Submitted URL: https://5xr3x1.bar/zp/?|=en&x=1
Effective URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Submission: On December 03 via manual from US

Summary

This website contacted 12 IPs in 5 countries across 12 domains to perform 30 HTTP transactions. The main IP is 2606:4700:3034::681c:993, located in United States and belongs to CLOUDFLARENET, US. The main domain is t4fvxv.bar.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 2nd 2020. Valid for: a year.
This is the only time t4fvxv.bar was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:3::621 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
17 151.101.112.193 54113 (FASTLY)
2 185.66.200.220 201702 (SKHOSTING-EU)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 103.235.46.191 55967 (BAIDU Bei...)
1 2a00:1450:400... 15169 (GOOGLE)
30 12
Domain Requested by
17 i.imgur.com t4fvxv.bar
2 hm.baidu.com t4fvxv.bar
2 uprimp.com t4fvxv.bar
uprimp.com
1 www.google-analytics.com www.googletagmanager.com
1 ajax.googlescdn.com t4fvxv.bar
1 cdn.onesignal.com t4fvxv.bar
1 www.googletagmanager.com t4fvxv.bar
1 cdn.jsdelivr.net t4fvxv.bar
1 ajax.googleapis.com t4fvxv.bar
1 lb.href.style t4fvxv.bar
1 t4fvxv.bar 5xr3x1.bar
1 5xr3x1.bar
30 12

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-12-02 -
2021-12-01
a year crt.sh
upload.video.google.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-26 -
2021-04-17
6 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.imgur.com
DigiCert SHA2 Secure Server CA
2020-01-15 -
2022-03-16
2 years crt.sh
uprimp.com
Let's Encrypt Authority X3
2020-10-15 -
2021-01-13
3 months crt.sh
baidu.com
GlobalSign Organization Validation CA - SHA256 - G2
2020-10-20 -
2021-07-26
9 months crt.sh

This page contains 2 frames:

Primary Page: https://t4fvxv.bar/zp/l.php?l=en&x=1
Frame ID: 2601289C3804842D10C6A8D42B6A8DAB
Requests: 29 HTTP requests in this frame

Frame: https://uprimp.com/bnr_xload.php?section=General&pub=518855&format=300x50&ga=g&xt=160700329758936&xtt=9954476
Frame ID: 7BA80CBBE13D28AD98F64304FCD7770D
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://5xr3x1.bar/zp/?|=en&x=1 Page URL
  2. https://t4fvxv.bar/zp/l.php?l=en&x=1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

30
Requests

100 %
HTTPS

75 %
IPv6

12
Domains

12
Subdomains

12
IPs

5
Countries

314 kB
Transfer

513 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://5xr3x1.bar/zp/?|=en&x=1 Page URL
  2. https://t4fvxv.bar/zp/l.php?l=en&x=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
5xr3x1.bar/zp/
705 B
916 B
Document
General
Full URL
https://5xr3x1.bar/zp/?|=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bafa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e58a7a328fdacf3c6480702267c5f0b5c928611423c6b1dea816e6ca0de9535
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
5xr3x1.bar
:scheme
https
:path
/zp/?|=en&x=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
content-type
text/html;charset=UTF-8
set-cookie
__cfduid=df137a1cb070b2be41b76e6ea1c4b96e71607003297; expires=Sat, 02-Jan-21 13:48:17 GMT; path=/; domain=.5xr3x1.bar; HttpOnly; SameSite=Lax
vary
Accept-Encoding
access-control-allow-origin
*
strict-transport-security
max-age=31536000
cf-cache-status
DYNAMIC
cf-request-id
06ca756f11000005f16f24e000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mUMHo7hU4ctQocf06wM%2BBNgtSHMdUTeTYbaB8sZa17kIEjE4JAeH7dnDD3nvM5VlaolOkG%2BY7khzSt0GRnBtTTXj71NLftf1rQn%2FLok%2FliJkfVv1FWv%2B"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
5fbdbe91bc2805f1-FRA
content-encoding
br
Primary Request l.php
t4fvxv.bar/zp/
30 KB
9 KB
Document
General
Full URL
https://t4fvxv.bar/zp/l.php?l=en&x=1
Requested by
Host: 5xr3x1.bar
URL: https://5xr3x1.bar/zp/?|=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:993 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9aef95e945b22b9a41c8d85ba869d4ab45e7cbcb8b445c0caf70f53f6253ad3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
t4fvxv.bar
:scheme
https
:path
/zp/l.php?l=en&x=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://5xr3x1.bar/zp/?|=en&x=1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://5xr3x1.bar/zp/?|=en&x=1

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
content-type
text/html;charset=UTF-8
set-cookie
__cfduid=d15c0f1bb329a9ff7598b35fb96b21ca31607003297; expires=Sat, 02-Jan-21 13:48:17 GMT; path=/; domain=.t4fvxv.bar; HttpOnly; SameSite=Lax
vary
Accept-Encoding
access-control-allow-origin
*
strict-transport-security
max-age=31536000
cf-cache-status
DYNAMIC
cf-request-id
06ca756f66000018e519a7a000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=97O%2Fe9knwbRYdfsA2udeIEUDpJJu%2BGp2XUG%2FNOL3%2B8ghdX2Wj1BB6klZhQMeVIwj4q8e%2FEsYmoBr1%2FxlDO45F19%2FuSwzxjfRiy1Se1Y%2FGoj%2FfdGC1yKg"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
5fbdbe923f9018e5-FRA
content-encoding
br
zp.css
lb.href.style/zp/
11 KB
3 KB
Stylesheet
General
Full URL
https://lb.href.style/zp/zp.css?8888112314
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:b429 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
657f9ff16bfb91df2b41e286a3fdcad6124b2cf8048027699eb5a20aee99ed78

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
42831
cf-polished
origSize=17069
cf-bgj
minify
cf-request-id
06ca756fe70000c2e53b34d000000001
last-modified
Wed, 02 Dec 2020 06:04:14 GMT
server
cloudflare
etag
W/"5fc72e5e-42ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=n%2BU%2BRjYCZ4hwJiuFbNVtOnCE%2BYAGyr2T%2BETypMnqRTcOV7rG4TIkSY0KjaSXVLZa68IomLw0dpQuFfHZur7DXy6XVp4abX6hBBg1bKo0WYFv5S%2FLiGNcD%2Fll"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
5fbdbe930f3dc2e5-FRA
expires
Thu, 03 Dec 2020 13:54:26 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.7.2/
93 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 11:20:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
8885
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33845
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Dec 2021 11:20:12 GMT
lazyload.js
cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/
6 KB
2 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.js
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
874cad10027313f3620a770d4a338369833ed5b3913f0793cb8500361b19e6ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
1207338
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
1652
etag
W/"162a-+bHVRc9Mhd3adT/5YJ7eVp2Ssx8"
x-served-by
cache-fra19122-FRA
date
Thu, 03 Dec 2020 13:48:17 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
js
www.googletagmanager.com/gtag/
132 KB
51 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VLP9ZRYVD3
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
35d825b9a14993afb3a1229e6c45589dd12582b117d4271a0f36c24f4eda3f78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51846
x-xss-protection
0
expires
Thu, 03 Dec 2020 13:48:17 GMT
QxVdIpk.png
i.imgur.com/
11 KB
11 KB
Image
General
Full URL
https://i.imgur.com/QxVdIpk.png
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
65ba7a3af22c2d04ba311cf4ca9ebb08402602c3735d9d695988e89c2df29aee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
3649991
x-cache
HIT, HIT
content-length
11099
x-served-by
cache-bwi5148-BWI, cache-hhn4062-HHN
last-modified
Thu, 08 Oct 2020 21:09:36 GMT
server
cat factory 1.0
x-timer
S1607003298.882593,VS0,VE0
etag
"04e39b1285b9e03ee2c234df9a11d1b4"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 120227
onWPk80.png
i.imgur.com/
4 KB
5 KB
Image
General
Full URL
https://i.imgur.com/onWPk80.png
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
9efe7d99c3e0c64ac6110538e24e2fb4b5ba1060df42ec5ac68347bc237cb9ae
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
3651115
x-cache
HIT, HIT
content-length
4426
x-served-by
cache-bwi5132-BWI, cache-hhn4062-HHN
last-modified
Thu, 08 Oct 2020 21:09:51 GMT
server
cat factory 1.0
x-timer
S1607003298.882574,VS0,VE0
etag
"88ca33535639bc0189d81baf4f5f8f11"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119795
srQqDaB.png
i.imgur.com/
36 KB
36 KB
Image
General
Full URL
https://i.imgur.com/srQqDaB.png
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
45e67aaf90fc21d90b8a8028cc9fba85263bc189a6dde6b9221720f883bde1d3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
4861642
x-cache
HIT, HIT
content-length
36941
x-served-by
cache-bwi5127-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:44:54 GMT
server
cat factory 1.0
x-timer
S1607003298.882869,VS0,VE0
etag
"5f88d43a02709b15d8f2a6b36d420ec9"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1390, 120696
yueEctU.png
i.imgur.com/
7 KB
7 KB
Image
General
Full URL
https://i.imgur.com/yueEctU.png
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
d34d6f457782920c55a29892a3b2b784265f3c8c477edcdf4854d89c03f77c26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
4811882
x-cache
HIT, HIT
content-length
7358
x-served-by
cache-bwi5128-BWI, cache-hhn4062-HHN
last-modified
Thu, 08 Oct 2020 21:10:14 GMT
server
cat factory 1.0
x-timer
S1607003298.882845,VS0,VE0
etag
"9272f53af67f64716c4a5f611fe012c2"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119991
4iVeLcI.png
i.imgur.com/
7 KB
7 KB
Image
General
Full URL
https://i.imgur.com/4iVeLcI.png
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
d34d6f457782920c55a29892a3b2b784265f3c8c477edcdf4854d89c03f77c26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
3651112
x-cache
HIT, HIT
content-length
7358
x-served-by
cache-bwi5142-BWI, cache-hhn4062-HHN
last-modified
Thu, 08 Oct 2020 21:10:30 GMT
server
cat factory 1.0
x-timer
S1607003298.882845,VS0,VE0
etag
"9272f53af67f64716c4a5f611fe012c2"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 120124
jCpzF7r.png
i.imgur.com/
7 KB
7 KB
Image
General
Full URL
https://i.imgur.com/jCpzF7r.png
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
d0dc08e4a208955b42de0c08d4269b49b875ababa485caa2bf9a8fd9c086974d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
1278995
x-cache
HIT, HIT
content-length
7070
x-served-by
cache-bwi5147-BWI, cache-hhn4062-HHN
last-modified
Thu, 08 Oct 2020 21:10:45 GMT
server
cat factory 1.0
x-timer
S1607003298.882834,VS0,VE0
etag
"c1ebdc12ac294d85d550ba80c576286c"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 120096
eqtMSAx.png
i.imgur.com/
7 KB
7 KB
Image
General
Full URL
https://i.imgur.com/eqtMSAx.png
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
d0dc08e4a208955b42de0c08d4269b49b875ababa485caa2bf9a8fd9c086974d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
1293937
x-cache
HIT, HIT
content-length
7070
x-served-by
cache-bwi5138-BWI, cache-hhn4062-HHN
last-modified
Thu, 08 Oct 2020 21:11:01 GMT
server
cat factory 1.0
x-timer
S1607003298.914846,VS0,VE0
etag
"c1ebdc12ac294d85d550ba80c576286c"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119772
bnr.php
uprimp.com/
372 B
626 B
Script
General
Full URL
https://uprimp.com/bnr.php?section=General&pub=518855&format=300x50&ga=g
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.200.220 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
Software
nginx /
Resource Hash
ed045807f9482bb6fcaefab894ccf870536a5c8fcbaa6b9a3b0de993aeba68af

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Dec 2020 13:48:17 GMT
last-modified
Thu, 03 Dec 2020 13:48:17 GMT
server
nginx
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-robots-tag
noindex, nofollow, noarchive, nosnippet
expires
Thu, 03 Dec 2020 13:48:17 GMT
OneSignalSDK.js
cdn.onesignal.com/sdks/
8 KB
3 KB
Script
General
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffb110318b55e8d7acaeaa7816d495e33a5000643327241099565537973ed051

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
2028
etag
W/"af07e3bccd7885748057bb532c526ac5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=43200
cf-ray
5fbdbe935a872b29-FRA
cf-request-id
06ca75701a00002b292601c000000001
expires
Fri, 04 Dec 2020 01:48:17 GMT
bnr_xload.php
uprimp.com/ Frame 7BA8
0
0
Document
General
Full URL
https://uprimp.com/bnr_xload.php?section=General&pub=518855&format=300x50&ga=g&xt=160700329758936&xtt=9954476
Requested by
Host: uprimp.com
URL: https://uprimp.com/bnr.php?section=General&pub=518855&format=300x50&ga=g
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.200.220 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

:method
GET
:authority
uprimp.com
:scheme
https
:path
/bnr_xload.php?section=General&pub=518855&format=300x50&ga=g&xt=160700329758936&xtt=9954476
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1

Response headers

server
nginx
date
Thu, 03 Dec 2020 13:48:17 GMT
content-type
text/html; charset=UTF-8
expires
Thu, 03 Dec 2020 13:48:17 GMT
last-modified
Thu, 03 Dec 2020 13:48:17 GMT
cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma
no-cache
x-robots-tag
noindex, nofollow, noarchive, nosnippet
dojo.js
ajax.googlescdn.com/aj+f%C2%81p%C2%92%C2%92%C3%ACU%C3%AF%C2%9Fjo/1.13.1/dojo/
0
624 B
Script
General
Full URL
https://ajax.googlescdn.com/aj+f%C2%81p%C2%92%C2%92%C3%ACU%C3%AF%C2%9Fjo/1.13.1/dojo/dojo.js?1607004
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6812:3918 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
31
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ADkiBK3v%2FRRw9Q6aVjFN326snBxUx8INWly4dSs%2F8xcvxNKJKUKizyq3L0G4vQ%2FmfEnC4Hc0%2FMYWF82Pwi2ZQvfoxabI6xO10V1%2BYoKJa2V9wGVJm8d7sfD3SmbAf5Cg"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
max-age=14400
cf-ray
5fbdbe943ebe176e-FRA
cf-request-id
06ca7570a60000176e1aa43000000001
hm.js
hm.baidu.com/
39 KB
14 KB
Script
General
Full URL
https://hm.baidu.com/hm.js?20bb72bea340db011fea4bd376043246
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
c3113eebf60b25a2642ea9c336809d42a5d910c5cc5826f2dda5bf02e93289a9
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 03 Dec 2020 13:48:18 GMT
Content-Encoding
gzip
Server
apache
Etag
93f7cf09e593d60372ce4542bb41c73d
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
14039
collect
www.google-analytics.com/g/
0
69 B
Other
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-VLP9ZRYVD3&gtm=2oeb41&_p=1795602547&sr=1600x1200&ul=en-us&cid=757912303.1607003298&_s=1&dl=https%3A%2F%2Ft4fvxv.bar%2Fzp%2Fl.php%3Fl%3Den%26x%3D1&dr=https%3A%2F%2F5xr3x1.bar%2Fzp%2F%3F%7C%3Den%26x%3D1&dt=%F0%9F%94%A5Big%20Billion%20Days%F0%9F%8D%80&sid=1607003297&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VLP9ZRYVD3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 03 Dec 2020 13:48:17 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://t4fvxv.bar
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
k51iYls.jpg
i.imgur.com/
10 KB
10 KB
Image
General
Full URL
https://i.imgur.com/k51iYls.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
3f2c38e4844457a4889509e9caf115fbde22aed99e16a37f00773825a438bca4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
1377579
x-cache
HIT, HIT
content-length
10063
x-served-by
cache-bwi5149-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:52:50 GMT
server
cat factory 1.0
x-timer
S1607003298.948538,VS0,VE0
etag
"548e724cd8252d6ced8ff104f0e926fc"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119595
gg3teDe.jpg
i.imgur.com/
14 KB
14 KB
Image
General
Full URL
https://i.imgur.com/gg3teDe.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
c314c9ded65009bbf012ec917e356c9090f18734ff11a0c0f1d8c7bedb589e8f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
1511519
x-cache
HIT, HIT
content-length
14559
x-served-by
cache-bwi5151-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:53:34 GMT
server
cat factory 1.0
x-timer
S1607003298.948536,VS0,VE0
etag
"bbd54540aa28f028266c656711209a08"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119754
jXhB4c6.jpg
i.imgur.com/
9 KB
9 KB
Image
General
Full URL
https://i.imgur.com/jXhB4c6.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
5dcf7385228096087f2f9bbe83f358547ababb0c7953fa90556923a9eda52f00
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
1279010
x-cache
MISS, HIT
content-length
9015
x-served-by
cache-bwi5124-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:54:09 GMT
server
cat factory 1.0
x-timer
S1607003298.948867,VS0,VE0
etag
"8403bd67531444d816902747ae97ec29"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 119577
1H2Gelw.jpg
i.imgur.com/
9 KB
10 KB
Image
General
Full URL
https://i.imgur.com/1H2Gelw.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
12e4190c220a33dd8e35dceb7f9f41b606a18be2799b2534d357ac0c57d5ec32
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
5097207
x-cache
HIT, HIT
content-length
9578
x-served-by
cache-bwi5123-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:54:50 GMT
server
cat factory 1.0
x-timer
S1607003298.948818,VS0,VE0
etag
"c2bd534720bed1a72194b1351cb43ba2"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
2, 119626
IhePd0v.jpg
i.imgur.com/
17 KB
17 KB
Image
General
Full URL
https://i.imgur.com/IhePd0v.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
d9189296254447b3d055a8d624396c6a2c05df5dc22a28423eb93a6d161f7a4c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
1970644
x-cache
HIT, HIT
content-length
17280
x-served-by
cache-bwi5133-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:55:57 GMT
server
cat factory 1.0
x-timer
S1607003298.948929,VS0,VE0
etag
"a3bd26d7ab55bd2c63b07879f9def803"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119808
AAKwzHS.jpg
i.imgur.com/
11 KB
11 KB
Image
General
Full URL
https://i.imgur.com/AAKwzHS.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
c60a754068772d330b2ce02afe54129c3a72c09471d15e223be8e3c5fc41ce42
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
1273334
x-cache
MISS, HIT
content-length
11015
x-served-by
cache-bwi5130-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:56:27 GMT
server
cat factory 1.0
x-timer
S1607003298.949022,VS0,VE0
etag
"8a4d937871a9fe4b8caa30f064c838b5"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 119605
SMfvBNU.jpg
i.imgur.com/
10 KB
10 KB
Image
General
Full URL
https://i.imgur.com/SMfvBNU.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
ad029c0d7856a48c5c8ba4c7b783055d3d25db886ef58cd3c24b3ffb967578c7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
1254091
x-cache
HIT, HIT
content-length
9786
x-served-by
cache-bwi5146-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:57:17 GMT
server
cat factory 1.0
x-timer
S1607003298.949012,VS0,VE0
etag
"3e155c97556d208a78ec25d7efa64121"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119468
sQZsRZH.jpg
i.imgur.com/
9 KB
9 KB
Image
General
Full URL
https://i.imgur.com/sQZsRZH.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
2ec2570de9af766d00e2f649ed5b1a6e7dcd3a566a911d769a98bbd4c0c70156
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
1278994
x-cache
HIT, HIT
content-length
9308
x-served-by
cache-bwi5150-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:58:30 GMT
server
cat factory 1.0
x-timer
S1607003298.949011,VS0,VE0
etag
"24aadcb98a8f33258a431da6ca1d0ef2"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119366
T5yM1yR.jpg
i.imgur.com/
15 KB
15 KB
Image
General
Full URL
https://i.imgur.com/T5yM1yR.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
b9683fb397cdbd5c41c2b5a8cc570bef5a0525a64e92e997b69e13b285d7e806
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
3651111
x-cache
HIT, HIT
content-length
15604
x-served-by
cache-bwi5130-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:59:07 GMT
server
cat factory 1.0
x-timer
S1607003298.949144,VS0,VE0
etag
"826c1f4c50471b9a624aaa00ce4e540c"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119527
rWJaWux.jpg
i.imgur.com/
10 KB
10 KB
Image
General
Full URL
https://i.imgur.com/rWJaWux.jpg
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
c3877f4d82c7e960621c8c21a4ce37f9da762a5e401adcff5cee9d0f3dd171d2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:48:17 GMT
x-content-type-options
nosniff
age
3653077
x-cache
HIT, HIT
content-length
10423
x-served-by
cache-bwi5150-BWI, cache-hhn4062-HHN
last-modified
Mon, 05 Oct 2020 13:59:51 GMT
server
cat factory 1.0
x-timer
S1607003298.949119,VS0,VE0
etag
"eff6c3d7960e7449c63b5c00518301f5"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 119382
hm.gif
hm.baidu.com/
43 B
299 B
Image
General
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=276681389&si=20bb72bea340db011fea4bd376043246&su=https%3A%2F%2F5xr3x1.bar%2Fzp%2F%3F%7C%3Den%26x%3D1&v=1.2.80&lv=1&sn=19565&r=0&ww=1600&ct=!!&u=https%3A%2F%2Ft4fvxv.bar%2Fzp%2Fl.php%3Fl%3Den%26x%3D1%231607003298407&tt=%F0%9F%94%A5Big%20Billion%20Days%F0%9F%8D%80
Requested by
Host: t4fvxv.bar
URL: https://t4fvxv.bar/zp/l.php?l=en&x=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Referer
https://t4fvxv.bar/zp/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Dec 2020 13:48:19 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| lazyload function| LazyLoad string| tranDomain string| daoliang_url string| alertTip string| alertTip2 string| alertTip3 string| alertTip4 string| like_str string| shareBtn string| ogDescription string| tipnstr string| share_detail string| returnUrl object| returnUrls string| appName object| google_tag_manager object| dataLayer number| qs function| spinnerAction function| startSpin function| spin2 string| tiaoban object| _0x2636 function| _0x5439 function| _0xf07c14 number| t object| _hmt function| incrementValue1 function| incrementValue_i function| fn1_i function| incrementValue_a function| fn1_a function| tipn function| set_Cookie function| get_Cookie function| getQueryString function| chooseApp function| lasthtml function| dapp function| record string| j string| banner string| theme function| hh1 function| jp function| fh function| gtag object| google_tag_data object| gaGlobal object| OneSignal function| onYouTubeIframeAPIReady boolean| _bdhm_loaded_20bb72bea340db011fea4bd376043246 object| mini_tangram_log_d0q84r

7 Cookies

Domain/Path Name / Value
.t4fvxv.bar/ Name: Hm_lpvt_20bb72bea340db011fea4bd376043246
Value: 1607003300
.t4fvxv.bar/ Name: Hm_lvt_20bb72bea340db011fea4bd376043246
Value: 1607003300
.t4fvxv.bar/ Name: __cfduid
Value: d15c0f1bb329a9ff7598b35fb96b21ca31607003297
.t4fvxv.bar/ Name: _ga_VLP9ZRYVD3
Value: GS1.1.1607003297.1.0.1607003297.0
.t4fvxv.bar/ Name: _ga
Value: GA1.1.757912303.1607003298
t4fvxv.bar/ Name: sp
Value: sp
t4fvxv.bar/ Name: null
Value: null

1 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1)
Message:
OneSignal: Using fallback ES5 Stub for backwards compatibility.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5xr3x1.bar
ajax.googleapis.com
ajax.googlescdn.com
cdn.jsdelivr.net
cdn.onesignal.com
hm.baidu.com
i.imgur.com
lb.href.style
t4fvxv.bar
uprimp.com
www.google-analytics.com
www.googletagmanager.com
103.235.46.191
151.101.112.193
185.66.200.220
2606:4700:3032::ac43:bafa
2606:4700:3034::681c:993
2606:4700:3035::6812:3918
2606:4700:3036::ac43:b429
2606:4700::6812:e134
2a00:1450:4001:806::2008
2a00:1450:4001:820::200a
2a00:1450:4001:824::200e
2a04:4e42:3::621
12e4190c220a33dd8e35dceb7f9f41b606a18be2799b2534d357ac0c57d5ec32
2ec2570de9af766d00e2f649ed5b1a6e7dcd3a566a911d769a98bbd4c0c70156
35d825b9a14993afb3a1229e6c45589dd12582b117d4271a0f36c24f4eda3f78
3e58a7a328fdacf3c6480702267c5f0b5c928611423c6b1dea816e6ca0de9535
3f2c38e4844457a4889509e9caf115fbde22aed99e16a37f00773825a438bca4
45e67aaf90fc21d90b8a8028cc9fba85263bc189a6dde6b9221720f883bde1d3
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
5dcf7385228096087f2f9bbe83f358547ababb0c7953fa90556923a9eda52f00
657f9ff16bfb91df2b41e286a3fdcad6124b2cf8048027699eb5a20aee99ed78
65ba7a3af22c2d04ba311cf4ca9ebb08402602c3735d9d695988e89c2df29aee
874cad10027313f3620a770d4a338369833ed5b3913f0793cb8500361b19e6ea
9efe7d99c3e0c64ac6110538e24e2fb4b5ba1060df42ec5ac68347bc237cb9ae
ad029c0d7856a48c5c8ba4c7b783055d3d25db886ef58cd3c24b3ffb967578c7
b9683fb397cdbd5c41c2b5a8cc570bef5a0525a64e92e997b69e13b285d7e806
c3113eebf60b25a2642ea9c336809d42a5d910c5cc5826f2dda5bf02e93289a9
c314c9ded65009bbf012ec917e356c9090f18734ff11a0c0f1d8c7bedb589e8f
c3877f4d82c7e960621c8c21a4ce37f9da762a5e401adcff5cee9d0f3dd171d2
c60a754068772d330b2ce02afe54129c3a72c09471d15e223be8e3c5fc41ce42
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0dc08e4a208955b42de0c08d4269b49b875ababa485caa2bf9a8fd9c086974d
d34d6f457782920c55a29892a3b2b784265f3c8c477edcdf4854d89c03f77c26
d9189296254447b3d055a8d624396c6a2c05df5dc22a28423eb93a6d161f7a4c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed045807f9482bb6fcaefab894ccf870536a5c8fcbaa6b9a3b0de993aeba68af
f9aef95e945b22b9a41c8d85ba869d4ab45e7cbcb8b445c0caf70f53f6253ad3
ffb110318b55e8d7acaeaa7816d495e33a5000643327241099565537973ed051