urlscan.io logo urlscan.io
SecurityTrails logo

vresk.xyz Open in urlscan Pro
107.180.114.239  Public Scan

Go To Rescan Add Verdict Report
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Submission: On December 31 via manual from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 5 countries across 11 domains to perform 31 HTTP transactions. The main IP is 107.180.114.239, located in Ashburn, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is vresk.xyz.
TLS certificate: Issued by R10 on November 16th 2024. Valid for: 3 months.
This is the only time vresk.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 107.180.114.239 26496 (AS-26496-...)
2 104.18.11.207 13335 (CLOUDFLAR...)
1 10 199.232.192.193 54113 (FASTLY)
2 172.66.44.220 13335 (CLOUDFLAR...)
2 185.66.200.220 201702 (SKHOSTING...)
3 157.240.0.35 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42::649 54113 (FASTLY)
1 2 23.38.98.78 20940 (AKAMAI-AS...)
3 142.250.185.67 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 54.39.156.32 16276 (OVH OVH SAS)
2 2a02:26f0:480... 20940 (AKAMAI-AS...)
2 2a02:26f0:350... 20940 (AKAMAI-AS...)
31 14
1    107.180.114.239 (Ashburn, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 239.114.180.107.host.secureserver.net
vresk.xyz
2    104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
10    199.232.192.193 (United States)

ASN54113 (FASTLY, US)
i.imgur.com
2    172.66.44.220 (United States)

ASN13335 (CLOUDFLARENET, US)
od-jsc.pages.dev
2    185.66.200.220 (Slovakia)

ASN201702 (SKHOSTING-EU skHosting.eu s.r.o., SK)
PTR: 185.66.200.220.skhosting.eu
udbaa.com
3    157.240.0.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra3.facebook.com
www.facebook.com
1    2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
encrypted-tbn0.gstatic.com
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
2    23.38.98.78 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-38-98-78.deploy.static.akamaitechnologies.com
img1.wsimg.com
3    142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net
fonts.gstatic.com
1    2606:4700:10::6814:345 (United States)

ASN13335 (CLOUDFLARENET, US)
s10.histats.com
1    54.39.156.32 (Québec, Canada)

ASN16276 (OVH OVH SAS, FR)
PTR: ns562579.ip-54-39-156.net
s4.histats.com
2    2a02:26f0:480:36::212:4008 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
events.api.secureserver.net
2    2a02:26f0:3500:2aa::228b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
csp.secureserver.net
Apex Domain
Subdomains		 Transfer
10 imgur.com
i.imgur.com — Cisco Umbrella Rank: 8961
4 MB
4 secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 13900
csp.secureserver.net — Cisco Umbrella Rank: 13675
556 B
4 gstatic.com
encrypted-tbn0.gstatic.com
fonts.gstatic.com
65 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
3 KB
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 14713
s4.histats.com — Cisco Umbrella Rank: 12589
5 KB
2 wsimg.com
img1.wsimg.com — Cisco Umbrella Rank: 10742
22 KB
2 udbaa.com
udbaa.com — Cisco Umbrella Rank: 738090
990 B
2 pages.dev
od-jsc.pages.dev
2 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1255
83 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 847
33 KB
1 vresk.xyz
vresk.xyz
6 KB
31 11
Domain Requested by
10 i.imgur.com 1 redirects vresk.xyz
3 fonts.gstatic.com od-jsc.pages.dev
3 www.facebook.com vresk.xyz
2 csp.secureserver.net img1.wsimg.com
2 events.api.secureserver.net img1.wsimg.com
2 img1.wsimg.com 1 redirects vresk.xyz
2 udbaa.com vresk.xyz
udbaa.com
2 od-jsc.pages.dev vresk.xyz
2 maxcdn.bootstrapcdn.com vresk.xyz
maxcdn.bootstrapcdn.com
1 s4.histats.com s10.histats.com
1 s10.histats.com vresk.xyz
1 code.jquery.com vresk.xyz
1 encrypted-tbn0.gstatic.com vresk.xyz
1 vresk.xyz
31 14

This site contains no links.

Subject Issuer Validity Valid
webdisk.vresk.xyz
R10		 2024-11-16 -
2025-02-14		 3 months crt.sh
bootstrapcdn.com
WE1		 2024-11-18 -
2025-02-16		 3 months crt.sh
*.imgur.com
Sectigo RSA Domain Validation Secure Server CA		 2024-02-15 -
2025-02-14		 a year crt.sh
od-jsc.pages.dev
WE1		 2024-12-04 -
2025-03-04		 3 months crt.sh
banners.udbaa.com
R11		 2024-12-15 -
2025-03-15		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-10-09 -
2025-01-07		 3 months crt.sh
*.gstatic.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
s10.histats.com
WE1		 2024-12-18 -
2025-03-18		 3 months crt.sh
histats.com
R11		 2024-10-30 -
2025-01-28		 3 months crt.sh
*.api.secureserver.net
Starfield Secure Certificate Authority - G2		 2024-07-15 -
2025-08-16		 a year crt.sh
*.secureserver.net
Starfield Secure Certificate Authority - G2		 2024-10-17 -
2025-11-18		 a year crt.sh

This page contains 2 frames:

Primary Page: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Frame ID: 9C8D028C9DB4E2864F46B315E9E5E86C
Requests: 30 HTTP requests in this frame

Frame: https://udbaa.com/bnr_xload.php?section=jadu1&pub=886613&format=300x250&ga=g&xt=173564539780572&xtt=3713652&dateStr=12/31/2024%2011:43:17
Frame ID: 36E58C94CA3AF2CE786ECDA8A12910BA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

LDL X FR - SHARE

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

31
Requests

94 %
HTTPS

36 %
IPv6

11
Domains

14
Subdomains

14
IPs

5
Countries

4158 kB
Transfer

4340 kB
Size

15
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 301
  • https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
Request Chain 27
  • https://i.imgur.com/Pwey4fF.png HTTP 302
  • https://i.imgur.com/removed.png

31 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
vresk.xyz/lidlchristmas-mofr/ozlshare/ 		22 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.114.239 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
239.114.180.107.host.secureserver.net
Software
Apache /
Resource Hash
d667a09f318afb70d455f58dadf062ddd8ccec00a3ef161a52f6c8c5c4870c22

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
br
content-length
6246
content-type
text/html
date
Tue, 31 Dec 2024 11:43:17 GMT
etag
"25602a3-57f8-629830ef867ed-br"
last-modified
Wed, 18 Dec 2024 03:32:08 GMT
server
Apache
vary
Accept-Encoding
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

cdn-status
200
content-encoding
br
cf-cache-status
HIT
etag
"269550530cc127b6aa5a35925a7de6ce"
age
600553
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Tue, 31 Dec 2024 11:43:17 GMT
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cdn-cache
HIT
cdn-cachedat
11/07/2024 01:04:57
cdn-requestpullcode
200
priority
u=0,i=?0
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
timing-allow-origin
*
cdn-requesttime
0
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
919d2da79013c9f2cbcb7aec6843d854
cross-origin-resource-policy
cross-origin
cdn-pullzone
252412
cdn-proxyver
1.06
cf-ray
8faa02d77bc2cbda-MAD
access-control-allow-origin
*
cdn-edgestorageid
871
server
cloudflare
cdn-requestcountrycode
US
0oSyjYt.jpeg
i.imgur.com/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/0oSyjYt.jpeg
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
bcaaec273188de9ea0bf5fb05be2fcf0991b7b171725307debc52b2eed9ee904
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

etag
"867cdee05ae61f34a1afdab7d79b50de"
age
1745307
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
EZgPoDIyZpHykGYsBmjxfDg61y4b69XS_1jmobcpdOGfDy-CDOo0Ig==
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
image/jpeg
last-modified
Mon, 21 Oct 2024 13:26:06 GMT
x-cache-hits
107, 0
x-served-by
cache-iad-kjyo7100119-IAD, cache-mad2200122-MAD
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1735645398.710788,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
38488
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
css2.css
od-jsc.pages.dev/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://od-jsc.pages.dev/css2.css?family=Poppins:wght@500;700&display=swap
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.44.220 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
842be935d39dcb195e58cafdaf280ac1088b22e48538b4946fe4fb18e9852706
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

content-encoding
br
etag
W/"ea2f2b6f152177bb4346aa8b89e3c5d9"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qxzy%2FsuB%2FVw95I1QcKfL9obaKrG9vB6M9jJieGkS2UBUvJa%2Bi%2Bhk1kFh8IAJli0FJngYt9gwFQiovLfJTw%2FPqy1LcJfMkLKWaAKu%2BgLGXqvB0eS%2FXxRv0k%2F70bys7kaYCTHi"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=38428&min_rtt=38407&rtt_var=14445&sent=12&recv=8&lost=0&retrans=0&sent_bytes=5190&recv_bytes=4605&delivery_rate=83152&cwnd=12000&unsent_bytes=0&cid=535c1bab7c4c0e70&ts=57&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8faa02d78dd4aef1-MAD
access-control-allow-origin
*
server
cloudflare
droidarabicnaskh.css
od-jsc.pages.dev/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://od-jsc.pages.dev/droidarabicnaskh.css
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.44.220 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

content-encoding
br
etag
W/"4c47ee2aa08d75c53fbb400d0a2bd286"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Ns1%2F9hRgbzLGuqO%2FLuEZOCNAbv14312wZN92ZqWk4GL4FuiZVn7TuWHtL7MLp5Bat4XP9YOp%2F7GH49f8iZIA%2Fue%2BrYU5XISiBBBcXeM5fMFc%2BVK0ZoOdua1djOtD7H3kExu"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=38428&min_rtt=38407&rtt_var=14445&sent=11&recv=8&lost=0&retrans=0&sent_bytes=4139&recv_bytes=4605&delivery_rate=83152&cwnd=12000&unsent_bytes=0&cid=535c1bab7c4c0e70&ts=57&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8faa02d78dd2aef1-MAD
access-control-allow-origin
*
server
cloudflare
jnALfwa.gif
i.imgur.com/ 		4 MB
4 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/jnALfwa.gif
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
983163f971593bcd09b71971f8cee6905a2bb8bfc104c68e1c8dacf69b308b08
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

etag
"7a05593d9b060d27822658a98327b755"
age
2095026
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
l286tnMh2_4CiC6eXufipdtmi-_qf33W80QBr-K7bxKO43aCZw_QLA==
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
image/gif
last-modified
Thu, 13 Jun 2024 18:29:56 GMT
x-cache-hits
3477, 0
x-served-by
cache-iad-kiad7000021-IAD, cache-mad2200122-MAD
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1735645398.710938,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
3697349
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
tyZwqYH.gif
i.imgur.com/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/tyZwqYH.gif
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
149eaf5aa045e45c01caed1cad865a60b179d272cec38b09c97a116047efbac0
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

etag
"097002a453fe2427c99c63e74783c359"
age
1230004
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
7DvzEf052Lw-S1c556WhgOD8IAjHrJs8qJjnGfubfrY2ecAQXVRGGA==
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
image/gif
last-modified
Mon, 21 Oct 2024 13:27:36 GMT
x-cache-hits
1, 0
x-served-by
cache-iad-kcgs7200060-IAD, cache-mad2200122-MAD
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1735645398.710912,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
37880
x-amz-cf-pop
IAD61-P5
server
cat factory 1.0
x-amz-server-side-encryption
AES256
bnr.php
udbaa.com/ 		736 B
990 B 		Script
General
Check archive.org
Download Go to
Full URL
https://udbaa.com/bnr.php?section=jadu1&pub=886613&format=300x250&ga=g
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.66.200.220 , Slovakia, ASN201702 (SKHOSTING-EU skHosting.eu s.r.o., SK),
Reverse DNS
185.66.200.220.skhosting.eu
Software
nginx /
Resource Hash
575ff46dd3f23d9d52cb5729c3cebc3a628c472fd5205e7198ab0835c20c3ade

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

x-robots-tag
noindex, nofollow, noarchive, nosnippet
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
expires
Tue, 31 Dec 2024 11:43:17 GMT
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
application/javascript
last-modified
Tue, 31 Dec 2024 11:43:17 GMT
server
nginx
/
www.facebook.com/reaction/image/1635855486666999/ 		815 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/reaction/image/1635855486666999/?size=20&scale=1
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
/
Resource Hash
39d8ba5c57b637434d21319acfa9fe2029cc88839cab8a4767b8854c60339921
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Mon, 13 Jan 2025 00:54:52 +0000
date
Mon, 30 Dec 2024 00:54:53 GMT
content-type
image/png
x-fb-debug
N8Op41cNPotVzEA2DQGBAVhX+kFiGCaPlATjguH8fv357u5biGunun4/z9TsNDcXfvqJ89Q6eVmy6BwWhlYzIQ==
priority
u=2,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
public, max-age=1209600
cross-origin-opener-policy
same-origin-allow-popups
pragma
public
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
content-length
815
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/reaction/image/1678524932434102/ 		816 B
931 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/reaction/image/1678524932434102/?size=20&scale=1
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
/
Resource Hash
81d62c74016d8779cb91019934882095ad606798f3f32327fa4dadf9d023a4d5
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 07:05:11 +0000
date
Sun, 29 Dec 2024 07:05:11 GMT
content-type
image/png
x-fb-debug
bZhCzAj2UjZHtjBmTFiY8CT9eifbq4Vt63KGiH72NlkOiKzNXMfhR+4AltJ75Lwma2kZm50UA3ToV5tbEgwOOw==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
public, max-age=1209600
cross-origin-opener-policy
same-origin-allow-popups
pragma
public
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
content-length
816
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/reaction/image/613557422527858/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/reaction/image/613557422527858/?size=20&scale=1
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra3.facebook.com
Software
/
Resource Hash
7b7cc49ed4945a43ca361ca9e327cd907f5520cec87858b820e02a6db6d55779
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Tue, 14 Jan 2025 03:08:28 +0000
date
Tue, 31 Dec 2024 03:08:29 GMT
content-type
image/png
x-fb-debug
WkbidB++0HGSwckIKKNaSwv7bt0aDkea2r92/kSAeUbivNpCsqneb+RCNrryyYXhzYS7Ii2v2Ya8fih8Tcazfw==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
public, max-age=1209600
cross-origin-opener-policy
same-origin-allow-popups
pragma
public
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
content-length
1179
x-xss-protection
0
origin-agent-cluster
?1
oGJZaIX.jpeg
i.imgur.com/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/oGJZaIX.jpeg
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
0a2e6ed3b4a0ca6616b6f5ef3d5c386f013f9094516044484194a677296b44da
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

etag
"7d6931bdb9512e360f8ec506027c151d"
age
4139243
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
Wb1j_Qstt3ulGiTB1gk7aXad3VX4rEzpDS3nBhjwaTASHtza0j3V7Q==
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
image/jpeg
last-modified
Mon, 21 Oct 2024 14:07:59 GMT
x-cache-hits
633, 6045
x-served-by
cache-iad-kjyo7100103-IAD, cache-mad2200122-MAD
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1735645398.718381,VS0,VE0
accept-ranges
bytes
access-control-allow-origin
*
content-length
29243
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
images
encrypted-tbn0.gstatic.com/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSKzfW8zHEhiPaAudJX8bUrcCNjBTwAbAJgncybzUCLSqldFB11JDJxa-du&s=10
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2121d55da9747eb5a6acfed86ef4e9341d08221f6e1086554ab83bcc8f989f76
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

age
12195
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
x-content-type-options
nosniff
expires
Wed, 31 Dec 2025 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 31 Dec 2024 08:20:02 GMT
last-modified
Sun, 20 Feb 2022 01:29:58 GMT
content-type
image/jpeg
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
content-length
10888
x-xss-protection
0
server
sffe
mkbZBeJ.jpg
i.imgur.com/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/mkbZBeJ.jpg
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
6ca4c1e71a6ec2f37e4b70bf742ff40240196516c98603f6c7322a7088659a42
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

etag
"8f673604a14bbcdaf68d138e3841acd7"
age
3642687
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
DFHNfMUNjA_PFf1ZPDJw-SxMBwZtvedRqWSd2Tl0og5h4r_zgRQRQQ==
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
image/jpeg
last-modified
Thu, 30 Mar 2023 01:57:24 GMT
x-cache-hits
4101, 0
x-served-by
cache-iad-kjyo7100024-IAD, cache-mad2200122-MAD
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1735645398.718355,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
6022
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
Fvt0UIC.jpg
i.imgur.com/ 		203 KB
204 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/Fvt0UIC.jpg
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
ab401238f8518c6ea9b42dc9ba9e135f5b1960e44f9116571ca4b5544de65529
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

etag
"2666c744088013a2dc7b375b4d08d6ef"
age
3697310
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-amz-storage-class
STANDARD_IA
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
r_GSRR3byNMMPk0r9l-6x7FveAV1T_FLpsL123ym-9pTFvF5xxNj4g==
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
image/jpeg
last-modified
Thu, 30 Mar 2023 01:57:30 GMT
x-cache-hits
16813, 0
x-served-by
cache-iad-kcgs7200076-IAD, cache-mad2200122-MAD
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1735645398.718332,VS0,VE2
accept-ranges
bytes
access-control-allow-origin
*
content-length
208029
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
Ien4MZ9.jpg
i.imgur.com/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/Ien4MZ9.jpg
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
25a9a7580de318ccb7e9053ab865df27957505ddabeb067016df9b5256e90d74
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

etag
"f34a5bc89bb04b8209c77a4c77e039aa"
age
1203873
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
MeiC7sBUpBCAps8zFsqFsuMsjGPqu3IriqfhwZV309vxijQO0reO-Q==
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
image/jpeg
last-modified
Mon, 13 Nov 2023 16:16:18 GMT
x-cache-hits
5236, 0
x-served-by
cache-iad-kiad7000072-IAD, cache-mad2200122-MAD
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1735645398.718509,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
5365
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
4OLG3Ex.jpg
i.imgur.com/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/4OLG3Ex.jpg
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
d5a69f76411099493228f406b8eab5ef00fb3b02508344de230027e9ea384360
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

etag
"3e87ee36e0d2f4eed2739d21a8c54956"
age
3614785
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
rLrDpzvb0R5bJgC0eJWfzqcENGOdEZGfHjucoC95aZDMk__v-glscw==
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
image/jpeg
last-modified
Mon, 13 Nov 2023 16:17:45 GMT
x-cache-hits
14467, 20
x-served-by
cache-iad-kcgs7200116-IAD, cache-mad2200122-MAD
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1735645398.718509,VS0,VE0
accept-ranges
bytes
access-control-allow-origin
*
content-length
4331
x-amz-cf-pop
IAD55-P4
server
cat factory 1.0
x-amz-server-side-encryption
AES256
jquery-latest.min.js
code.jquery.com/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-latest.min.js
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

content-encoding
gzip
etag
W/"28feccc0-1762a"
age
4217464
x-cache
HIT, HIT
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
application/javascript; charset=utf-8
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits
11659, 63201
x-served-by
cache-lga21983-LGA, cache-mad22078-MAD
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=604800
x-timer
S1735645398.718606,VS0,VE0
cross-origin-resource-policy
cross-origin
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
33202
server
nginx
scc-c2.min.js
img1.wsimg.com/signals/js/clients/scc-c2/
Redirect Chain
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js
  • https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
103 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Server
23.38.98.78 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-38-98-78.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
dae89c4d8697dc845428a11c2bde64334ab65738ee97f598414d857b5d9d3fd2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

content-encoding
gzip
x-amz-meta-version
1.0.1
etag
"6837678401f602120e41c9eaa7a7e915"
x-amz-version-id
SVyl5KN5ySTpQdvaNSN8cRWDnhBms6BO
expires
Tue, 31 Dec 2024 12:13:17 GMT
date
Tue, 31 Dec 2024 11:43:17 GMT
last-modified
Sun, 22 Dec 2024 23:44:31 GMT
content-type
text/javascript
vary
Accept-Encoding
x-amz-id-2
nFN+uWI29PaZo9D07Ac3I1amu92G+AXZnA6CG1qIFcM1eKZeY957BNZTwIFI65Qzv/ZWa07kNMo=
cache-control
max-age=1800
timing-allow-origin
*
x-amz-request-id
H4EY88SA41ZSR8KG
accept-ranges
bytes
access-control-allow-origin
*
content-length
21460
x-amz-server-side-encryption
AES256

Redirect headers

expires
Wed, 31 Dec 2025 11:43:17 GMT
cache-control
max-age=31536000
location
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
content-length
0
access-control-allow-origin
*
date
Tue, 31 Dec 2024 11:43:17 GMT
timing-allow-origin
*
DroidNaskh-Regular.woff2
fonts.gstatic.com/ea/droidarabicnaskh/v7/ 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/ea/droidarabicnaskh/v7/DroidNaskh-Regular.woff2
Requested by
Host: od-jsc.pages.dev
URL: https://od-jsc.pages.dev/droidarabicnaskh.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
68b4ac5833d4474ef046db5c1495c5b70c16f6fe6f219656dbb7129b8faeed20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://vresk.xyz
Referer
https://od-jsc.pages.dev/

Response headers

content-encoding
gzip
age
8976
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 31 Dec 2025 09:13:41 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 31 Dec 2024 09:13:41 GMT
last-modified
Wed, 13 Aug 2014 16:50:04 GMT
content-type
font/woff2
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
39194
x-xss-protection
0
server
sffe
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: od-jsc.pages.dev
URL: https://od-jsc.pages.dev/css2.css?family=Poppins:wght@500;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://vresk.xyz
Referer
https://od-jsc.pages.dev/

Response headers

age
9259
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 31 Dec 2025 09:08:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 31 Dec 2024 09:08:58 GMT
last-modified
Wed, 27 Apr 2022 16:21:30 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
7748
x-xss-protection
0
server
sffe
bnr_xload.php
udbaa.com/ Frame 36E5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://udbaa.com/bnr_xload.php?section=jadu1&pub=886613&format=300x250&ga=g&xt=173564539780572&xtt=3713652&dateStr=12/31/2024%2011:43:17
Requested by
Host: udbaa.com
URL: https://udbaa.com/bnr.php?section=jadu1&pub=886613&format=300x250&ga=g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.66.200.220 , Slovakia, ASN201702 (SKHOSTING-EU skHosting.eu s.r.o., SK),
Reverse DNS
185.66.200.220.skhosting.eu
Software
nginx /
Resource Hash

Request headers

Referer
https://vresk.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-type
text/html; charset=UTF-8
date
Tue, 31 Dec 2024 11:43:18 GMT
expires
Tue, 31 Dec 2024 11:43:18 GMT
last-modified
Tue, 31 Dec 2024 11:43:18 GMT
pragma
no-cache
server
nginx
x-robots-tag
noindex, nofollow, noarchive, nosnippet
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://vresk.xyz
Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Response headers

cdn-status
200
cf-cache-status
HIT
etag
"af7ae505a9eed503f8b8e6982036873e"
age
8615231
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Tue, 31 Dec 2024 11:43:17 GMT
content-type
font/woff2
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat
10/31/2023 19:51:35
cdn-cache
HIT
cdn-requestpullcode
200
priority
u=0,i=?0
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
timing-allow-origin
*
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
88253716cc851dc873e5e44508d660b9
cross-origin-resource-policy
cross-origin
cdn-pullzone
252412
cdn-proxyver
1.04
cf-ray
8faa02d8cfdcafe9-MAD
accept-ranges
bytes
access-control-allow-origin
*
content-length
77160
cdn-edgestorageid
1072
server
cloudflare
cdn-requestcountrycode
FR
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: od-jsc.pages.dev
URL: https://od-jsc.pages.dev/css2.css?family=Poppins:wght@500;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://vresk.xyz
Referer
https://od-jsc.pages.dev/

Response headers

age
535774
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 25 Dec 2025 06:53:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Dec 2024 06:53:43 GMT
last-modified
Wed, 27 Apr 2022 16:11:40 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
7816
x-xss-protection
0
server
sffe
js15_as.js
s10.histats.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: vresk.xyz
URL: https://vresk.xyz/lidlchristmas-mofr/ozlshare/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

cache-control
max-age=28800
content-encoding
gzip
cf-cache-status
HIT
etag
"-375139978"
age
11453
cf-ray
8faa02da297f8675-MAD
accept-ranges
bytes
content-length
4547
date
Tue, 31 Dec 2024 11:43:18 GMT
content-type
text/javascript
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
vary
Accept-Encoding
server
cloudflare
0.php
s4.histats.com/stats/ 		51 B
185 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?4793058&@f16&@g1&@h1&@i1&@j1735645398135&@k0&@l1&@mLDL%20X%20FR%20-%20SHARE&@n0&@o1000&@q0&@r0&@s0&@tes-ES&@u1600&@b1:-193020337&@b3:1735645398&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fvresk.xyz%2Flidlchristmas-mofr%2Fozlshare%2F%23&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.39.156.32 Québec, Canada, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns562579.ip-54-39-156.net
Software
/
Resource Hash
2a22d85db438a402bddc03227bf89aff0f5c607e45aa8a43472a66c0ee47c849

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

Content-Length
51
Date
Tue, 31 Dec 2024 11:43:18 GMT
Content-Type
text/html;charset=UTF-8
Connection
close
event
events.api.secureserver.net/t/1/tl/ 		43 B
278 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://events.api.secureserver.net/t/1/tl/event?dh=vresk.xyz&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F131.0.0.0%20Safari%2F537.36&client_name=scc-c2&cv=1.0.1&vg=8175ab0c-6846-45ae-ba09-935096bfa57a&vtg=8175ab0c-6846-45ae-ba09-935096bfa57a&dp=%2Flidlchristmas-mofr%2Fozlshare&trace_id=f33545f5dd19414e81467c39f89d9f86&cts=2024-12-31T11%3A43%3A17.988Z&hit_id=d1018e98-b052-4e35-b505-275a316bc6ba&ht=pageview&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl505891%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%2210026656%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=1135829562&z=69843440
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:480:36::212:4008 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
x-robots-tag
noindex, nofollow
cache-control
private
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://vresk.xyz
content-length
43
x-xss-protection
1; mode=block
date
Tue, 31 Dec 2024 11:43:19 GMT
content-type
image/gif
x-frame-options
DENY
event
events.api.secureserver.net/t/1/tl/ 		43 B
278 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://events.api.secureserver.net/t/1/tl/event?dh=vresk.xyz&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F131.0.0.0%20Safari%2F537.36&client_name=scc-c2&cv=1.0.1&vg=8175ab0c-6846-45ae-ba09-935096bfa57a&vtg=8175ab0c-6846-45ae-ba09-935096bfa57a&dp=%2Flidlchristmas-mofr%2Fozlshare&trace_id=f33545f5dd19414e81467c39f89d9f86&cts=2024-12-31T11%3A43%3A19.088Z&hit_id=a98f2458-b308-4933-aefb-3940f3121ce9&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl505891%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%2210026656%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=1135829562&z=1820744916&tce=1735645397405&tcs=1735645397016&tdc=1735645399085&tdclee=1735645397991&tdcles=1735645397990&tdi=1735645397990&tdl=1735645397610&tdle=1735645397015&tdls=1735645396985&tfs=1735645396984&tns=1735645396984&trqs=1735645397405&tre=1735645397609&trps=1735645397606&tles=1735645399085&tlee=0&nt=navigate&nav_type=hard
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:480:36::212:4008 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
x-robots-tag
noindex, nofollow
cache-control
private
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://vresk.xyz
content-length
43
x-xss-protection
1; mode=block
date
Tue, 31 Dec 2024 11:43:19 GMT
content-type
image/gif
x-frame-options
DENY
removed.png
i.imgur.com/
Redirect Chain
  • https://i.imgur.com/Pwey4fF.png
  • https://i.imgur.com/removed.png
503 B
880 B 		Other
General
Check archive.org
Download Go to
Full URL
https://i.imgur.com/removed.png
Protocol
H2
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://vresk.xyz/

Response headers

etag
"d835884373f4d6c8f24742ceabe74946"
age
5027264
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
gN_EBR_cashpjCosm8OC5znX-MkBw19mW7NqFSi-9g4g6eCq9-SYWg==
date
Tue, 31 Dec 2024 11:43:19 GMT
content-type
image/png
last-modified
Wed, 14 May 2014 05:44:36 GMT
x-cache-hits
36199, 105579
x-served-by
cache-iad-kjyo7100081-IAD, cache-mad2200122-MAD
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1735645399.149374,VS0,VE0
accept-ranges
bytes
access-control-allow-origin
*
content-length
503
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0

Redirect headers

strict-transport-security
max-age=300
retry-after
0
location
https://i.imgur.com/removed.png
x-timer
S1735645399.105889,VS0,VE1
age
97
access-control-allow-methods
GET, OPTIONS
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT, HIT
content-length
0
date
Tue, 31 Dec 2024 11:43:19 GMT
x-served-by
cache-iad-kjyo7100136-IAD, cache-mad2200122-MAD
x-cache-hits
0, 1
server
cat factory 1.0
web
csp.secureserver.net/eventbus/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://csp.secureserver.net/eventbus/web?clientid=b18ef4f046435b64a469b32c3c1c20a3
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:2aa::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://vresk.xyz/

Response headers

Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
Cache-Control
max-age=0, no-cache, no-store
x-amz-apigw-id
Dp7RwGlaoAMEO4Q=
x-envoy-upstream-service-time
91
Pragma
no-cache
x-amzn-trace-id
Root=1-6773d8d7-2f4a5d6b51f4e44b7d60dc00
Connection
keep-alive
x-amzn-requestid
7628f96a-84bb-4d1b-9b0e-43a57b3feaf7
Expires
Tue, 31 Dec 2024 11:43:19 GMT
Access-Control-Allow-Origin
*
Content-Length
0
Date
Tue, 31 Dec 2024 11:43:19 GMT
Content-Type
application/json
web
csp.secureserver.net/eventbus/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://csp.secureserver.net/eventbus/web?clientid=8da2217409854bee82e12dc4ca0b39fb
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:2aa::228b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains ; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://vresk.xyz/

Response headers

Strict-Transport-Security
max-age=86400 ; includeSubDomains ; preload
Cache-Control
max-age=0, no-cache, no-store
x-amz-apigw-id
Dp7RxGysoAMEA9Q=
x-envoy-upstream-service-time
94
Pragma
no-cache
x-amzn-trace-id
Root=1-6773d8d7-4c7c83185bf6dae72a8b6fb4
Connection
keep-alive
x-amzn-requestid
d7382acb-1edb-4387-a184-1d2b9d1cb5d7
Expires
Tue, 31 Dec 2024 11:43:19 GMT
Access-Control-Allow-Origin
*
Content-Length
0
Date
Tue, 31 Dec 2024 11:43:19 GMT
Content-Type
application/json

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| myFunction number| qs object| date string| dateStr function| $ function| jQuery string| errorname string| errornumber string| text string| link string| error string| cpa string| cpa1 string| saved string| share string| tiaoban number| hour number| minute number| second string| mytime string| tb object| _trfd object| _tcclInternal object| _expDataLayer object| _signalsDataLayer object| scc-c2 object| _Hasync function| chfh function| chfh2 string| _HST_cntval object| Histats object| _HistatsCounterGraphics_0_setValues object| _trfq

15 Cookies

Domain/Path Name / Value
cx36ff.click/148bcf03fc/bb6bac9292 Name: total_impressions
Value: 1
.vresk.xyz/ Name: _tccl_visitor
Value: 8175ab0c-6846-45ae-ba09-935096bfa57a
.vresk.xyz/ Name: _tccl_visit
Value: 8175ab0c-6846-45ae-ba09-935096bfa57a
.vresk.xyz/ Name: _scc_session
Value: pc=1&C_TOUCH=2024-12-31T11:43:17.988Z
vresk.xyz/ Name: HstCfa4793058
Value: 1735645398135
vresk.xyz/ Name: HstCla4793058
Value: 1735645398135
vresk.xyz/ Name: HstCmu4793058
Value: 1735645398135
vresk.xyz/ Name: HstPn4793058
Value: 1
vresk.xyz/ Name: HstPt4793058
Value: 1
vresk.xyz/ Name: HstCnv4793058
Value: 1
vresk.xyz/ Name: HstCns4793058
Value: 1
.udbaa.com/ Name: used_ad2938027
Value: 1
.udbaa.com/ Name: total_impressions
Value: 1
.udbaa.com/ Name: cpa_673873
Value: 300x250_796648388_0
cx36ff.click/ Name: used_ad2938027
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
csp.secureserver.net
encrypted-tbn0.gstatic.com
events.api.secureserver.net
fonts.gstatic.com
i.imgur.com
img1.wsimg.com
maxcdn.bootstrapcdn.com
od-jsc.pages.dev
s10.histats.com
s4.histats.com
udbaa.com
vresk.xyz
www.facebook.com
104.18.11.207
107.180.114.239
142.250.185.67
157.240.0.35
172.66.44.220
185.66.200.220
199.232.192.193
23.38.98.78
2606:4700:10::6814:345
2a00:1450:4001:81d::200e
2a02:26f0:3500:2aa::228b
2a02:26f0:480:36::212:4008
2a04:4e42::649
54.39.156.32
0a2e6ed3b4a0ca6616b6f5ef3d5c386f013f9094516044484194a677296b44da
0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849
149eaf5aa045e45c01caed1cad865a60b179d272cec38b09c97a116047efbac0
2121d55da9747eb5a6acfed86ef4e9341d08221f6e1086554ab83bcc8f989f76
25a9a7580de318ccb7e9053ab865df27957505ddabeb067016df9b5256e90d74
2a22d85db438a402bddc03227bf89aff0f5c607e45aa8a43472a66c0ee47c849
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
39d8ba5c57b637434d21319acfa9fe2029cc88839cab8a4767b8854c60339921
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
575ff46dd3f23d9d52cb5729c3cebc3a628c472fd5205e7198ab0835c20c3ade
68b4ac5833d4474ef046db5c1495c5b70c16f6fe6f219656dbb7129b8faeed20
6ca4c1e71a6ec2f37e4b70bf742ff40240196516c98603f6c7322a7088659a42
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b7cc49ed4945a43ca361ca9e327cd907f5520cec87858b820e02a6db6d55779
81d62c74016d8779cb91019934882095ad606798f3f32327fa4dadf9d023a4d5
842be935d39dcb195e58cafdaf280ac1088b22e48538b4946fe4fb18e9852706
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
983163f971593bcd09b71971f8cee6905a2bb8bfc104c68e1c8dacf69b308b08
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
ab401238f8518c6ea9b42dc9ba9e135f5b1960e44f9116571ca4b5544de65529
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bcaaec273188de9ea0bf5fb05be2fcf0991b7b171725307debc52b2eed9ee904
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d5a69f76411099493228f406b8eab5ef00fb3b02508344de230027e9ea384360
d667a09f318afb70d455f58dadf062ddd8ccec00a3ef161a52f6c8c5c4870c22
dae89c4d8697dc845428a11c2bde64334ab65738ee97f598414d857b5d9d3fd2