urlscan.io logo urlscan.io
SecurityTrails logo

pufgilsofp.sbs Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Effective URL: https://pufgilsofp.sbs/aebd8a4f08930a4f3a02d32f3a72335aJNWeoh51a5FUzJgJebjUOMbfacVtTyVbsguwEZ3f
Submission: On February 23 via manual from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 5 countries across 12 domains to perform 21 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is pufgilsofp.sbs. The Cisco Umbrella rank of the primary domain is 806291.
TLS certificate: Issued by GTS CA 1P5 on January 27th 2023. Valid for: 3 months.
This is the only time pufgilsofp.sbs was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2a02:4780:b:8... 47583 (AS-HOSTINGER)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 46.105.201.240 16276 (OVH)
1 54.39.156.32 16276 (OVH)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 3 35.201.70.46 396982 (GOOGLE-CL...)
1 1 34.91.234.242 396982 (GOOGLE-CL...)
1 188.72.236.34 35415 (WEBZILLA)
1 1 188.72.236.238 35415 (WEBZILLA)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
8 104.16.168.131 13335 (CLOUDFLAR...)
21 9
3    2a02:4780:b:840:0:3469:df81:1 (Phoenix, United States)

ASN47583 (AS-HOSTINGER, CY)
dirkwin.com
3    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
2    46.105.201.240 (France)

ASN16276 (OVH, FR)
s10.histats.com
1    54.39.156.32 (Québec, Canada)

ASN16276 (OVH, FR)
PTR: ns562579.ip-54-39-156.net
s4.histats.com
1    2606:4700:10::6816:598 (United States)

ASN13335 (CLOUDFLARENET, US)
www.affforce.com
1    2606:4700:3030::ac43:ca25 (United States)

ASN13335 (CLOUDFLARENET, US)
331hwh.com
1    2606:4700:3032::6815:4480 (United States)

ASN13335 (CLOUDFLARENET, US)
go.tffkroute.com
3    35.201.70.46 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 46.70.201.35.bc.googleusercontent.com
directdexchange.com
1    34.91.234.242 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 242.234.91.34.bc.googleusercontent.com
aditmedia.g2afse.com
1    188.72.236.34 (Netherlands)

ASN35415 (WEBZILLA, NL)
startd0wnload22x.com
1    188.72.236.238 (Netherlands)

ASN35415 (WEBZILLA, NL)
xpprinx2.com
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
pufgilsofp.sbs
8    104.16.168.131 (None, )

ASN13335 (CLOUDFLARENET, US)
www.hcaptcha.com
newassets.hcaptcha.com
hcaptcha.com
Apex Domain
Subdomains		 Transfer
8 hcaptcha.com
www.hcaptcha.com — Cisco Umbrella Rank: 100287
newassets.hcaptcha.com — Cisco Umbrella Rank: 11742
hcaptcha.com — Cisco Umbrella Rank: 8106
532 KB
3 directdexchange.com
directdexchange.com
3 KB
3 histats.com
s10.histats.com — Cisco Umbrella Rank: 19286
s4.histats.com — Cisco Umbrella Rank: 15978
11 KB
3 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 768
28 KB
3 dirkwin.com
dirkwin.com
31 KB
1 pufgilsofp.sbs
pufgilsofp.sbs — Cisco Umbrella Rank: 806291
1 KB
1 xpprinx2.com
xpprinx2.com — Cisco Umbrella Rank: 726266
322 B
1 startd0wnload22x.com
startd0wnload22x.com — Cisco Umbrella Rank: 453888
6 KB
1 g2afse.com
aditmedia.g2afse.com — Cisco Umbrella Rank: 230762
354 B
1 tffkroute.com
go.tffkroute.com — Cisco Umbrella Rank: 662574
531 B
1 331hwh.com
331hwh.com — Cisco Umbrella Rank: 560854
754 B
1 affforce.com
www.affforce.com
640 B
21 12
Domain Requested by
6 newassets.hcaptcha.com www.hcaptcha.com
newassets.hcaptcha.com
3 directdexchange.com 2 redirects
3 maxcdn.bootstrapcdn.com dirkwin.com
3 dirkwin.com dirkwin.com
2 s10.histats.com dirkwin.com
s10.histats.com
1 hcaptcha.com newassets.hcaptcha.com
1 www.hcaptcha.com pufgilsofp.sbs
1 pufgilsofp.sbs startd0wnload22x.com
1 xpprinx2.com 1 redirects
1 startd0wnload22x.com directdexchange.com
1 aditmedia.g2afse.com 1 redirects
1 go.tffkroute.com 1 redirects
1 331hwh.com 1 redirects
1 www.affforce.com 1 redirects
1 s4.histats.com s10.histats.com
21 15

This site contains no links.

Subject Issuer Validity Valid
dirkwin.com
R3		 2023-01-14 -
2023-04-14		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
histats.com
R3		 2022-12-21 -
2023-03-21		 3 months crt.sh
directdexchange.com
Sectigo RSA Domain Validation Secure Server CA		 2023-01-25 -
2024-01-25		 a year crt.sh
startd0wnload22x.com
R3		 2023-01-17 -
2023-04-17		 3 months crt.sh
*.pufgilsofp.sbs
GTS CA 1P5		 2023-01-27 -
2023-04-27		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://pufgilsofp.sbs/aebd8a4f08930a4f3a02d32f3a72335aJNWeoh51a5FUzJgJebjUOMbfacVtTyVbsguwEZ3f
Frame ID: 3B682B39D07DB6A06DC1995803D2F876
Requests: 13 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
Frame ID: 8EE9355487197E0E908FB634790922D6
Requests: 5 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
Frame ID: 6048B21D36FC021FD20149DD75326774
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy Page URL
  2. https://www.affforce.com/scripts/un981c6l?a_aid=8ab541d9&a_bid=a6ae2671&chan=hb0 HTTP 301
    https://331hwh.com/g?visitorid=5acd93d2f0204b7fd2078d90Q6B1KL34&refid=8ab541d9&bannerid=a6ae267... HTTP 302
    https://go.tffkroute.com/click?pid=6&offer_id=617&ref_id=5acd93d2f0204b7fd2078d90Q6B1KL34_8ab541d9_a6... HTTP 302
    https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07 Page URL
  3. https://directdexchange.com/jump/next.php?stamat=m%257CNuYjPiY2aQdHkAH0dEdHP3xP.667%252CS0kXXHXf2ck-DOZ9... HTTP 302
    https://directdexchange.com/script/i.php?t=1&stamat=m%257C%252C%252Cw3K2YiZ7tGU3B5-GH0dEdHP3xP.b59%252C4... HTTP 302
    https://aditmedia.g2afse.com/click?pid=10&offer_id=16337&sub1=167714344010000TESTV424540939964Vd2&sub2=37... HTTP 302
    https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=10_3744083-1201103531-0&... Page URL
  4. https://xpprinx2.com//565/?ip=146.70.128.172&utm_content=338447&utm_term=&utm_source=AJEt92MPKgUA... HTTP 301
    https://pufgilsofp.sbs/aebd8a4f08930a4f3a02d32f3a72335aJNWeoh51a5FUzJgJebjUOMbfacVtTyVbsguwEZ3f Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

21
Requests

95 %
HTTPS

46 %
IPv6

12
Domains

15
Subdomains

9
IPs

5
Countries

612 kB
Transfer

1646 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy Page URL
  2. https://www.affforce.com/scripts/un981c6l?a_aid=8ab541d9&a_bid=a6ae2671&chan=hb0 HTTP 301
    https://331hwh.com/g?visitorid=5acd93d2f0204b7fd2078d90Q6B1KL34&refid=8ab541d9&bannerid=a6ae2671&extra_data1=&extra_data2= HTTP 302
    https://go.tffkroute.com/click?pid=6&offer_id=617&ref_id=5acd93d2f0204b7fd2078d90Q6B1KL34_8ab541d9_a6ae2671&sub1=8ab541d9&sub8= HTTP 302
    https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07 Page URL
  3. https://directdexchange.com/jump/next.php?stamat=m%257CNuYjPiY2aQdHkAH0dEdHP3xP.667%252CS0kXXHXf2ck-DOZ9HRvwuHBBkOfRBRZOnRd2sBvXZMjUSxJNnQqblUqAbDUG2SyjoXawHv_S85xeQCoOx_XhFbw3BC4Kg_bdYUuagK4QCNiIINNHMfWNVVZBQqd0RXmvezygJjeTE0U-cXGAtpewqg%252C%252C&cbpage=https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07&cbur=0.15582183991801513&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fdirkwin.com%2F HTTP 302
    https://directdexchange.com/script/i.php?t=1&stamat=m%257C%252C%252Cw3K2YiZ7tGU3B5-GH0dEdHP3xP.b59%252C46C3aERO_4uOpvW1HcdW8LSuLLFQ0pZ-4O7Guko0LxQCHPT3i9YFhpNGbZ6nu8rDeahwgwnIGh8JoJIAU-BmY5YaxvE2FiWMDupI9WJzZTdX7B4lreISJsVt9T2VmSovqVJUuJ88Sf4Bq76pGYhjcFjGJ263Gsa3uEAl5FB7OxyNO8ES5HWL_IZTe45iug4pq1HiF9hh2aoOAey6RYPfkbSztBrVeyyyMhSIQKbvU4hbl0_VZFNjELc4gl3cEHrfsWRj4O5M2pgURXD6_8OfCUjguulBtHQz0-xiViciO_f8mbW1gEIaN-I8wblEAdZ0yjjOkVXob5NC40ShKENWBwPEw5AHbHBZUzd-693-SQEw2ynKIdyLv3dO2D9mVr1G50772mkoKaCsuNu50PhyDo3cE5HDV20u46cKZRjF-gIdmmsE_iKORqDofTG6ZWcddiQVpIJksfxauCH9MVd4mact35WGitBRf40Ne0EAzxoudmEDBAwMx0AQd8afOZZs4WncXgRy-KEpBUo-UdGPbETchqX_4JVkRKgX8derKkI_UF0HBPPaSS9IAEtyd8urYvkHFyY1lzhZGHX00u9prw%252C%252C HTTP 302
    https://aditmedia.g2afse.com/click?pid=10&offer_id=16337&sub1=167714344010000TESTV424540939964Vd2&sub2=3744083-1201103531-0&sub3=86077 HTTP 302
    https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=10_3744083-1201103531-0&s3=63f72d90d609970001c1e1e2 Page URL
  4. https://xpprinx2.com//565/?ip=146.70.128.172&utm_content=338447&utm_term=&utm_source=AJEt92MPKgUAgkMCAEVTFwASAOgaWk8A HTTP 301
    https://pufgilsofp.sbs/aebd8a4f08930a4f3a02d32f3a72335aJNWeoh51a5FUzJgJebjUOMbfacVtTyVbsguwEZ3f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://www.affforce.com/scripts/un981c6l?a_aid=8ab541d9&a_bid=a6ae2671&chan=hb0 HTTP 301
  • https://331hwh.com/g?visitorid=5acd93d2f0204b7fd2078d90Q6B1KL34&refid=8ab541d9&bannerid=a6ae2671&extra_data1=&extra_data2= HTTP 302
  • https://go.tffkroute.com/click?pid=6&offer_id=617&ref_id=5acd93d2f0204b7fd2078d90Q6B1KL34_8ab541d9_a6ae2671&sub1=8ab541d9&sub8= HTTP 302
  • https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07
Request Chain 10
  • https://directdexchange.com/jump/next.php?stamat=m%257CNuYjPiY2aQdHkAH0dEdHP3xP.667%252CS0kXXHXf2ck-DOZ9HRvwuHBBkOfRBRZOnRd2sBvXZMjUSxJNnQqblUqAbDUG2SyjoXawHv_S85xeQCoOx_XhFbw3BC4Kg_bdYUuagK4QCNiIINNHMfWNVVZBQqd0RXmvezygJjeTE0U-cXGAtpewqg%252C%252C&cbpage=https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07&cbur=0.15582183991801513&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fdirkwin.com%2F HTTP 302
  • https://directdexchange.com/script/i.php?t=1&stamat=m%257C%252C%252Cw3K2YiZ7tGU3B5-GH0dEdHP3xP.b59%252C46C3aERO_4uOpvW1HcdW8LSuLLFQ0pZ-4O7Guko0LxQCHPT3i9YFhpNGbZ6nu8rDeahwgwnIGh8JoJIAU-BmY5YaxvE2FiWMDupI9WJzZTdX7B4lreISJsVt9T2VmSovqVJUuJ88Sf4Bq76pGYhjcFjGJ263Gsa3uEAl5FB7OxyNO8ES5HWL_IZTe45iug4pq1HiF9hh2aoOAey6RYPfkbSztBrVeyyyMhSIQKbvU4hbl0_VZFNjELc4gl3cEHrfsWRj4O5M2pgURXD6_8OfCUjguulBtHQz0-xiViciO_f8mbW1gEIaN-I8wblEAdZ0yjjOkVXob5NC40ShKENWBwPEw5AHbHBZUzd-693-SQEw2ynKIdyLv3dO2D9mVr1G50772mkoKaCsuNu50PhyDo3cE5HDV20u46cKZRjF-gIdmmsE_iKORqDofTG6ZWcddiQVpIJksfxauCH9MVd4mact35WGitBRf40Ne0EAzxoudmEDBAwMx0AQd8afOZZs4WncXgRy-KEpBUo-UdGPbETchqX_4JVkRKgX8derKkI_UF0HBPPaSS9IAEtyd8urYvkHFyY1lzhZGHX00u9prw%252C%252C HTTP 302
  • https://aditmedia.g2afse.com/click?pid=10&offer_id=16337&sub1=167714344010000TESTV424540939964Vd2&sub2=3744083-1201103531-0&sub3=86077 HTTP 302
  • https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=10_3744083-1201103531-0&s3=63f72d90d609970001c1e1e2

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
akoce.php
dirkwin.com/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:840:0:3469:df81:1 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/7.4.33
Resource Hash
d2ce72dd367b337d653b06d7cf98cb7c607ecbf5a01ac40dc94ae4929c99033e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
989
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Thu, 23 Feb 2023 09:10:38 GMT
platform
hostinger
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
style.css
dirkwin.com/include/css/ 		2 KB
825 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dirkwin.com/include/css/style.css
Requested by
Host: dirkwin.com
URL: https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:840:0:3469:df81:1 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1427c68123b706628304227b0877d16a6b9ffe0b16b3c9d20345425b3805db84
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:38 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Tue, 06 Sep 2022 20:20:10 GMT
server
LiteSpeed
etag
"865-6317ab7a-30c8d0cb6d8802a0;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
687
expires
Thu, 02 Mar 2023 09:10:38 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
Requested by
Host: dirkwin.com
URL: https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://dirkwin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
1074
age
2976475
cdn-cachedat
12/25/2022 15:19:30
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"04425bbdc6243fc6e54bf8984fe50330"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
63e9842556919c9f66ed02b059b661ce
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
79ded45bda141bc1-MAD
cdn-requestpullsuccess
True
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/ 		115 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css
Requested by
Host: dirkwin.com
URL: https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://dirkwin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
947
age
7193924
cdn-cachedat
07/16/2022 17:44:58
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:58 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"eedf9ee80c2faa4e1b9ab9017cdfcb88"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
c431d11bb849750b2278d5a38aef1fb1
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
79ded45bda161bc1-MAD
cdn-requestpullsuccess
True
bootstrap-theme.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/ 		19 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css
Requested by
Host: dirkwin.com
URL: https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2453e31f9c5e0dbee528d11f97a85edf897ed93406954ce8e475f0244abf249a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://dirkwin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
602
age
10900874
cdn-cachedat
09/25/2021 10:12:45
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:58 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
server
cloudflare
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
a96b763838ffdd30cfdb574f54db7a49
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
79ded45bda181bc1-MAD
cdn-requestpullsuccess
True
load.gif
dirkwin.com/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dirkwin.com/load.gif
Requested by
Host: dirkwin.com
URL: https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:b:840:0:3469:df81:1 Phoenix, United States, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
9eb442caf593ea96298bcb44a7fb79f24c414ceeece61aea0357e44008889602
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:38 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 02 Dec 2022 16:11:19 GMT
server
LiteSpeed
etag
"7507-638a23a7-89e971af63436017;;;"
content-type
image/gif
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
29959
expires
Thu, 02 Mar 2023 09:10:38 GMT
js15_as.js
s10.histats.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: dirkwin.com
URL: https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://dirkwin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:06:20 GMT
content-encoding
br
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
x-cacheable
Matched cache
x-cdn-pop-ip
51.254.41.128/25
etag
"-375139978"
content-type
text/javascript
x-cdn-pop
rbx1
accept-ranges
bytes
content-length
4364
x-request-id
110690438
0.php
s4.histats.com/stats/ 		47 B
181 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?4723820&@f16&@g1&@h1&@i1&@j1677143438959&@k0&@l1&@mGet%20You%20Winer&@n0&@o1000&@q0&@r0&@s511&@ten-US&@u1600&@b1:30881210&@b3:1677143439&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fdirkwin.com%2Fakoce.php%3Fsub%3Dhb0%26sa%3DD%26sntz%3D1%26usg%3DAOvVaw2TZxv1YHRwz1ti3U6DOjEy&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.39.156.32 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns562579.ip-54-39-156.net
Software
/
Resource Hash

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://dirkwin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Thu, 23 Feb 2023 09:10:39 GMT
Connection
close
Content-Length
47
Content-Type
text/html;charset=UTF-8
cc_511.js
s10.histats.com/counters/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s10.histats.com/counters/cc_511.js
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
056c49d5e33c04e80cc64e849f28b2d64398c56a86650788fe73207fa4c6823c

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://dirkwin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:07:54 GMT
content-encoding
br
last-modified
Thu, 16 Apr 2020 10:45:32 GMT
x-cacheable
Matched cache
x-cdn-pop-ip
51.254.41.128/25
etag
"1364484781"
content-type
text/javascript
x-cdn-pop
rbx1
accept-ranges
bytes
content-length
5984
x-request-id
82608323
next.php
directdexchange.com/jump/
Redirect Chain
  • https://www.affforce.com/scripts/un981c6l?a_aid=8ab541d9&a_bid=a6ae2671&chan=hb0
  • https://331hwh.com/g?visitorid=5acd93d2f0204b7fd2078d90Q6B1KL34&refid=8ab541d9&bannerid=a6ae2671&extra_data1=&extra_data2=
  • https://go.tffkroute.com/click?pid=6&offer_id=617&ref_id=5acd93d2f0204b7fd2078d90Q6B1KL34_8ab541d9_a6ae2671&sub1=8ab541d9&sub8=
  • https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.70.46 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
46.70.201.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Referer
https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 23 Feb 2023 09:10:40 GMT
server
openresty
via
1.1 google

Redirect headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
79ded4633fa269fd-MAD
content-length
0
date
Thu, 23 Feb 2023 09:10:39 GMT
location
https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2gxtwl1qqV6vIKsSfM6VPrM%2B2gK7RNiAKbWi3ky1NWj%2FIbst7MldnI3VtqsS7JVdcBRkxL6xK7jED6BD2OKyd4W5iu78xI%2Fz%2FRwXHLEcPDUEyaZpzHL9aVTKtJhw9zANfVVvcVZH4kAMj4OKnTHu"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-adjust-use-original-forwarded-for
1
GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921
startd0wnload22x.com/
Redirect Chain
  • https://directdexchange.com/jump/next.php?stamat=m%257CNuYjPiY2aQdHkAH0dEdHP3xP.667%252CS0kXXHXf2ck-DOZ9HRvwuHBBkOfRBRZOnRd2sBvXZMjUSxJNnQqblUqAbDUG2SyjoXawHv_S85xeQCoOx_XhFbw3BC4Kg_bdYUuagK4QCNiII...
  • https://directdexchange.com/script/i.php?t=1&stamat=m%257C%252C%252Cw3K2YiZ7tGU3B5-GH0dEdHP3xP.b59%252C46C3aERO_4uOpvW1HcdW8LSuLLFQ0pZ-4O7Guko0LxQCHPT3i9YFhpNGbZ6nu8rDeahwgwnIGh8JoJIAU-BmY5YaxvE2Fi...
  • https://aditmedia.g2afse.com/click?pid=10&offer_id=16337&sub1=167714344010000TESTV424540939964Vd2&sub2=3744083-1201103531-0&sub3=86077
  • https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=10_3744083-1201103531-0&s3=63f72d90d609970001c1e1e2
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=10_3744083-1201103531-0&s3=63f72d90d609970001c1e1e2
Requested by
Host: directdexchange.com
URL: https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.72.236.34 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-68ab541d9-617-5f0f018d2bdea5690c593f07
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Thu, 23 Feb 2023 09:10:41 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

access-control-allow-origin
*
content-length
0
date
Thu, 23 Feb 2023 09:10:40 GMT
location
https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=10_3744083-1201103531-0&s3=63f72d90d609970001c1e1e2
server
nginx
x-adjust-use-original-forwarded-for
1
Primary Request aebd8a4f08930a4f3a02d32f3a72335aJNWeoh51a5FUzJgJebjUOMbfacVtTyVbsguwEZ3f
pufgilsofp.sbs/
Redirect Chain
  • https://xpprinx2.com//565/?ip=146.70.128.172&utm_content=338447&utm_term=&utm_source=AJEt92MPKgUAgkMCAEVTFwASAOgaWk8A
  • https://pufgilsofp.sbs/aebd8a4f08930a4f3a02d32f3a72335aJNWeoh51a5FUzJgJebjUOMbfacVtTyVbsguwEZ3f
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pufgilsofp.sbs/aebd8a4f08930a4f3a02d32f3a72335aJNWeoh51a5FUzJgJebjUOMbfacVtTyVbsguwEZ3f
Requested by
Host: startd0wnload22x.com
URL: https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=10_3744083-1201103531-0&s3=63f72d90d609970001c1e1e2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04de105aeb49dae58168665da3a532e944d55081acdbdc76bb69420312cfa91d

Request headers

Referer
https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=10_3744083-1201103531-0&s3=63f72d90d609970001c1e1e2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
79ded46eab013857-MAD
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 23 Feb 2023 09:10:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yuM6uR9LbwAZxyflO%2BXHe1g%2FjaLKMIu9q18sAeUpDeuibPyuy%2BC5CdGA%2Ft1lIxpQSKtnygw%2FgSEWlNfmJ31UVWW6fUNYmGDtmjNyiyNDYsSE641Hbtt0BarbAuNJLRr7sBV9B%2FPbL8uhDUP9jw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Thu, 23 Feb 2023 09:10:41 GMT
Location
https://pufgilsofp.sbs/aebd8a4f08930a4f3a02d32f3a72335aJNWeoh51a5FUzJgJebjUOMbfacVtTyVbsguwEZ3f
Referrer-Policy
no-referrer
Server
nginx/1.20.1
Transfer-Encoding
chunked
api.js
www.hcaptcha.com/1/ 		284 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hcaptcha.com/1/api.js
Requested by
Host: pufgilsofp.sbs
URL: https://pufgilsofp.sbs/aebd8a4f08930a4f3a02d32f3a72335aJNWeoh51a5FUzJgJebjUOMbfacVtTyVbsguwEZ3f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e8872a88091d881c12793573d56e806a7e70678b38e0493a489d15c38039a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://pufgilsofp.sbs/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 02f18a297253b2e336ff43d5a9bf889c.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
br
x-content-type-options
nosniff
age
0
x-amz-cf-pop
MAD56-P3
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Feb 2023 12:05:43 GMT
server
cloudflare
etag
W/"e1535a0d2a29d84a9f24f2c0b6a8bb3c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=120
cf-ray
79ded46fb8b003fe-MAD
x-amz-cf-id
V_AjFI8g87_6gNS9Lg_p637MYd6ndjMx5_PsqkBtJHI6R8EB8Y-Uyg==
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/ Frame 8EE9 		2 KB
929 B 		Document
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
Requested by
Host: www.hcaptcha.com
URL: https://www.hcaptcha.com/1/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ed44f125fa65176b2ec9f2235ad506357a7152e467bf8c04f977f9ee8370645
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pufgilsofp.sbs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

access-control-allow-origin
*
age
232864
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=1209600
cf-cache-status
HIT
cf-ray
79ded47069d103fe-MAD
content-encoding
br
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Thu, 23 Feb 2023 09:10:41 GMT
last-modified
Mon, 20 Feb 2023 12:05:43 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 f473936e71a9f0fdba71f74b7909ccf0.cloudfront.net (CloudFront)
x-amz-cf-id
2pyorOy4E0iOsnxpNxvpMwMuKHEsB5xAwJ2BTEagP4JoegfSAMTWfw==
x-amz-cf-pop
MAD56-P3
x-cache
Hit from cloudfront
x-content-type-options
nosniff
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/ Frame 6048 		2 KB
829 B 		Document
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
Requested by
Host: www.hcaptcha.com
URL: https://www.hcaptcha.com/1/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ed44f125fa65176b2ec9f2235ad506357a7152e467bf8c04f977f9ee8370645
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pufgilsofp.sbs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

access-control-allow-origin
*
age
232864
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=1209600
cf-cache-status
HIT
cf-ray
79ded47069d403fe-MAD
content-encoding
br
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Thu, 23 Feb 2023 09:10:42 GMT
last-modified
Mon, 20 Feb 2023 12:05:43 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 f473936e71a9f0fdba71f74b7909ccf0.cloudfront.net (CloudFront)
x-amz-cf-id
2pyorOy4E0iOsnxpNxvpMwMuKHEsB5xAwJ2BTEagP4JoegfSAMTWfw==
x-amz-cf-pop
MAD56-P3
x-cache
Hit from cloudfront
x-content-type-options
nosniff
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/a0e2c1c/ Frame 8EE9 		284 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/hcaptcha.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e8872a88091d881c12793573d56e806a7e70678b38e0493a489d15c38039a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
Origin
https://newassets.hcaptcha.com
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 02f18a297253b2e336ff43d5a9bf889c.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
br
x-content-type-options
nosniff
age
232866
x-amz-cf-pop
MAD56-P3
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Feb 2023 12:05:43 GMT
server
cloudflare
etag
W/"e1535a0d2a29d84a9f24f2c0b6a8bb3c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
cf-ray
79ded470ba5a03fe-MAD
x-amz-cf-id
V_AjFI8g87_6gNS9Lg_p637MYd6ndjMx5_PsqkBtJHI6R8EB8Y-Uyg==
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/a0e2c1c/ Frame 6048 		284 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/hcaptcha.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e8872a88091d881c12793573d56e806a7e70678b38e0493a489d15c38039a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
Origin
https://newassets.hcaptcha.com
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 02f18a297253b2e336ff43d5a9bf889c.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
br
x-content-type-options
nosniff
age
232866
x-amz-cf-pop
MAD56-P3
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Feb 2023 12:05:43 GMT
server
cloudflare
etag
W/"e1535a0d2a29d84a9f24f2c0b6a8bb3c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
cf-ray
79ded470ca7403fe-MAD
x-amz-cf-id
V_AjFI8g87_6gNS9Lg_p637MYd6ndjMx5_PsqkBtJHI6R8EB8Y-Uyg==
truncated
/ Frame 6048 		798 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type
image/png
checksiteconfig
hcaptcha.com/ Frame 6048 		554 B
784 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hcaptcha.com/checksiteconfig?v=a0e2c1c&host=pufgilsofp.sbs&sitekey=e82061a0-e640-4f28-aa45-72b4ac92c4ae&sc=1&swa=1
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/hcaptcha.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af5bcf8abac26a4de7c04ca5952ab57208e494b5803bdd41bf9ee6627eae6546
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://newassets.hcaptcha.com/
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 23 Feb 2023 09:10:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-encoding
br
server
cloudflare
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://newassets.hcaptcha.com
access-control-allow-credentials
true
cf-ray
79ded4718ba303fe-MAD
access-control-allow-headers
Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass
2
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
hsw.js
newassets.hcaptcha.com/c/6fdd2f3/ Frame 8EE9 		438 KB
171 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/c/6fdd2f3/hsw.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/hcaptcha.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71359c72331dcb76539f8c4f02a6270367ae83779c1755f72edeebe4422bdb9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 0bf8e445eb97d4dca7a2d98fef6467a2.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
br
x-content-type-options
nosniff
age
187483
x-amz-cf-pop
MAD56-P3
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 20 Feb 2023 14:29:23 GMT
server
cloudflare
etag
W/"fedf9cc937f2c25a9dbd297271ba2cb8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
79ded471fa532f92-MAD
x-amz-cf-id
07h5CU4a7mmZHyB3-JXkjCRgQ5t_1xkN58VQ8LWPbpOWHfQyhxMOQw==
e
newassets.hcaptcha.com/i/6fdd2f3/ Frame 8EE9 		118 KB
119 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/i/6fdd2f3/e
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/hcaptcha.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b402d2371fa62944d88162cf2e1787a37fd5c71c168dd433e5c1e9a42f68dab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://newassets.hcaptcha.com/captcha/v1/a0e2c1c/static/hcaptcha.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Thu, 23 Feb 2023 09:10:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 dfd3734acf4e73247eaa30d1937f8b68.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-content-type-options
nosniff
age
187483
x-amz-cf-pop
MAD56-P3
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
121146
last-modified
Mon, 20 Feb 2023 14:29:21 GMT
server
cloudflare
etag
"2405fefd341356bd5fc8e686e607be57"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=3024000
accept-ranges
bytes
cf-ray
79ded473cd402f92-MAD
x-amz-cf-id
oM9-vaJmKoH7-hQeGhrtxk4eoGnCc_PZCOPbqzCfSCf3z-0K58GnEg==
e82061a0-e640-4f28-aa45-72b4ac92c4ae
hcaptcha.com/getcaptcha/ Frame 8EE9 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hcaptcha.com
URL
https://hcaptcha.com/getcaptcha/e82061a0-e640-4f28-aa45-72b4ac92c4ae

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless object| oncontentvisibilityautostatechange function| onSubmit object| Raven object| hcaptcha object| grecaptcha

13 Cookies

Domain/Path Name / Value
dirkwin.com/ Name: HstCfa4723820
Value: 1677143438959
dirkwin.com/ Name: HstCla4723820
Value: 1677143438959
dirkwin.com/ Name: HstCmu4723820
Value: 1677143438959
dirkwin.com/ Name: HstPn4723820
Value: 1
dirkwin.com/ Name: HstPt4723820
Value: 1
dirkwin.com/ Name: HstCnv4723820
Value: 1
dirkwin.com/ Name: HstCns4723820
Value: 1
www.affforce.com/ Name: PAPAffiliateId
Value: 8ab541d9
www.affforce.com/ Name: PAPVisitorId
Value: 5acd93d2f0204b7fd2078d90Q6B1KL34
.affforce.com/ Name: __cf_bm
Value: AVn8GyUGjDkTvUvkbPoxM4wxvp1U23wPZnGJv9IjLoc-1677143439-0-AXoizC9madCZaTzaNc/iZBNdUpzbtcJ7fvPMHXAmJmfHMjlDbFsthXq0mbQtyzIIT3X4EYkyV6pimU23KH88UtI=
aditmedia.g2afse.com/ Name: afclick
Value: 63f72d90d609970001c1e1e2
aditmedia.g2afse.com/ Name: afoffers
Value: {"16337":1677143440}
startd0wnload22x.com/ Name: bd_context
Value: YlcMQgJ07QdpBUaegIbzn2l+LQWZv+/IBzxxtWuh5wX8qP/db+JSNinig+Y+fNWXMwOncHl5GXV1YfohQZQz32IpqzupRj6FA8CkfTtqTLM48E7vP3946V2TZVSgXeg2AEKWA31nm4HfCBrbhfwO0Rg4Xfi4v/4U6SH7SpBzA0900LVxUoq3GV9VHxE+prH6xDYkcxaBh39vSKP4BadtOHqpbf1zbomyL3y3ayqz9COr6vkQlgQqVKPQbpMsZP34mYNVCV7rtTHvwM6SiDwRtSDjYoXPuqVwislT1IY0DEfu9PEMcn6/ny83l9G+5LbvrWZk1jVYeAQ=

1 Console Messages

Source Level URL
Text
network error URL: https://dirkwin.com/akoce.php?sub=hb0&sa=D&sntz=1&usg=AOvVaw2TZxv1YHRwz1ti3U6DOjEy
Message:
Failed to load resource: the server responded with a status of 500 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

331hwh.com
aditmedia.g2afse.com
directdexchange.com
dirkwin.com
go.tffkroute.com
hcaptcha.com
maxcdn.bootstrapcdn.com
newassets.hcaptcha.com
pufgilsofp.sbs
s10.histats.com
s4.histats.com
startd0wnload22x.com
www.affforce.com
www.hcaptcha.com
xpprinx2.com
hcaptcha.com
104.16.168.131
188.72.236.238
188.72.236.34
2606:4700:10::6816:598
2606:4700:3030::ac43:ca25
2606:4700:3032::6815:4480
2606:4700::6812:bcf
2a02:4780:b:840:0:3469:df81:1
2a06:98c1:3120::3
34.91.234.242
35.201.70.46
46.105.201.240
54.39.156.32
04de105aeb49dae58168665da3a532e944d55081acdbdc76bb69420312cfa91d
056c49d5e33c04e80cc64e849f28b2d64398c56a86650788fe73207fa4c6823c
0b402d2371fa62944d88162cf2e1787a37fd5c71c168dd433e5c1e9a42f68dab
0ed44f125fa65176b2ec9f2235ad506357a7152e467bf8c04f977f9ee8370645
1427c68123b706628304227b0877d16a6b9ffe0b16b3c9d20345425b3805db84
2453e31f9c5e0dbee528d11f97a85edf897ed93406954ce8e475f0244abf249a
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2e8872a88091d881c12793573d56e806a7e70678b38e0493a489d15c38039a2e
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
71359c72331dcb76539f8c4f02a6270367ae83779c1755f72edeebe4422bdb9d
9eb442caf593ea96298bcb44a7fb79f24c414ceeece61aea0357e44008889602
af5bcf8abac26a4de7c04ca5952ab57208e494b5803bdd41bf9ee6627eae6546
d2ce72dd367b337d653b06d7cf98cb7c607ecbf5a01ac40dc94ae4929c99033e
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5