxEKHg4yGAM%2FGEMzMSIOEwMBZhc4DVU2DUk6BGA%2BGAoKawMpPiggOB0vETMNSQQHBQwcTFQUEkNQX2EWQ19fYBIVWFFqRENcX2QVEV9UZxcUDFMwERRPCTBJGB0SIgdVWid3RjZMVBQDBx5UYFoeCBI6FR4IAz4QEQdIIgYfTFQUBAUaDiARFAAUNxcETFQUUUMvEj8EVVoiY1FCXwg3AAcGFDlRQy1Vd0ZGAAkhUUMtVndGRhoPJhFVWiIzEBYFH3dGRgpDYTBETFRkBAAAQ2EwQlhXZ0RDXFN3RkYZBTtRQy1QY0NEWlZqR0NcQ2BCBExVFkVGXFNiQkVeU2ZRQl8CNwcETFUWHAQdFiFRQlxVE1FCXFQUUUJcVBQZEQ4fMAFeBwMmUUJcVBQGFQ0PIBETHQ88E1VbU2AyESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCndGRVsgNEdJUFUwR0ZQVDQRQV5eYkdFUFAzFUZbUzEQFVwENxBWCgowSRgdEiIHVVond0Y2TFQUAwceVGBaHggSOhUeCAM%2BEBEHSCIGH0xUFAQFGg4gERQAFDcXBExUFFFDLxI%2FBFVaImBRQl8INwAHBhQ5UUMtVXdGRgAJIVFDLVZ3RkYaDyYRVVoiMxAWBR93RkYKQ2EwRExUZAQAAENhMEJYV2dEQ1xTd0ZGGQU7UUMtUGNDRFpWakdDXENgQgRMVRZFRlxTYkJFXlNmUUJfAjcHBExVFhwEHRYhUUJcVRNRQlxUFFFCXFQUGREOHzABXgcDJlFCXFQUBhUNDyAREx0PPBNVW1NgMhEhNGIXOCRQHg1JWgJhFwULMQQfET4gPxUoIwoeGT4fBAFNHQgxKhg8EyQjER0FVQgjABMFOBNECi42RxQQXwEWQiMOMRhJHj8FOgIlCxQDERBfPxUnEQp3RkVbIDRHSVBVMEdGUFQ0EUFeXmJHRVBQMxVGW1MxEBVcBDcQVggVMEkYHRIiB1VaJ3dGNkxUFBkRDh8wAV4HAyZRQi8UNxAZGwMxABkHAXdGNgguAEQTIStkOAlQVTZHExwEBSIbCDEUGRExLD44HScQMCdJBAcFDBwlHBAFFQQKYS4nGRwxHhddBRoQQw0faycSWyw6FxxQEQsjPhsqPzIHCB9rGRE%2BHj5RQi8AYU1JWgRhQklbADdFR1FWYUFJXwczQkJcBTYRRQsDNlZcSxU%2FElJTV35WBAgBDR0US1xwTEFRVGpCUkVEIQESNg82RVJTRGBFQVxWYUFFS0pwBwULOTsQQktccEZBWFNiR0VcOWNNQVFeYlZcSwc%2BGBJLXHAcBB0WIU5fRgszEwkLE3waFR1JIBEUABQ3FwQACDVbESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCn0SQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBsSS1xwHAQdFiFOX0YRJQNCW0g8FQQBBzwVFQUCMxpeGRQ9WwAcFToGFQ0PIBETHUltAB0ZW2NSHgwSJRsCAlthUhkGFW9EVhoPJhFNCAI0GAlPBW9AVhkWO0lCWFdnRENcU3QEEwBbZEVHXVViTENaU3QATVhQZ0FAX1NlQURPAjcHBFQOJgAAGkNhNVVbIHdGNgQHNQ0SHEg8EQRMVBQGFQ0PIBETHQ88E1VbIDM8IlkFGjlGJR9rRxRaBScWJz8NMyM2BAcKPhwlCxwCEjpfPxUnEQoeDjIYAz8YQzMxIg4TAwFmFzgNVTYNSToEYD4YCgprAyk%2BKCA4HS8RMw1JBAcFDBxMVBQSQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBccC0RoVhgdEiIHSkZJJQMHW1R8GhEdDjMaEQwKNhUeRxYgG18ZEyEcAgwCOwYVChJ9SwQEFm9GVgcDJgMfGw1vR1YACSFJQE8VOwAVVAc2EhwQQDFJRE8WIh1NW1djQUBaU2dSAAoPb0JBXlJhREhaVWdSBFRXZEFFWVBnQ0VdQDYRAx1bOgAEGRV3RzFMVBRRQi8LMxMJCxN8GhUdQ2AyAgwCOwYVChI7GhdMVBQVODtWMTw9XyorTUMNVTEBEj4wORUnLwszLDoFKj86Bgs1axkRPh4%2BOAorFzcZHFo8BQQKCgw1QBMhAmEQCVA1MEY6AQU%2BTQcwMRwGPAQgJRUJUAszIwgFQ2AyFlpfa0cSWlBrRhYMV2VMQFpTa0IRCFBgQRMNA2cWFQ1EflYRGgRwTlIBEiYEA1NJfRkRDh8wAV4HAyZbAgwCOwYVChI7GhdGBxomQAouH0I8EF9hEEMKEzAjJgIHBTIdCD4YGDwEKCQWI1ALMyMIBSooNgEMCz5HKj4WKBcaDlIxPBRaAitNIwtUGBwTBV8lLScnFB4ZNh4HK00dCDEqGF8PVWtNQwtVZE1CDwNjQ0hZVWdNRggHZEZFCgI3QRIMAnAJ
Requested by
Host: www82.nathanaeldan.pro
URL: https://www82.nathanaeldan.pro/am-push-cps.js?puid=21150355&clickid=21150355_191880&allb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed&ob=https%3A%2F%2Fwww22.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&clb=https%3A%2F%2Fwww22.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&asb=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/ Express
Resource Hash
aea6893b716408ae967885cd019107db9981f8f90b75b426820f9970a1dd2f83

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"eb45-QSfWUMN2MdgQ7ewwwEWYxewXLUU"
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
asd100.bin
freychang.fun/
100 KB
101 KB
Fetch
General
Full URL
https://freychang.fun/asd100.bin
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:54 GMT
access-control-allow-methods
GET
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6446
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sun, 12 Jun 2022 18:42:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vD1l2YTc%2FJWuGa%2FNrVa30Mm02e%2BHe0BtWyDTMIpB7dnuWFs97YoTifDb6FetbSYYQPf1JwFwLjIJA2MUCumLOuIA%2FcjajMT6kj6aftwfTNwdb0A3r7E0aeqCiyG66gcLC4SmWWweayX94Qy6"}],"group":"cf-nel","max_age":604800}
content-type
binary/octet-stream
access-control-allow-origin
https://www82.nathanaeldan.pro
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
71a5575fad4bece2-YUL
access-control-allow-headers
X-Requested-With, content-type
/
freychang.fun/
26 B
618 B
Fetch
General
Full URL
https://freychang.fun/
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd5e6093c607e9b1b2906aa2f746ce4bc2dac857f095e86bcc45e33a9c4b0793

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:54 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
https://www82.nathanaeldan.pro
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cWM61CeH5rmNGjprXZWOQ7edMDnM826w4pGDvLL2LMi4uxxuVpwfDjykaqVQGIpefst155ER6bchupzWB2AJ0%2BIwj8Nr4sSI2nmWOBMWmAq%2B0aWig008UwmLtNRnZOUQuYOQ1DUXhIQM230o"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
71a5575fad4eece2-YUL
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
ustingexcelle.xyz/
0
494 B
XHR
General
Full URL
https://ustingexcelle.xyz/utx?cb=RJshJTtSMPkK&top=www82.nathanaeldan.pro&tid=824473
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:54 GMT
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www82.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
pTa5EIgNcB-E0jXej9ZTrwm9aXMKsCRzr_nafs0oCfajaviQuZ8r-Q==
ND90H0AkCnUFFSUncC4bIFV4ACs2IwApBicgQwYSQzNkOCYgQFkYHh8WDhJDPw0LLQc+MnIA
ustingexcelle.xyz/cXFmM2sQEwVeVBBMBBUeAx1bFlk3VFR1DxJEDQsNFkQPXAhJAkhQBx4EAlUZHh8SHQUUBUMBLRonM2UvKEI3ASAYQSBgEjQCLAJePCtVdVgnNAJJJwswK3QCJ0UpXy5HIQgDLTclFXEpMhkgcihJGQBfJSI+NWIfMzQKSSIyQSdgPCMbL1Q... Frame A85D
3 KB
2 KB
Document
General
Full URL
https://ustingexcelle.xyz/cXFmM2sQEwVeVBBMBBUeAx1bFlk3VFR1DxJEDQsNFkQPXAhJAkhQBx4EAlUZHh8SHQUUBUMBLRonM2UvKEI3ASAYQSBgEjQCLAJePCtVdVgnNAJJJwswK3QCJ0UpXy5HIQgDLTclFXEpMhkgcihJGQBfJSI+NWIfMzQKSSIyQSdgPCMbL1QIJhAudQc3BjcFJx9FMXQBNBYsYgQQPCV1BzcZMFwgMgY8ez8aAS9YMTY0VXEfJEAgXQ8mAjN7PwIZKnE6ORIuVxE1ICRED0I/NWEjBUA8XypDEi5XETczVgQIQhUhYRMVFgVlJjwoVXUaIxo8XyE1XCtnLDUwH3kMNBc2dy0cJDJ5DBUfNH05Qz8BUD0/EjZaW0I1DlscFQYkdDkcJBZ4DBYjBXsPCzMkdlk9GB54PiYVV3oqAjYpWgwcIw1qPxU5KGE8HCcUVwc/ND90H0AkCnUFFSUncC4bIFV4ACs2IwApBicgQwYSQzNkOCYgQFkYHh8WDhJDPw0LLQc+MnIA
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
da7b582e630fc05502d97200b6c884671f54f69d0bb131918b55cb94640b6065

Request headers

Referer
https://www82.nathanaeldan.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1231
content-type
text/html
date
Sun, 12 Jun 2022 20:29:54 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
x-amz-cf-id
BLx-RZOedhlIR8WMyIWFiEkK9NoaNC2szOBAUpdTTwSo7ab-qGFqlg==
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
R1lKB3pYTRgCJg5WXVQ3HR8AT3ZfXllCcVxcVUZyWV8
quiremuken.xyz/bHJHaWtDTSQaVg01AR0JASgiP1oEERFYEz0qdhEOO0MrCDwAEWEdAghPf1tfWEV0TxsFFnpaWUoBMwgfGQF6WE0FHCEGVkoEellFVFx/
0
472 B
Image
General
Full URL
https://quiremuken.xyz/bHJHaWtDTSQaVg01AR0JASgiP1oEERFYEz0qdhEOO0MrCDwAEWEdAghPf1tfWEV0TxsFFnpaWUoBMwgfGQF6WE0FHCEGVkoEellFVFx/R1lKB3pYTRgCJg5WXVQ3HR8AT3ZfXllCcVxcVUZyWV8
Requested by
Host: www82.nathanaeldan.pro
URL: https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2FcMweAPl693UE5CU6f5V9XKMvlYNtDoA0v9Z6fZH2rPMslM04jBmsx2kbJm9bsnXCzebs4yAbXVFUuXpdmoXQiX6WdtgCUNObRYtC4T86%2BiUebTUdYaojajTQLrLLMfz9qanm99HnIsX1sCmw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a5575fbd77ecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
RTk7MwwhVg0+PklIS2NuQ0NfJzMQTUplfAcEGCMvB01LZ2pDVhA5PBtNS3EsSUBXb3RMXktxL0lBXyMqFRdEZnwEBA07Z0VGTGJqQkVObm5BQE0
quiremuken.xyz/eVdadHBWaDkHTSoQNUYhLgV/RjIhFhQOJiEvODY4NzQ/
0
473 B
Image
General
Full URL
https://quiremuken.xyz/eVdadHBWaDkHTSoQNUYhLgV/RjIhFhQOJiEvODY4NzQ/RTk7MwwhVg0+PklIS2NuQ0NfJzMQTUplfAcEGCMvB01LZ2pDVhA5PBtNS3EsSUBXb3RMXktxL0lBXyMqFRdEZnwEBA07Z0VGTGJqQkVObm5BQE0
Requested by
Host: www82.nathanaeldan.pro
URL: https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:54 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vyi95ccKUDvc1bkcAElnKI%2FtaGNBbcGkezCBlRKXHBqSnvT9mL%2FTFbguQqtAc3vsdvZMNwoEEJ2m%2BZ5sVruhdlNofF350LtFgrPLiwk0EFlvwTEF03vcKn6PiQOWsudR3XXfo0YytEIShyFeVg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a5575fbd79ecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
ustingexcelle.xyz/
0
496 B
XHR
General
Full URL
https://ustingexcelle.xyz/utx?tid=818286&top=www82.nathanaeldan.pro&cb=iAGvhGJGzWgb
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/ZlJ0cGkdcAcHNhMgGFJTRDoABBkVaFtfHhElTEJHCDMAGAgIMxEcDQc8WgAbCX0VHUQWJwcYRAUiB14DFW0EBQACb0ZBWFNiR0VcQDEYGQoNOxBNW1djQUBaU2crQVBXakxATwc%2BGBJUDiYAABpDYTVVWyB3RjYEBzUNEhxIPBEETFQUBhUNDyAREx0PPBNVWyAzPCJZBRo5RiUfa0cUWgUnFic%2FDTMjNgQHCj4cJQscAhI6Xz8VJxEKHg4yGAM%2FGEMzMSIOEwMBZhc4DVU2DUk6BGA%2BGAoKawMpPiggOB0vETMNSQQHBQwcTFQUEkNQX2EWQ19fYBIVWFFqRENcX2QVEV9UZxcUDFMwERRPCTBJGB0SIgdVWid3RjZMVBQDBx5UYFoeCBI6FR4IAz4QEQdIIgYfTFQUBAUaDiARFAAUNxcETFQUUUMvEj8EVVoiY1FCXwg3AAcGFDlRQy1Vd0ZGAAkhUUMtVndGRhoPJhFVWiIzEBYFH3dGRgpDYTBETFRkBAAAQ2EwQlhXZ0RDXFN3RkYZBTtRQy1QY0NEWlZqR0NcQ2BCBExVFkVGXFNiQkVeU2ZRQl8CNwcETFUWHAQdFiFRQlxVE1FCXFQUUUJcVBQZEQ4fMAFeBwMmUUJcVBQGFQ0PIBETHQ88E1VbU2AyESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCndGRVsgNEdJUFUwR0ZQVDQRQV5eYkdFUFAzFUZbUzEQFVwENxBWCgowSRgdEiIHVVond0Y2TFQUAwceVGBaHggSOhUeCAM%2BEBEHSCIGH0xUFAQFGg4gERQAFDcXBExUFFFDLxI%2FBFVaImBRQl8INwAHBhQ5UUMtVXdGRgAJIVFDLVZ3RkYaDyYRVVoiMxAWBR93RkYKQ2EwRExUZAQAAENhMEJYV2dEQ1xTd0ZGGQU7UUMtUGNDRFpWakdDXENgQgRMVRZFRlxTYkJFXlNmUUJfAjcHBExVFhwEHRYhUUJcVRNRQlxUFFFCXFQUGREOHzABXgcDJlFCXFQUBhUNDyAREx0PPBNVW1NgMhEhNGIXOCRQHg1JWgJhFwULMQQfET4gPxUoIwoeGT4fBAFNHQgxKhg8EyQjER0FVQgjABMFOBNECi42RxQQXwEWQiMOMRhJHj8FOgIlCxQDERBfPxUnEQp3RkVbIDRHSVBVMEdGUFQ0EUFeXmJHRVBQMxVGW1MxEBVcBDcQVggVMEkYHRIiB1VaJ3dGNkxUFBkRDh8wAV4HAyZRQi8UNxAZGwMxABkHAXdGNgguAEQTIStkOAlQVTZHExwEBSIbCDEUGRExLD44HScQMCdJBAcFDBwlHBAFFQQKYS4nGRwxHhddBRoQQw0faycSWyw6FxxQEQsjPhsqPzIHCB9rGRE%2BHj5RQi8AYU1JWgRhQklbADdFR1FWYUFJXwczQkJcBTYRRQsDNlZcSxU%2FElJTV35WBAgBDR0US1xwTEFRVGpCUkVEIQESNg82RVJTRGBFQVxWYUFFS0pwBwULOTsQQktccEZBWFNiR0VcOWNNQVFeYlZcSwc%2BGBJLXHAcBB0WIU5fRgszEwkLE3waFR1JIBEUABQ3FwQACDVbESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCn0SQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBsSS1xwHAQdFiFOX0YRJQNCW0g8FQQBBzwVFQUCMxpeGRQ9WwAcFToGFQ0PIBETHUltAB0ZW2NSHgwSJRsCAlthUhkGFW9EVhoPJhFNCAI0GAlPBW9AVhkWO0lCWFdnRENcU3QEEwBbZEVHXVViTENaU3QATVhQZ0FAX1NlQURPAjcHBFQOJgAAGkNhNVVbIHdGNgQHNQ0SHEg8EQRMVBQGFQ0PIBETHQ88E1VbIDM8IlkFGjlGJR9rRxRaBScWJz8NMyM2BAcKPhwlCxwCEjpfPxUnEQoeDjIYAz8YQzMxIg4TAwFmFzgNVTYNSToEYD4YCgprAyk%2BKCA4HS8RMw1JBAcFDBxMVBQSQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBccC0RoVhgdEiIHSkZJJQMHW1R8GhEdDjMaEQwKNhUeRxYgG18ZEyEcAgwCOwYVChJ9SwQEFm9GVgcDJgMfGw1vR1YACSFJQE8VOwAVVAc2EhwQQDFJRE8WIh1NW1djQUBaU2dSAAoPb0JBXlJhREhaVWdSBFRXZEFFWVBnQ0VdQDYRAx1bOgAEGRV3RzFMVBRRQi8LMxMJCxN8GhUdQ2AyAgwCOwYVChI7GhdMVBQVODtWMTw9XyorTUMNVTEBEj4wORUnLwszLDoFKj86Bgs1axkRPh4%2BOAorFzcZHFo8BQQKCgw1QBMhAmEQCVA1MEY6AQU%2BTQcwMRwGPAQgJRUJUAszIwgFQ2AyFlpfa0cSWlBrRhYMV2VMQFpTa0IRCFBgQRMNA2cWFQ1EflYRGgRwTlIBEiYEA1NJfRkRDh8wAV4HAyZbAgwCOwYVChI7GhdGBxomQAouH0I8EF9hEEMKEzAjJgIHBTIdCD4YGDwEKCQWI1ALMyMIBSooNgEMCz5HKj4WKBcaDlIxPBRaAitNIwtUGBwTBV8lLScnFB4ZNh4HK00dCDEqGF8PVWtNQwtVZE1CDwNjQ0hZVWdNRggHZEZFCgI3QRIMAnAJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www82.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:54 GMT
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www82.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
1F7smXVmYCQOeyH73kAsVj5UBZES7vNEvZiu-BktttxMMaTzGlAD8g==
kVUVDY3Q2Ki0FSyEsJ15MZ3F3VEdzLzAMGiV4OlE6Pn0FFTsBBChFAC8hflNSOSQtBElzIC0ASWRjIgcWaHFlFwQ6Ln4WGjEgJQoaMCFlFhVoKCwZHTkpIkZGE3BtU1FndWsUHTshLBQHcHdzDQBwd3NSRHt1ZlA2cHdzFB07c3dGRxdgcVMMY3FqRkZlJD-MTGDA...
dc5k8fg5ioc8s.cloudfront.net/ Frame A85D
415 B
612 B
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/kVUVDY3Q2Ki0FSyEsJ15MZ3F3VEdzLzAMGiV4OlE6Pn0FFTsBBChFAC8hflNSOSQtBElzIC0ASWRjIgcWaHFlFwQ6Ln4WGjEgJQoaMCFlFhVoKCwZHTkpIkZGE3BtU1FndWsUHTshLBQHcHdzDQBwd3NSRHt1ZlA2cHdzFB07c3dGRxdgcVMMY3FqRkZlJD-MTGDAyJgEfPDFmUTJgdnRNR2NgcVNcPi03DhhwdwBGRmUpKggRcHdzBBE2LixKUWd1IAsGOigmRkYTdHNRWmVrdlNEYGt1UlFndTACEjQ3KkZGE3BwVFpmc2UWSWQ
Requested by
Host: ustingexcelle.xyz
URL: https://ustingexcelle.xyz/cXFmM2sQEwVeVBBMBBUeAx1bFlk3VFR1DxJEDQsNFkQPXAhJAkhQBx4EAlUZHh8SHQUUBUMBLRonM2UvKEI3ASAYQSBgEjQCLAJePCtVdVgnNAJJJwswK3QCJ0UpXy5HIQgDLTclFXEpMhkgcihJGQBfJSI+NWIfMzQKSSIyQSdgPCMbL1QIJhAudQc3BjcFJx9FMXQBNBYsYgQQPCV1BzcZMFwgMgY8ez8aAS9YMTY0VXEfJEAgXQ8mAjN7PwIZKnE6ORIuVxE1ICRED0I/NWEjBUA8XypDEi5XETczVgQIQhUhYRMVFgVlJjwoVXUaIxo8XyE1XCtnLDUwH3kMNBc2dy0cJDJ5DBUfNH05Qz8BUD0/EjZaW0I1DlscFQYkdDkcJBZ4DBYjBXsPCzMkdlk9GB54PiYVV3oqAjYpWgwcIw1qPxU5KGE8HCcUVwc/ND90H0AkCnUFFSUncC4bIFV4ACs2IwApBicgQwYSQzNkOCYgQFkYHh8WDhJDPw0LLQc+MnIA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
f67d069adc9e81535fe3c050dd1b9e793fb278f3df8d2fa379e0a89693df83be

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ustingexcelle.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:54 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=31556926
content-length
336
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
Hc8Ey13CHmW0yx05e9-DKNuijTKOAcE_UBj3hfn00BcCdeSxglxs-Q==
/
biscussexbug.xyz/
0
36 B
XHR
General
Full URL
https://biscussexbug.xyz/
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/ZlJ0cGkdcAcHNhMgGFJTRDoABBkVaFtfHhElTEJHCDMAGAgIMxEcDQc8WgAbCX0VHUQWJwcYRAUiB14DFW0EBQACb0ZBWFNiR0VcQDEYGQoNOxBNW1djQUBaU2crQVBXakxATwc%2BGBJUDiYAABpDYTVVWyB3RjYEBzUNEhxIPBEETFQUBhUNDyAREx0PPBNVWyAzPCJZBRo5RiUfa0cUWgUnFic%2FDTMjNgQHCj4cJQscAhI6Xz8VJxEKHg4yGAM%2FGEMzMSIOEwMBZhc4DVU2DUk6BGA%2BGAoKawMpPiggOB0vETMNSQQHBQwcTFQUEkNQX2EWQ19fYBIVWFFqRENcX2QVEV9UZxcUDFMwERRPCTBJGB0SIgdVWid3RjZMVBQDBx5UYFoeCBI6FR4IAz4QEQdIIgYfTFQUBAUaDiARFAAUNxcETFQUUUMvEj8EVVoiY1FCXwg3AAcGFDlRQy1Vd0ZGAAkhUUMtVndGRhoPJhFVWiIzEBYFH3dGRgpDYTBETFRkBAAAQ2EwQlhXZ0RDXFN3RkYZBTtRQy1QY0NEWlZqR0NcQ2BCBExVFkVGXFNiQkVeU2ZRQl8CNwcETFUWHAQdFiFRQlxVE1FCXFQUUUJcVBQZEQ4fMAFeBwMmUUJcVBQGFQ0PIBETHQ88E1VbU2AyESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCndGRVsgNEdJUFUwR0ZQVDQRQV5eYkdFUFAzFUZbUzEQFVwENxBWCgowSRgdEiIHVVond0Y2TFQUAwceVGBaHggSOhUeCAM%2BEBEHSCIGH0xUFAQFGg4gERQAFDcXBExUFFFDLxI%2FBFVaImBRQl8INwAHBhQ5UUMtVXdGRgAJIVFDLVZ3RkYaDyYRVVoiMxAWBR93RkYKQ2EwRExUZAQAAENhMEJYV2dEQ1xTd0ZGGQU7UUMtUGNDRFpWakdDXENgQgRMVRZFRlxTYkJFXlNmUUJfAjcHBExVFhwEHRYhUUJcVRNRQlxUFFFCXFQUGREOHzABXgcDJlFCXFQUBhUNDyAREx0PPBNVW1NgMhEhNGIXOCRQHg1JWgJhFwULMQQfET4gPxUoIwoeGT4fBAFNHQgxKhg8EyQjER0FVQgjABMFOBNECi42RxQQXwEWQiMOMRhJHj8FOgIlCxQDERBfPxUnEQp3RkVbIDRHSVBVMEdGUFQ0EUFeXmJHRVBQMxVGW1MxEBVcBDcQVggVMEkYHRIiB1VaJ3dGNkxUFBkRDh8wAV4HAyZRQi8UNxAZGwMxABkHAXdGNgguAEQTIStkOAlQVTZHExwEBSIbCDEUGRExLD44HScQMCdJBAcFDBwlHBAFFQQKYS4nGRwxHhddBRoQQw0faycSWyw6FxxQEQsjPhsqPzIHCB9rGRE%2BHj5RQi8AYU1JWgRhQklbADdFR1FWYUFJXwczQkJcBTYRRQsDNlZcSxU%2FElJTV35WBAgBDR0US1xwTEFRVGpCUkVEIQESNg82RVJTRGBFQVxWYUFFS0pwBwULOTsQQktccEZBWFNiR0VcOWNNQVFeYlZcSwc%2BGBJLXHAcBB0WIU5fRgszEwkLE3waFR1JIBEUABQ3FwQACDVbESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCn0SQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBsSS1xwHAQdFiFOX0YRJQNCW0g8FQQBBzwVFQUCMxpeGRQ9WwAcFToGFQ0PIBETHUltAB0ZW2NSHgwSJRsCAlthUhkGFW9EVhoPJhFNCAI0GAlPBW9AVhkWO0lCWFdnRENcU3QEEwBbZEVHXVViTENaU3QATVhQZ0FAX1NlQURPAjcHBFQOJgAAGkNhNVVbIHdGNgQHNQ0SHEg8EQRMVBQGFQ0PIBETHQ88E1VbIDM8IlkFGjlGJR9rRxRaBScWJz8NMyM2BAcKPhwlCxwCEjpfPxUnEQoeDjIYAz8YQzMxIg4TAwFmFzgNVTYNSToEYD4YCgprAyk%2BKCA4HS8RMw1JBAcFDBxMVBQSQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBccC0RoVhgdEiIHSkZJJQMHW1R8GhEdDjMaEQwKNhUeRxYgG18ZEyEcAgwCOwYVChJ9SwQEFm9GVgcDJgMfGw1vR1YACSFJQE8VOwAVVAc2EhwQQDFJRE8WIh1NW1djQUBaU2dSAAoPb0JBXlJhREhaVWdSBFRXZEFFWVBnQ0VdQDYRAx1bOgAEGRV3RzFMVBRRQi8LMxMJCxN8GhUdQ2AyAgwCOwYVChI7GhdMVBQVODtWMTw9XyorTUMNVTEBEj4wORUnLwszLDoFKj86Bgs1axkRPh4%2BOAorFzcZHFo8BQQKCgw1QBMhAmEQCVA1MEY6AQU%2BTQcwMRwGPAQgJRUJUAszIwgFQ2AyFlpfa0cSWlBrRhYMV2VMQFpTa0IRCFBgQRMNA2cWFQ1EflYRGgRwTlIBEiYEA1NJfRkRDh8wAV4HAyZbAgwCOwYVChI7GhdGBxomQAouH0I8EF9hEEMKEzAjJgIHBTIdCD4YGDwEKCQWI1ALMyMIBSooNgEMCz5HKj4WKBcaDlIxPBRaAitNIwtUGBwTBV8lLScnFB4ZNh4HK00dCDEqGF8PVWtNQwtVZE1CDwNjQ0hZVWdNRggHZEZFCgI3QRIMAnAJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www82.nathanaeldan.pro/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
content-length
0
/
biscussexbug.xyz/
0
36 B
XHR
General
Full URL
https://biscussexbug.xyz/
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/ZlJ0cGkdcAcHNhMgGFJTRDoABBkVaFtfHhElTEJHCDMAGAgIMxEcDQc8WgAbCX0VHUQWJwcYRAUiB14DFW0EBQACb0ZBWFNiR0VcQDEYGQoNOxBNW1djQUBaU2crQVBXakxATwc%2BGBJUDiYAABpDYTVVWyB3RjYEBzUNEhxIPBEETFQUBhUNDyAREx0PPBNVWyAzPCJZBRo5RiUfa0cUWgUnFic%2FDTMjNgQHCj4cJQscAhI6Xz8VJxEKHg4yGAM%2FGEMzMSIOEwMBZhc4DVU2DUk6BGA%2BGAoKawMpPiggOB0vETMNSQQHBQwcTFQUEkNQX2EWQ19fYBIVWFFqRENcX2QVEV9UZxcUDFMwERRPCTBJGB0SIgdVWid3RjZMVBQDBx5UYFoeCBI6FR4IAz4QEQdIIgYfTFQUBAUaDiARFAAUNxcETFQUUUMvEj8EVVoiY1FCXwg3AAcGFDlRQy1Vd0ZGAAkhUUMtVndGRhoPJhFVWiIzEBYFH3dGRgpDYTBETFRkBAAAQ2EwQlhXZ0RDXFN3RkYZBTtRQy1QY0NEWlZqR0NcQ2BCBExVFkVGXFNiQkVeU2ZRQl8CNwcETFUWHAQdFiFRQlxVE1FCXFQUUUJcVBQZEQ4fMAFeBwMmUUJcVBQGFQ0PIBETHQ88E1VbU2AyESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCndGRVsgNEdJUFUwR0ZQVDQRQV5eYkdFUFAzFUZbUzEQFVwENxBWCgowSRgdEiIHVVond0Y2TFQUAwceVGBaHggSOhUeCAM%2BEBEHSCIGH0xUFAQFGg4gERQAFDcXBExUFFFDLxI%2FBFVaImBRQl8INwAHBhQ5UUMtVXdGRgAJIVFDLVZ3RkYaDyYRVVoiMxAWBR93RkYKQ2EwRExUZAQAAENhMEJYV2dEQ1xTd0ZGGQU7UUMtUGNDRFpWakdDXENgQgRMVRZFRlxTYkJFXlNmUUJfAjcHBExVFhwEHRYhUUJcVRNRQlxUFFFCXFQUGREOHzABXgcDJlFCXFQUBhUNDyAREx0PPBNVW1NgMhEhNGIXOCRQHg1JWgJhFwULMQQfET4gPxUoIwoeGT4fBAFNHQgxKhg8EyQjER0FVQgjABMFOBNECi42RxQQXwEWQiMOMRhJHj8FOgIlCxQDERBfPxUnEQp3RkVbIDRHSVBVMEdGUFQ0EUFeXmJHRVBQMxVGW1MxEBVcBDcQVggVMEkYHRIiB1VaJ3dGNkxUFBkRDh8wAV4HAyZRQi8UNxAZGwMxABkHAXdGNgguAEQTIStkOAlQVTZHExwEBSIbCDEUGRExLD44HScQMCdJBAcFDBwlHBAFFQQKYS4nGRwxHhddBRoQQw0faycSWyw6FxxQEQsjPhsqPzIHCB9rGRE%2BHj5RQi8AYU1JWgRhQklbADdFR1FWYUFJXwczQkJcBTYRRQsDNlZcSxU%2FElJTV35WBAgBDR0US1xwTEFRVGpCUkVEIQESNg82RVJTRGBFQVxWYUFFS0pwBwULOTsQQktccEZBWFNiR0VcOWNNQVFeYlZcSwc%2BGBJLXHAcBB0WIU5fRgszEwkLE3waFR1JIBEUABQ3FwQACDVbESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCn0SQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBsSS1xwHAQdFiFOX0YRJQNCW0g8FQQBBzwVFQUCMxpeGRQ9WwAcFToGFQ0PIBETHUltAB0ZW2NSHgwSJRsCAlthUhkGFW9EVhoPJhFNCAI0GAlPBW9AVhkWO0lCWFdnRENcU3QEEwBbZEVHXVViTENaU3QATVhQZ0FAX1NlQURPAjcHBFQOJgAAGkNhNVVbIHdGNgQHNQ0SHEg8EQRMVBQGFQ0PIBETHQ88E1VbIDM8IlkFGjlGJR9rRxRaBScWJz8NMyM2BAcKPhwlCxwCEjpfPxUnEQoeDjIYAz8YQzMxIg4TAwFmFzgNVTYNSToEYD4YCgprAyk%2BKCA4HS8RMw1JBAcFDBxMVBQSQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBccC0RoVhgdEiIHSkZJJQMHW1R8GhEdDjMaEQwKNhUeRxYgG18ZEyEcAgwCOwYVChJ9SwQEFm9GVgcDJgMfGw1vR1YACSFJQE8VOwAVVAc2EhwQQDFJRE8WIh1NW1djQUBaU2dSAAoPb0JBXlJhREhaVWdSBFRXZEFFWVBnQ0VdQDYRAx1bOgAEGRV3RzFMVBRRQi8LMxMJCxN8GhUdQ2AyAgwCOwYVChI7GhdMVBQVODtWMTw9XyorTUMNVTEBEj4wORUnLwszLDoFKj86Bgs1axkRPh4%2BOAorFzcZHFo8BQQKCgw1QBMhAmEQCVA1MEY6AQU%2BTQcwMRwGPAQgJRUJUAszIwgFQ2AyFlpfa0cSWlBrRhYMV2VMQFpTa0IRCFBgQRMNA2cWFQ1EflYRGgRwTlIBEiYEA1NJfRkRDh8wAV4HAyZbAgwCOwYVChI7GhdGBxomQAouH0I8EF9hEEMKEzAjJgIHBTIdCD4YGDwEKCQWI1ALMyMIBSooNgEMCz5HKj4WKBcaDlIxPBRaAitNIwtUGBwTBV8lLScnFB4ZNh4HK00dCDEqGF8PVWtNQwtVZE1CDwNjQ0hZVWdNRggHZEZFCgI3QRIMAnAJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.195.137.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-195-137-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www82.nathanaeldan.pro/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
content-length
0
/
www22.nathanaeldan.pro/pushredirect/
118 B
371 B
Document
General
Full URL
https://www22.nathanaeldan.pro/pushredirect/?tmp=2&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Requested by
Host: sinaunrelean.info
URL: https://sinaunrelean.info/ZlJ0cGkdcAcHNhMgGFJTRDoABBkVaFtfHhElTEJHCDMAGAgIMxEcDQc8WgAbCX0VHUQWJwcYRAUiB14DFW0EBQACb0ZBWFNiR0VcQDEYGQoNOxBNW1djQUBaU2crQVBXakxATwc%2BGBJUDiYAABpDYTVVWyB3RjYEBzUNEhxIPBEETFQUBhUNDyAREx0PPBNVWyAzPCJZBRo5RiUfa0cUWgUnFic%2FDTMjNgQHCj4cJQscAhI6Xz8VJxEKHg4yGAM%2FGEMzMSIOEwMBZhc4DVU2DUk6BGA%2BGAoKawMpPiggOB0vETMNSQQHBQwcTFQUEkNQX2EWQ19fYBIVWFFqRENcX2QVEV9UZxcUDFMwERRPCTBJGB0SIgdVWid3RjZMVBQDBx5UYFoeCBI6FR4IAz4QEQdIIgYfTFQUBAUaDiARFAAUNxcETFQUUUMvEj8EVVoiY1FCXwg3AAcGFDlRQy1Vd0ZGAAkhUUMtVndGRhoPJhFVWiIzEBYFH3dGRgpDYTBETFRkBAAAQ2EwQlhXZ0RDXFN3RkYZBTtRQy1QY0NEWlZqR0NcQ2BCBExVFkVGXFNiQkVeU2ZRQl8CNwcETFUWHAQdFiFRQlxVE1FCXFQUUUJcVBQZEQ4fMAFeBwMmUUJcVBQGFQ0PIBETHQ88E1VbU2AyESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCndGRVsgNEdJUFUwR0ZQVDQRQV5eYkdFUFAzFUZbUzEQFVwENxBWCgowSRgdEiIHVVond0Y2TFQUAwceVGBaHggSOhUeCAM%2BEBEHSCIGH0xUFAQFGg4gERQAFDcXBExUFFFDLxI%2FBFVaImBRQl8INwAHBhQ5UUMtVXdGRgAJIVFDLVZ3RkYaDyYRVVoiMxAWBR93RkYKQ2EwRExUZAQAAENhMEJYV2dEQ1xTd0ZGGQU7UUMtUGNDRFpWakdDXENgQgRMVRZFRlxTYkJFXlNmUUJfAjcHBExVFhwEHRYhUUJcVRNRQlxUFFFCXFQUGREOHzABXgcDJlFCXFQUBhUNDyAREx0PPBNVW1NgMhEhNGIXOCRQHg1JWgJhFwULMQQfET4gPxUoIwoeGT4fBAFNHQgxKhg8EyQjER0FVQgjABMFOBNECi42RxQQXwEWQiMOMRhJHj8FOgIlCxQDERBfPxUnEQp3RkVbIDRHSVBVMEdGUFQ0EUFeXmJHRVBQMxVGW1MxEBVcBDcQVggVMEkYHRIiB1VaJ3dGNkxUFBkRDh8wAV4HAyZRQi8UNxAZGwMxABkHAXdGNgguAEQTIStkOAlQVTZHExwEBSIbCDEUGRExLD44HScQMCdJBAcFDBwlHBAFFQQKYS4nGRwxHhddBRoQQw0faycSWyw6FxxQEQsjPhsqPzIHCB9rGRE%2BHj5RQi8AYU1JWgRhQklbADdFR1FWYUFJXwczQkJcBTYRRQsDNlZcSxU%2FElJTV35WBAgBDR0US1xwTEFRVGpCUkVEIQESNg82RVJTRGBFQVxWYUFFS0pwBwULOTsQQktccEZBWFNiR0VcOWNNQVFeYlZcSwc%2BGBJLXHAcBB0WIU5fRgszEwkLE3waFR1JIBEUABQ3FwQACDVbESE0Yhc4JFAeDUlaAmEXBQsxBB8RPiA%2FFSgjCh4ZPh8EAU0dCDEqGDwTJCMRHQVVCCMAEwU4E0QKLjZHFBBfARZCIw4xGEkePwU6AiULFAMREF8%2FFScRCn0SQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBsSS1xwHAQdFiFOX0YRJQNCW0g8FQQBBzwVFQUCMxpeGRQ9WwAcFToGFQ0PIBETHUltAB0ZW2NSHgwSJRsCAlthUhkGFW9EVhoPJhFNCAI0GAlPBW9AVhkWO0lCWFdnRENcU3QEEwBbZEVHXVViTENaU3QATVhQZ0FAX1NlQURPAjcHBFQOJgAAGkNhNVVbIHdGNgQHNQ0SHEg8EQRMVBQGFQ0PIBETHQ88E1VbIDM8IlkFGjlGJR9rRxRaBScWJz8NMyM2BAcKPhwlCxwCEjpfPxUnEQoeDjIYAz8YQzMxIg4TAwFmFzgNVTYNSToEYD4YCgprAyk%2BKCA4HS8RMw1JBAcFDBxMVBQSQ1BfYRZDX19gEhVYUWpEQ1xfZBURX1RnFxQMUzARFEtKcBccC0RoVhgdEiIHSkZJJQMHW1R8GhEdDjMaEQwKNhUeRxYgG18ZEyEcAgwCOwYVChJ9SwQEFm9GVgcDJgMfGw1vR1YACSFJQE8VOwAVVAc2EhwQQDFJRE8WIh1NW1djQUBaU2dSAAoPb0JBXlJhREhaVWdSBFRXZEFFWVBnQ0VdQDYRAx1bOgAEGRV3RzFMVBRRQi8LMxMJCxN8GhUdQ2AyAgwCOwYVChI7GhdMVBQVODtWMTw9XyorTUMNVTEBEj4wORUnLwszLDoFKj86Bgs1axkRPh4%2BOAorFzcZHFo8BQQKCgw1QBMhAmEQCVA1MEY6AQU%2BTQcwMRwGPAQgJRUJUAszIwgFQ2AyFlpfa0cSWlBrRhYMV2VMQFpTa0IRCFBgQRMNA2cWFQ1EflYRGgRwTlIBEiYEA1NJfRkRDh8wAV4HAyZbAgwCOwYVChI7GhdGBxomQAouH0I8EF9hEEMKEzAjJgIHBTIdCD4YGDwEKCQWI1ALMyMIBSooNgEMCz5HKj4WKBcaDlIxPBRaAitNIwtUGBwTBV8lLScnFB4ZNh4HK00dCDEqGF8PVWtNQwtVZE1CDwNjQ0hZVWdNRggHZEZFCgI3QRIMAnAJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.27
Resource Hash

Request headers

Referer
https://www82.nathanaeldan.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
71a55761ca25ca67-YUL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7wOIwn%2Bvp%2FGnxpj1uoh9Vki9MSvQ3wY%2B90j52SPMFh%2FmAXrNVxSO9RSsNytaIWi9rRk1K64WXcN9H5kjyQYSCb1BvMoRWdXilRFsHnT%2FLxP82qnUrQwCbc8zzkF6G5jNvJfwDAyrMN0zIeFTl7EsFU%2F2ea3S"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed
Primary Request /
www45.nathanaeldan.pro/pushredirect/
Redirect Chain
  • https://www82.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJl...
  • https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJl...
73 KB
28 KB
Document
General
Full URL
https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.27
Resource Hash
25feca901a320e9d90f3da8f9ef13747738d2b26dbf7d92ddb80fdd1d30027e6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
71a55762bb51ca67-YUL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:55 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IhVyXj2Yre4%2Ferusn6vcSj9JpUKl2uXz3vbG2qpyvgMay65fmZpP8Qt%2B2GBdCrFNAVdYcjlJqfTixCUsOaiNyEUe8pF4BESK7DY0tGQmr7v23HWw8EZhpSbtt3DY4nGx%2BfjjDHGQHDZOCqT29eqY924%2B%2Fa9H"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
71a557623eac7133-YUL
content-type
text/html; charset=UTF-8
date
Sun, 12 Jun 2022 20:29:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZyxmoF1rwaC4i4UO4JX2KYB2kFRlLl6Af%2F9AgNICUQo5RFv1Ybh3wbZ4AH21P1qiBRHuQVOcs%2FceNc68NOtH2WX4rXggc1CmgbJYss09HiEI6gQZpt63x%2BDpTxc%2Bay7YUcdmrmheXAqT7dCj%2FcAnml4HwJW"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.3.27
x-turbo-charged-by
LiteSpeed
17a72af7-7cb1-4f49-bce5-18314b016d6d
player.ex.co/player/
0
95 B
Script
General
Full URL
https://player.ex.co/player/17a72af7-7cb1-4f49-bce5-18314b016d6d
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:55 GMT
via
1.1 varnish, 1.1 varnish
age
53660
x-cache
HIT, HIT
access-control-max-age
600
content-length
0
x-served-by
cache-iad-kcgs7200127-IAD, cache-yul12827-YUL
server
nginx
x-timer
S1655065795.087241,VS0,VE0
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
vary
x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot, x-pb-country, x-pb-connection, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-bot-name, x-pb-is-bot
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-pb-reason
requested id was blocked
accept-ranges
bytes
access-control-allow-headers
Accept, Authorization, Content-Type
x-cache-hits
1, 6
aa240591af5d8573573bb87d25c7ab12.json
auntieimpetus.com/aa/24/05/
0
594 B
XHR
General
Full URL
https://auntieimpetus.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.22.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Sun, 12 Jun 2022 20:29:55 GMT
Server
nginx/1.22.0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-CH
Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Content-Type
application/javascript
Content-Length
0
stats
venetrigni.com/
0
0

/
dc5k8fg5ioc8s.cloudfront.net/
163 KB
49 KB
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
7e6d4d8801a8144849709f2ae050ef40e951c40c3ee38dd4536b406f1e503962

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:55 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length
49631
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
VYN53sZ1kuQO2w6hRnz1D1CCQlkdDoTdk7LLCq6TcNyk8u0lc10QoQ==
logo.png
www45.nathanaeldan.pro/static/image/
10 KB
11 KB
Image
General
Full URL
https://www45.nathanaeldan.pro/static/image/logo.png
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:cf3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:55 GMT
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10726
last-modified
Tue, 10 Nov 2020 09:44:06 GMT
server
cloudflare
etag
"29e6-5faa60e6-b22ed065d915c717;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4XT82PO%2FM3Cn7n7E%2BC35UXzxU2mQ7YOBJfwiPp%2B4JEvRggo29iqMAXFDE0qLcG%2BKoBuv6rfPWuvmMaxWEeSrBM%2BwNQoBv%2BSRFkdGNtG0BlZ8eiq8jvLgGR41vtRgRNb6%2FO0AU0RHQB7jVGGlZ62bLtCpqnWW"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
71a5576368557133-YUL
expires
Sun, 19 Jun 2022 20:29:55 GMT
pure
furstraitsbrowse.com/pixel/
0
469 B
XHR
General
Full URL
https://furstraitsbrowse.com/pixel/pure
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.22.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www45.nathanaeldan.pro/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/json

Response headers

Date
Sun, 12 Jun 2022 20:29:55 GMT
Server
nginx/1.22.0
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Range
Cache-Control
no-cache
Connection
keep-alive
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:01 GMT
pure
furstraitsbrowse.com/pixel/ Frame
0
0
Preflight
General
Full URL
https://furstraitsbrowse.com/pixel/pure
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.22.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www45.nathanaeldan.pro
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1728000
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
text/plain; charset=utf-8
Date
Sun, 12 Jun 2022 20:29:55 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Server
nginx/1.22.0
sfp.js
addresseepaper.com/
48 KB
15 KB
Script
General
Full URL
https://addresseepaper.com/sfp.js
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:50d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
473dfe26e5ad478a354a003498bcb7f683108aecef6b8facf6ed5dbf42caccec
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:55 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id
8442d4ec284e731e3aded8eb247cb482
last-modified
Sun, 12 Jun 2022 20:29:54 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubdomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iXY4eJCEO3%2B61Z3Adba6WXGjYi16JuQdmwzA5bTzMxxzqdJzpYdRzx0r8uO3wytpMmtHMKOoTNlIZw7HuRQ8L4cPKpgQbAy8VGXooRNTKLNzFTrEJeYo5wtUVwF2%2FFcwSHBnqLoS%2BLmJ3557hDXTbww%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
71a557646fdf7148-YUL
expires
Thu, 01 Jan 1970 00:00:01 GMT
stats
venetrigni.com/
0
0

bff29f0d3318d4c4b9a844119e218228.js
furstraitsbrowse.com/bf/f2/9f/
0
0
Script
General
Full URL
https://furstraitsbrowse.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.22.0 /
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Sun, 12 Jun 2022 20:29:55 GMT
Server
nginx/1.22.0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-CH
Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Content-Type
application/javascript
Content-Length
0
asd100.bin
freychang.fun/
100 KB
101 KB
Fetch
General
Full URL
https://freychang.fun/asd100.bin
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:55 GMT
access-control-allow-methods
GET
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sun, 12 Jun 2022 17:26:22 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QTMRfdzcFLI9TGQMSDpKjnaTy5ZVYfkpI2hSq0AXhSLbxYJacgfl%2BBmVYwJuYbhT2sxfgTavWD9qUJFwNsWHId%2BcaCGg1TBsDG1Ya2voVweMosRd7vyjUD7d6MwuJIbw%2BWbfO%2BRJIMoAuiMs"}],"group":"cf-nel","max_age":604800}
content-type
binary/octet-stream
access-control-allow-origin
https://www45.nathanaeldan.pro
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
71a557642aecece2-YUL
access-control-allow-headers
X-Requested-With, content-type
/
freychang.fun/
26 B
620 B
Fetch
General
Full URL
https://freychang.fun/
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd5e6093c607e9b1b2906aa2f746ce4bc2dac857f095e86bcc45e33a9c4b0793

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:55 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
https://www45.nathanaeldan.pro
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CCp2ZTtQZNL6ndBdsfH8hIxQqrSGPH0W8xnDIORswJQe9S%2FitDzK73pjo2BVBLb22qtT4DxfAXqsVj4lMSkTrp4i%2FCVvl65gAz0KpLN9oolTL2BqUHq0qNoAH6wdBSgxnTXtA4Xmf812M5F%2B"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
71a557642aeeece2-YUL
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
ustingexcelle.xyz/
0
494 B
XHR
General
Full URL
https://ustingexcelle.xyz/utx?cb=jP2Qoka0nwB7&top=www45.nathanaeldan.pro&tid=824473
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:55 GMT
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www45.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
vUDudx7_zRmcIub22J1DYuiXcLf8KO1gvwH7gwI05iQZpRud1hWY5g==
JgY2PiUeKzUNFiAiBWAECiVdMxYmID0XCH8dDg4wPjcFDQENFw9vO30rJBAfK18INAYgCCQWQh06XWwRBzs9OR8WXCYKP3onL2EaHRVZMhYXIw45QA0KIQ0aP0sGKx0hHVEcOSIDPRYEGiQqbSMNWCk
ustingexcelle.xyz/bFhyT20NOhEiUg1lEGkYHjRPal8qfUAJCQ9tGXcLC20bIA5UK1wsAQMtFikfAzYGYQMJLFd9KyoOGRUoCA4VfiY/NyYVFCUuOwoFCwI6BRo9NQY4ISg7EwEENm8zC1ldFzAsJi0vQiksJB0ZCAAhHCsoKAUVHDtdOSIjfCYvFjspByE3OH8... Frame 0679
3 KB
2 KB
Document
General
Full URL
https://ustingexcelle.xyz/bFhyT20NOhEiUg1lEGkYHjRPal8qfUAJCQ9tGXcLC20bIA5UK1wsAQMtFikfAzYGYQMJLFd9KyoOGRUoCA4VfiY/NyYVFCUuOwoFCwI6BRo9NQY4ISg7EwEENm8zC1ldFzAsJi0vQiksJB0ZCAAhHCsoKAUVHDtdOSIjfCYvFjspByE3OH8FHDsxLAoqaiQmNCgZNAEXXW8/HR5UFQsOGSsiQjY0KB0nFTkfKCInGlwXGysFPiBHJQwkCiMuADYtPzcaXhUbJBcuNkMkCQU3MCk6PmoWGjteAh8BXiJrQyQJBhURAQAuISsaNA07QR1dKA9HJg9edTQHDCg7QAEvB2E7HCABEBgKBDVrKzUPOw4KLgY2LRF8P1wAJgJIXho/JgY2PiUeKzUNFiAiBWAECiVdMxYmID0XCH8dDg4wPjcFDQENFw9vO30rJBAfK18INAYgCCQWQh06XWwRBzs9OR8WXCYKP3onL2EaHRVZMhYXIw45QA0KIQ0aP0sGKx0hHVEcOSIDPRYEGiQqbSMNWCk
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
a715ab89adcd9b552fef5c3db45376f86cb80a2200f57de3a848b80404b9e9b1

Request headers

Referer
https://www45.nathanaeldan.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
content-length
1239
content-type
text/html
date
Sun, 12 Jun 2022 20:29:55 GMT
p3p
CP="NID DSP ALL COR"
pragma
no-cache
server
openresty/1.17.8.2
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
x-amz-cf-id
CM4fQ1uH3OzTviA6s4n7MwwXAOs5rTlp4Db4hn-q0VfLsZc6fF4MLQ==
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
NDRFUzkbCyYgBHpeDCprY20EEmhyTh00dHZ1dgFudkM2FV1ifWMnUFAJfWENAAN2dUldUHhgCxJHMTJNQUd4Yh9dWiM8BBJCeGMXDBp9fQsSQXhiH0BEJDQEBRI1J01YCXRlDAEEc2YODQF3YQs
quiremuken.xyz/
0
475 B
Image
General
Full URL
https://quiremuken.xyz/NDRFUzkbCyYgBHpeDCprY20EEmhyTh00dHZ1dgFudkM2FV1ifWMnUFAJfWENAAN2dUldUHhgCxJHMTJNQUd4Yh9dWiM8BBJCeGMXDBp9fQsSQXhiH0BEJDQEBRI1J01YCXRlDAEEc2YODQF3YQs
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:55 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cY2KlLKsVKsf3MJ%2BgRGzd9pEevQLV%2Ff8BQJOGEDdw%2FzJbUky8zHGFHO2ARktpfplkImtQyY2dlfbdD8ZoDPoHdixAH8CuuYVleP4C%2B8DhaFytzt920rPjhdWEB3pTKVcz502tMPCR2WuhKdm6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a557643a1becee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
AGRy
quiremuken.xyz/SjJWQWtlDTUyVhtfHC8IJFZmFD0YdwJyDxhkPQ8jKQMiEDohf3A1Ai4PbnNffgVlZxsjVmtyWWxBIiAfP0Frc1t6BXAoBSxda3NNPA9mb1NkCnhzTT8PZ2cfOlMxfFpsQiI1B3cDYHReegRjdlJ/
0
476 B
Image
General
Full URL
https://quiremuken.xyz/SjJWQWtlDTUyVhtfHC8IJFZmFD0YdwJyDxhkPQ8jKQMiEDohf3A1Ai4PbnNffgVlZxsjVmtyWWxBIiAfP0Frc1t6BXAoBSxda3NNPA9mb1NkCnhzTT8PZ2cfOlMxfFpsQiI1B3cDYHReegRjdlJ/AGRy
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:55 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNZnzy82T%2FPmWvUQNBIvQPgPjMTnQxbKrRe6pChTtkivDqpM9WM76LXKjYgEk8fIB1xPncIvs8wB1AemEWHdowxNMUuPntonCz%2F9xwyie3qRzoi0H%2FZEVyR8hvFav%2BSW8601QvrDLrUsL00FPw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a557643a1cecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pxf.gif
dismantlepenantiterrorist.com/
1 B
425 B
Image
General
Full URL
https://dismantlepenantiterrorist.com/pxf.gif?uuid=&eb=d141fc753c4dc92138847cf684e0f25d&te=a2d0ce014e78ed2cbdd2e7e815a3f70a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F102.0.5005.61%20Safari%2F537.36&dev=r&res=12.31&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1200x1600&sz=1200x1600&hjs=20
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Sun, 12 Jun 2022 20:29:55 GMT
Server
nginx/1.17.6
Strict-Transport-Security
max-age=0; includeSubdomains
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
1
X-Request-ID
422b17c92b66c93930846fc9fa1e2089
Expires
Thu, 01 Jan 1970 00:00:01 GMT
FVkZEdVg1KSoTZyIvIEhgZHJwQmtwLDcaNiZ7AD41OBcKAw0fAHEkGmMDYgEiMnt0UzQ3KCNIfjMoJ0hpcCcgF2ViYDAFNz17MRs8MyAtGz0yYDEUZTspPhw0OidhRx5jaHRQamZuMxw2MikzBn1kdioBfWR2dUV2ZmN3N31kdjMcNmByYUYac3R0DW5ib2-FHaDc...
dc5k8fg5ioc8s.cloudfront.net/ Frame 0679
419 B
615 B
Script
General
Full URL
https://dc5k8fg5ioc8s.cloudfront.net/FVkZEdVg1KSoTZyIvIEhgZHJwQmtwLDcaNiZ7AD41OBcKAw0fAHEkGmMDYgEiMnt0UzQ3KCNIfjMoJ0hpcCcgF2ViYDAFNz17MRs8MyAtGz0yYDEUZTspPhw0OidhRx5jaHRQamZuMxw2MikzBn1kdioBfWR2dUV2ZmN3N31kdjMcNmByYUYac3R0DW5ib2-FHaDc2NBk9ISMmHjEiY3YzbWVxakZuc3R0XTM+MikZfWQFYUdoOi8vEH1kdiMQOz0pbVBqZiUsBzc7I2FHHmd2dltoeHN0RW14cHVQamY1JRM5JC9hRx5jdXNba2BgMUhp
Requested by
Host: ustingexcelle.xyz
URL: https://ustingexcelle.xyz/bFhyT20NOhEiUg1lEGkYHjRPal8qfUAJCQ9tGXcLC20bIA5UK1wsAQMtFikfAzYGYQMJLFd9KyoOGRUoCA4VfiY/NyYVFCUuOwoFCwI6BRo9NQY4ISg7EwEENm8zC1ldFzAsJi0vQiksJB0ZCAAhHCsoKAUVHDtdOSIjfCYvFjspByE3OH8FHDsxLAoqaiQmNCgZNAEXXW8/HR5UFQsOGSsiQjY0KB0nFTkfKCInGlwXGysFPiBHJQwkCiMuADYtPzcaXhUbJBcuNkMkCQU3MCk6PmoWGjteAh8BXiJrQyQJBhURAQAuISsaNA07QR1dKA9HJg9edTQHDCg7QAEvB2E7HCABEBgKBDVrKzUPOw4KLgY2LRF8P1wAJgJIXho/JgY2PiUeKzUNFiAiBWAECiVdMxYmID0XCH8dDg4wPjcFDQENFw9vO30rJBAfK18INAYgCCQWQh06XWwRBzs9OR8WXCYKP3onL2EaHRVZMhYXIw45QA0KIQ0aP0sGKx0hHVEcOSIDPRYEGiQqbSMNWCk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-217.ewr53.r.cloudfront.net
Software
/
Resource Hash
d49a5a8d91c49cfa082811665ff965eab705c77ef3eff6df27e5151f8db57063

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ustingexcelle.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:55 GMT
content-encoding
gzip
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=31556926
content-length
338
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
x-amz-cf-id
LMK6VvYGOas2_7RDm9grDvI1zABqudIs5hwUTpCPmakPqNVny5LdEA==
advertisers.js
clenchedyouthmatching.com/
0
159 B
Script
General
Full URL
https://clenchedyouthmatching.com/advertisers.js
Requested by
Host: www45.nathanaeldan.pro
URL: https://www45.nathanaeldan.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=21150355&pci=6174308335&t=1655065754&dest=https%3A%2F%2Fmagybu.net%2Fredirecting%2FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%2Ff3993b3692fe17803596aa625cde5bed
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
142.0.197.108 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Sun, 12 Jun 2022 20:29:55 GMT
Server
nginx/1.17.6
Connection
keep-alive
Content-Length
0
Content-Type
application/javascript
stats
simplewebanalysis.com/
40 B
293 B
XHR
General
Full URL
https://simplewebanalysis.com/stats
Requested by
Host: addresseepaper.com
URL: https://addresseepaper.com/sfp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.193.36.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-36-135.compute-1.amazonaws.com
Software
fasthttp /
Resource Hash
3ab5b7c9350c913327a276e14a15e3d2b8fc4f479c9210ae66a7098819252268

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin
https://www45.nathanaeldan.pro
date
Sun, 12 Jun 2022 20:29:55 GMT
access-control-allow-credentials
true
server
fasthttp
content-length
40
content-type
text/html; charset=UTF-8
popunder.gif
quiremuken.xyz/
35 B
595 B
Image
General
Full URL
https://quiremuken.xyz/popunder.gif
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
public
date
Sun, 12 Jun 2022 20:29:55 GMT
cf-cache-status
HIT
last-modified
Sat, 11 Jun 2022 01:00:15 GMT
server
cloudflare
age
156580
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQ5xGGGqbmetg%2BrEv2ycb1gYQkpfV5L8MIU6gtTkdtRnhH6t0eAiibNIankhjb6i1t1OQnUGuPT3HQwBVMNix6%2B7f4KBY%2Fl80AbeBZujVHB15PvTdCtALnQ%2FOtyPNO50zMr2AgH9S7vV%2BE93LA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
71a557678e48ecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
a0swSldEdFM5aggNagQBWxl3EA9eI1YPAQctdxBnOhwJfA1YChY+Pg92CHhjX3wDbCcCLw15ZU04RCsjHjgNeGdbfBYjOQ0kDXhxHXYAZG9Fcx54cR52Bn1iX3sBeWdYfQN9Zlp5Fj4nCiwNe3EbP0Qmalp9BX9nXX4Hc2JcfAk
quiremuken.xyz/
0
480 B
Ping
General
Full URL
https://quiremuken.xyz/a0swSldEdFM5aggNagQBWxl3EA9eI1YPAQctdxBnOhwJfA1YChY+Pg92CHhjX3wDbCcCLw15ZU04RCsjHjgNeGdbfBYjOQ0kDXhxHXYAZG9Fcx54cR52Bn1iX3sBeWdYfQN9Zlp5Fj4nCiwNe3EbP0Qmalp9BX9nXX4Hc2JcfAk
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:55 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iu4Y3CmFq42Yg5etZUo36MJMnLga8%2FNhBWv717tUBlEit4yLYehMn%2Fp8Dn8T0VEEeNohrZhLxb8x9obtUM8jB5PpauN2tz4dTz4I6cgA%2Fyp3ckESY0%2BzKb6G%2B%2FgLNwYJPB7Ww%2BwfaAEUd%2BbKdA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a55767ae72ecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
floater
ustingexcelle.xyz/
2 KB
2 KB
XHR
General
Full URL
https://ustingexcelle.xyz/floater?cs=TVZRMXh7ZWIHQHhlYABIfG9mAUw&abt=0&red=1&sm=83&k=&v=0.8.8.2&sts=0&prn=0&emb=0&tid=824473&u=675401303637112&agec=1655065792&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=523.5602094240837&ref=https%3A%2F%2Fwww45.nathanaeldan.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F102.0.5005.61%20safari%2F537.36&tzd=0&uloc=&if=0&aa=td1_oi1_&_qk8I=1655065795780&crc=1
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-129.iad89.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
d16a45656818abad839404a4d9e65edad0256e94e0c8a6e21dee64f77a4e89ef

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Jun 2022 20:29:56 GMT
content-encoding
gzip
server
openresty/1.17.8.2
x-amz-cf-pop
IAD89-P2
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
https://www45.nathanaeldan.pro
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-type
text/plain
content-length
1096
via
1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
x-amz-cf-id
rJXcTLrgnojcywnYIwUz8660snNwCXMQ2lroZM4ieLoazTYX6OhBZg==
cE9oZntlDCk2Ln5Jfyc9NxRkZn92TWlhfHRBYWdxcQ
quiremuken.xyz/eFlXSUNXZjQ6fiI3MzAOSDUGGwY9HzQfDT0IIAN2LmliDwJLaXE9Khxkb3t3TG5kbzMRPWp6cV4qIyg3DSpqe3NIbHEgLR42antzSG9neXZNYXJ+ABAtIzkwXWoWbHE+fGUPNB07JyAgE3Q0LS1WKmRnNgt0ICwwDHRlZyIVOC0mLRkuJGcgFz...
0
472 B
Ping
General
Full URL
https://quiremuken.xyz/eFlXSUNXZjQ6fiI3MzAOSDUGGwY9HzQfDT0IIAN2LmliDwJLaXE9Khxkb3t3TG5kbzMRPWp6cV4qIyg3DSpqe3NIbHEgLR42antzSG9neXZNYXJ+ABAtIzkwXWoWbHE+fGUPNB07JyAgE3Q0LS1WKmRnNgt0ICwwDHRlZyIVOC0mLRkuJGcgFzRyewUfPCMlIhE9eSMzHT5yfgAWLDslZk8aZHxyQG5ke3JJb2R8dUlsZXl7QH8hdHNWYXlxbUp/InR1T2xjeXJLaWR/cE9oZntlDCk2Ln5Jfyc9NxRkZn92TWlhfHRBYWdxcQ
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:95da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www45.nathanaeldan.pro/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Sun, 12 Jun 2022 20:29:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZE9IKBqst5jtoOXoIhaH7NeHguXSABN%2FWvqpX6RJfjmHV5jy01jYUg2NU6colilDhsaTTJcVRUj5RbntOMGf7UBwkMjco4aE8WLpSWDqWPCTP2nvQelY9Y6trV6F9g%2Bvg53LxH7H9sjrhZ1BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
71a557761dddecee-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
getlaid.jpeg
webpick-cdn.s3.us-west-2.amazonaws.com/
0
0

getlaid.jpeg
webpick-cdn.s3.us-west-2.amazonaws.com/ Frame 7A18
9 KB
10 KB
Image
General
Full URL
https://webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg
Requested by
Host: dc5k8fg5ioc8s.cloudfront.net
URL: https://dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.5.82.173 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e6a18e81d67bc6cfadbe2c86c78b99c0e01644cdeafb48144663121b629ea227

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Sun, 12 Jun 2022 20:29:59 GMT
Last-Modified
Thu, 25 Jun 2020 08:18:14 GMT
Server
AmazonS3
x-amz-request-id
W0Y5647GYDYFX8KC
ETag
"e73bda30c82b74c32e5f03e4ed4e4bb1"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
9313
x-amz-id-2
VLZ2lKubEeruZ/q6AQGDX6x1MPximiakLYFL4hc78tb/jhitvRZC8Qq7cltqeX1ceE6uVmuTMvl6WvVKVvRvAg==
x-amz-meta-s3b-last-modified
20200625T081632Z
truncated
/ Frame 7A18
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63a428de16700f13f745cca888ee6d19b8c9470c623116b647c2a0cb431549a0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
quiremuken.xyz
URL
https://quiremuken.xyz/T2x3QnlgUxQxRB00Hw0ofSJFFhd2XSIKHQQJPxAoKzkfZ0sJCUYXXzsFE39BfVhDdUppHB4mRHxeUTENLhgCMUR9XEd1XyYCES1EfUoBf0lhVFl6V31KAn9PeFlDckh8XER0SnhdRnBfOxwWJUR+Sgc2DSNRRnRMelxBd052Xk9ySA
Domain
ustingexcelle.xyz
URL
https://ustingexcelle.xyz/floater?cs=aWVBcEpaU3BGeVtXd0d5WVVwSHw&abt=0&red=1&sm=83&k=&v=0.8.8.2&sts=0&prn=0&emb=0&tid=824473&u=675401303637112&agec=1655065792&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&mbkb=1388.888888888889&ref=https%3A%2F%2Fwww56.nathanaeldan.pro%2Fpushredirect%2F%3Fnetwork%3D3%26site%3Dadfly%26ppi%3D21150355%26pci%3D6174308335%26t%3D1655065754%26dest%3Dhttps%253A%252F%252Fmagybu.net%252Fredirecting%252FaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlLzBqeml3ZWpzcjg4cHd3dy9Sb2Jhcl9wYWNrLmFway9maWxl%252Ff3993b3692fe17803596aa625cde5bed&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F102.0.5005.61%20safari%2F537.36&tzd=0&uloc=&if=0&aa=td1_oi1_&_E3C0=1655065792802&crc=1
Domain
venetrigni.com
URL
https://venetrigni.com/stats
Domain
venetrigni.com
URL
https://venetrigni.com/stats
Domain
webpick-cdn.s3.us-west-2.amazonaws.com
URL
https://webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| p18 function| w2 function| S8 object| mm object| LieDetector object| AaDetector function| replaceAll number| rnd string| source function| noDisplayTimer number| LAST_CORRECT_EVENT_TIME number| _2256987490 object| _0xa6ab function| _0x41de string| a number| refS

5 Cookies

Domain/Path Name / Value
www45.nathanaeldan.pro/pushredirect Name: lastUrlPushTmp
Value: www45.nathanaeldan.pro
freychang.fun/ Name: csu
Value: 675401303637112@5@1655065792
simplewebanalysis.com/ Name: uid_id2
Value: 1c727c62-ec1b-4e69-b9d2-d6b15ab4fb19:1:1
www45.nathanaeldan.pro/ Name: dom3ic8zudi28v8lr6fgphwffqoz0j6c
Value: 1c727c62-ec1b-4e69-b9d2-d6b15ab4fb19%3A1%3A1
www45.nathanaeldan.pro/ Name: ppu_main_aa240591af5d8573573bb87d25c7ab12
Value: 1

4 Console Messages

Source Level URL
Text
network error URL: https://venetrigni.com/stats
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://auntieimpetus.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: https://venetrigni.com/stats
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://furstraitsbrowse.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

addresseepaper.com
auntieimpetus.com
biscussexbug.xyz
clenchedyouthmatching.com
dc5k8fg5ioc8s.cloudfront.net
dismantlepenantiterrorist.com
freychang.fun
furstraitsbrowse.com
player.ex.co
quiremuken.xyz
simplewebanalysis.com
sinaunrelean.info
ustingexcelle.xyz
venetrigni.com
webpick-cdn.s3.us-west-2.amazonaws.com
www21.nathanaeldan.pro
www22.nathanaeldan.pro
www23.nathanaeldan.pro
www26.nathanaeldan.pro
www29.nathanaeldan.pro
www45.nathanaeldan.pro
www56.nathanaeldan.pro
www8.nathanaeldan.pro
www82.nathanaeldan.pro
quiremuken.xyz
ustingexcelle.xyz
venetrigni.com
webpick-cdn.s3.us-west-2.amazonaws.com
13.226.36.217
142.0.197.108
151.101.2.132
18.67.76.129
192.243.59.12
192.243.61.225
2606:4700:3030::ac43:dadd
2606:4700:3031::ac43:95da
2606:4700:3031::ac43:cf3a
2606:4700:3034::6815:50d8
3.5.82.173
44.193.36.135
44.195.137.121
04c057f8238a64d86fa99e098e8fee7ae0a8033d9a0a7d2487ce598fefb32b65
0892cc180f6cdabdac7c2366bae79aecb3038b3dd47ee668756ec5feea2f748b
1748a4dc17a0c9ce36d1653df23a75281d05842c3266452fd7bd01ed5351ebfe
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
25feca901a320e9d90f3da8f9ef13747738d2b26dbf7d92ddb80fdd1d30027e6
3ab5b7c9350c913327a276e14a15e3d2b8fc4f479c9210ae66a7098819252268
473dfe26e5ad478a354a003498bcb7f683108aecef6b8facf6ed5dbf42caccec
5d1d99550a6d86d9f154f81a828bfbd680513bc1ddcde317cf5a76d3986ad10b
614eab3e9aad0a32ea74caea66a05c9d137034f7c9a0bde69a26284bc9cd9d88
63a428de16700f13f745cca888ee6d19b8c9470c623116b647c2a0cb431549a0
69f55d3504c70891ea9edc17bf9da51728ca2279b8315931e9cb23f766443c14
6c58cb075b5a230702bf1f11e07c94d91894e845896457bd0c7d47dd6d234e3b
7500e4741020333848a25ad2bb1b5c2c8e7e983c4cd5eb44006a06c879f0b819
7e6d4d8801a8144849709f2ae050ef40e951c40c3ee38dd4536b406f1e503962
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
990b0d39b0b7d246a3640bc848812d320581f4caf8f2e95236dece81f9ce3b2c
a715ab89adcd9b552fef5c3db45376f86cb80a2200f57de3a848b80404b9e9b1
aea6893b716408ae967885cd019107db9981f8f90b75b426820f9970a1dd2f83
cd5e6093c607e9b1b2906aa2f746ce4bc2dac857f095e86bcc45e33a9c4b0793
ce8a0a40e1f1cf1997fcc8f47bd8517627927f6782c7b8c0b5ffbbee73142f9c
d16a45656818abad839404a4d9e65edad0256e94e0c8a6e21dee64f77a4e89ef
d49a5a8d91c49cfa082811665ff965eab705c77ef3eff6df27e5151f8db57063
d4b659ff9b6e8166d48d49654c7148a95350c0c2353d592ac64aca94a635f8a0
da7b582e630fc05502d97200b6c884671f54f69d0bb131918b55cb94640b6065
dce76037cfaa1a987e66daca923ed29cabaa9b36a12434ce7760ca453a89adf9
e182a507d08965701ad9c606cce2533a2fa9e35474cee0ded41b007b64eaf0b3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6a18e81d67bc6cfadbe2c86c78b99c0e01644cdeafb48144663121b629ea227
f59b7a71a1eb00d688a892425e083f01fe81bf22da5fb219c6e8c02252f020e9
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
f67d069adc9e81535fe3c050dd1b9e793fb278f3df8d2fa379e0a89693df83be