lbg3ncntw5z2.com Open in urlscan Pro
188.114.97.3  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://0.ygti905ffth7.com/ Page URL
2. https://lbg3ncntw5z2.com/QMRB9g Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	/ Show response 0.ygti905ffth7.com/	47 KB 22 KB	702ms 563ms	Document text/html	172.67.139.226 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://0.ygti905ffth7.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.139.226 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash 819e1ba066cf9db1bcc026225759412477f68b981dcfac9e855bf7a95345c462 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8f00cbdc2d4ad349-FRA content-encoding zstd content-type text/html date Tue, 10 Dec 2024 22:50:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mbk8VV3gVClN5MH%2FbaZYmaHAowGpcz%2BbRTmLqRxTiKGslLTvuyphCtj44vKb8t18L00Pz9BujbDu2gzWsI3f1BsR4oyGBqHXX7CYAcZFEBGMv8hLMYXezSVBeqj05rzCjd02PnI%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=9141&min_rtt=7620&rtt_var=2509&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4195&recv_bytes=4538&delivery_rate=845&cwnd=12000&unsent_bytes=0&cid=db35a06c62282dee&ts=671&x=1" cfExtPri cfHdrFlush;dur=0 x-powered-by PHP/5.4.16
GET H3	200	micro.tag.min.js Show response kordooso.net/pfe/current/	44 KB 19 KB	262ms 54ms	Script application/javascript	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Requested by Host: 0.ygti905ffth7.com URL: https://0.ygti905ffth7.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eca4f6773ba87f73187d6a938c553d482a067d0a4bd29ac1f7912e89a3ec8d60 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0.ygti905ffth7.com/ Response headers content-encoding gzip cf-cache-status REVALIDATED etag W/"67571465-b140" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kaq3gXL0tUr3%2BHL5OsAYRS6Wt%2FHuDi5CglfH9rK91fk94AiEmqy6iQ9cmZ1akhqKhwzmCvyzVY7guRsNrnb2oiLYA%2Bjn%2B9RVscpg2ieVqQfL%2BxfFgEK%2F%2FUsWa6dE4vQ%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=22422&min_rtt=21165&rtt_var=6683&sent=16&recv=12&lost=0&retrans=0&sent_bytes=4343&recv_bytes=6932&delivery_rate=22306&cwnd=12000&unsent_bytes=0&cid=5c2f27b1a31fe0af&ts=206&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 10 Dec 2024 22:50:53 GMT content-type application/javascript last-modified Mon, 09 Dec 2024 16:01:41 GMT vary Accept-Encoding priority u=3,i=?0 cache-control max-age=86400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache access-control-allow-credentials true cf-ray 8f00cbe18cc8926d-FRA server cloudflare
GET DATA	200 OK	truncated /	19 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6678fbb34f3ef18c5649c7cfc1302c671ff5b1c8e9f4365fb51f3d629dab2924 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/gif
GET H2	200	process.js Show response news-zizipo.com/	27 KB 10 KB	430ms 176ms	Script application/javascript	65.109.24.247 HETZNER-AS Hetzne...
General Check archive.org Show headers Download Go to Full URL https://news-zizipo.com/process.js?id=1221410459 Requested by Host: 0.ygti905ffth7.com URL: https://0.ygti905ffth7.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 65.109.24.247 Helsinki, Finland, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE), Reverse DNS static.247.24.109.65.clients.your-server.de Software nginx / Resource Hash 6e8b772af36522cdc7ec8043ad282758dc16d3203189f873eb163b00dbb0caed Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0.ygti905ffth7.com/ Response headers cache-control no-cache, no-store, must-revalidate content-encoding gzip pragma no-cache expires 0 date Tue, 10 Dec 2024 22:50:53 GMT content-type application/javascript; charset=utf-8 vary Origin, Accept-Encoding server nginx
GET H3	200	sw-check-permissions-ea38e.js 0.ygti905ffth7.com/	0 972 B	584ms 583ms	Other application/javascript	172.67.139.226 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://0.ygti905ffth7.com/sw-check-permissions-ea38e.js?var=null&ymid=null&zoneId=3490321 Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.139.226 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0.ygti905ffth7.com/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"63eb99f6-236" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JCSqq2aewGD%2B8GtC1SxrrM6X%2FGXhh40yMXgvv66nnxLW%2Fooeqeh8MVkxyge1EqnvkhNJcnNDVVDs0E8RZkHxwN7v3rPTb4Zm%2B8TXpJYRScQZwXqJCxzvbbBObVNHfmUpj86EvjI%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f00cbe37a94d349-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=14962&min_rtt=7620&rtt_var=3112&sent=36&recv=24&lost=0&retrans=0&sent_bytes=26990&recv_bytes=5496&delivery_rate=385218&cwnd=20400&unsent_bytes=0&cid=db35a06c62282dee&ts=1829&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 10 Dec 2024 22:50:53 GMT content-type application/javascript last-modified Tue, 14 Feb 2023 14:25:58 GMT vary Accept-Encoding priority u=4,i
POST H3	200	zone kordooso.net/	0 785 B	52ms 52ms	Ping text/plain	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/zone?pub=0&zone_id=3490321&is_mobile=false&domain=0.ygti905ffth7.com&var=null&ymid=null&var_3=&var_4=&dsig=&tg=1&sw=3.1.576&trace_id=d61320df-1304-4979-883f-3ac199581237&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=&drf= Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0.ygti905ffth7.com/ Response headers cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dj9icpiizREqQoB0ZAcn6Hyu0qwH2LFndzOerMuUwpoz9%2B9JkhYfe%2FR4278QZ7wiN8hfCCCm0gErjqjvzVIRWZGJR%2BVQFDseGU1eOdqiocyJgYL%2BSu9dYaD47OjNpE8%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=28037&min_rtt=21165&rtt_var=3964&sent=38&recv=25&lost=0&retrans=0&sent_bytes=24948&recv_bytes=9074&delivery_rate=314123&cwnd=20400&unsent_bytes=0&cid=5c2f27b1a31fe0af&ts=510&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 10 Dec 2024 22:50:53 GMT priority u=4,i access-control-allow-headers Origin, X-Requested-With, X-Oaid, Content-Type, Accept strict-transport-security max-age=1 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ch Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model access-control-allow-credentials true cf-ray 8f00cbe36db4926d-FRA access-control-allow-origin https://0.ygti905ffth7.com content-length 0 server cloudflare
POST H3	200	event kordooso.net/	0 0	48ms 47ms	Ping application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/event Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers
GET H3	200	gid.js Show response my.rtmark.net/	65 B 966 B	108ms 46ms	Fetch application/json	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=3490321&checkDuplicate=true&ymid=null&var=null&source=pusher Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 46dae190545326e59c61be0a4dbd95520e16c7ca52c1a531fc5b5acedd5b0548 Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0.ygti905ffth7.com/ Response headers access-control-expose-headers Authorization content-encoding zstd cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OUHctNXy43%2Bpq%2Ffu0GNd8aUdJOBAoPYTbCFTZCTpTa1yBcvJkSXh4j0OL0qYfZb8QZMUgTPLGlfTYvtCHMEIN2cPvtkmh9yjWDL01hkqrhF13PR5%2FwUuQwZbfoPsIFKX"}],"group":"cf-nel","max_age":604800} access-control-allow-methods POST, GET, OPTIONS, PUT, DELETE x-content-type-options nosniff alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=25008&min_rtt=24995&rtt_var=9382&sent=12&recv=7&lost=0&retrans=0&sent_bytes=4154&recv_bytes=4343&delivery_rate=127155&cwnd=12000&unsent_bytes=0&cid=a98fa858da535e4f&ts=65&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 10 Dec 2024 22:50:53 GMT content-type application/json; charset=utf-8 priority u=1,i access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token strict-transport-security max-age=1 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} timing-allow-origin *, * access-control-allow-credentials true cf-ray 8f00cbe3f9038f36-FRA access-control-allow-origin https://0.ygti905ffth7.com server cloudflare
POST H3	200	event kordooso.net/	0 0	45ms 42ms	Ping application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/event Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers
POST H3	200	event kordooso.net/	0 0	44ms 42ms	Ping application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/event Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers
POST H3	200	event kordooso.net/	0 0	61ms 59ms	Ping application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/event Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers
POST H3	200	event kordooso.net/	0 0	59ms 58ms	Ping application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/event Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers
GET H3	200	zone Show response kordooso.net/	476 B 1 KB	43ms 41ms	Fetch application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/zone?pub=0&zone_id=3490321&is_mobile=false&domain=0.ygti905ffth7.com&var=null&ymid=null&var_3=&var_4=&dsig=&tg=1&sw=3.1.576&trace_id=d61320df-1304-4979-883f-3ac199581237&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0= Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5c1629a8bbefa31875aadb66ea145bb41358a45cff65a5ac822d4a5305fa43ca Security Headers Name Value Strict-Transport-Security max-age=1 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0.ygti905ffth7.com/ Response headers content-encoding zstd cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bfr1u%2B3P01QrtXJqOpZbtGBQIqV%2FhEkAAoFPw76Fcbz%2Fbxy6QsBnZ8jk1FKz2ECOurfFggY2sma6xOIGb2mf3PmE7d5WtdwEPFV8uhCFqw%2FRb1Yc8tnqPFnweIPMX4Y%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=31579&min_rtt=21165&rtt_var=8553&sent=53&recv=42&lost=0&retrans=0&sent_bytes=30313&recv_bytes=13779&delivery_rate=105351&cwnd=20400&unsent_bytes=0&cid=5c2f27b1a31fe0af&ts=592&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 10 Dec 2024 22:50:53 GMT content-type application/json; charset=utf-8 priority u=1,i access-control-allow-headers Origin, X-Requested-With, X-Oaid, Content-Type, Accept strict-transport-security max-age=1 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ch Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model access-control-allow-credentials true cf-ray 8f00cbe40df7926d-FRA access-control-allow-origin https://0.ygti905ffth7.com server cloudflare
POST H3	200	event kordooso.net/	0 0	43ms 39ms	Ping application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/event Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers
POST H3	200	event kordooso.net/	0 0	57ms 56ms	Ping application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/event Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers
POST H3	200	event kordooso.net/	0 0	50ms 49ms	Ping application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/event Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers
GET H2	200	314.js Show response news-zizipo.com/	96 KB 12 KB	54ms 53ms	Script application/javascript	65.109.24.247 HETZNER-AS Hetzne...
General Check archive.org Show headers Download Go to Full URL https://news-zizipo.com/314.js Requested by Host: news-zizipo.com URL: https://news-zizipo.com/process.js?id=1221410459 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 65.109.24.247 Helsinki, Finland, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE), Reverse DNS static.247.24.109.65.clients.your-server.de Software nginx / Resource Hash d762aa1611d13a88f8bc48a0910674afcffec4cab08121611ab6aa19a9771d59 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0.ygti905ffth7.com/ Response headers content-encoding gzip etag "6731f76d-2e5f" accept-ranges bytes content-length 11871 date Tue, 10 Dec 2024 22:50:53 GMT content-type application/javascript; charset=utf-8 last-modified Mon, 11 Nov 2024 12:24:13 GMT server nginx
GET H2	200	css2 fonts.googleapis.com/	5 KB 1 KB	133ms 46ms	Stylesheet text/css	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:wght@400;600;700&display=swap Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash c3e3d7e0bce6022ae66381d04eb4742252d577ba15c5f9cceb49cb14c9eb90b1 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://0.ygti905ffth7.com/ Response headers content-encoding gzip x-content-type-options nosniff expires Tue, 10 Dec 2024 22:50:53 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Tue, 10 Dec 2024 22:50:53 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Tue, 10 Dec 2024 21:13:01 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
POST H/1.1	204 No Content	/ show.partners-show.com/api/v1/inpage/show/	0 0	248ms 142ms	Fetch	2a01:4f8:1c1c:b437::1 HETZNER-AS Hetzne...
General Check archive.org Show headers Download Go to Full URL https://show.partners-show.com/api/v1/inpage/show/?uid=136422&subacc=1221410459&adult=true&traffic=2&traceId=134b0c50-538f-4268-b6cd-a2e78cdabf0d&limit=1 Requested by Host: news-zizipo.com URL: https://news-zizipo.com/process.js?id=1221410459 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a01:4f8:1c1c:b437::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE), Reverse DNS Software nginx / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers Access-Control-Allow-Origin https://0.ygti905ffth7.com Date Tue, 10 Dec 2024 22:50:53 GMT Vary Origin Server nginx Connection close
GET H3	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v32/	18 KB 18 KB	104ms 42ms	Font font/woff2	142.250.186.35 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;600;700&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.35 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f3.1e100.net Software sffe / Resource Hash 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://0.ygti905ffth7.com Referer https://fonts.googleapis.com/ Response headers age 49475 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Wed, 10 Dec 2025 09:06:18 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Tue, 10 Dec 2024 09:06:18 GMT last-modified Thu, 01 Aug 2024 20:41:24 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 18536 x-xss-protection 0 server sffe
POST H3	200	event kordooso.net/	0 0	51ms 50ms	Ping application/json	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kordooso.net/event Requested by Host: kordooso.net URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3490321&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://0.ygti905ffth7.com/ Response headers
GET H3	404	Primary Request QMRB9g Show response lbg3ncntw5z2.com/	147 B 830 B	140ms 81ms	Document text/html	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lbg3ncntw5z2.com/QMRB9g Requested by Host: 0.ygti905ffth7.com URL: https://0.ygti905ffth7.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ecf14b9ebe7061cddc7e2097a66c90692cc9c1d70d96b5f7ebdd14a0dbb61f54 Request headers Referer https://0.ygti905ffth7.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 8f00cbed3ff63a74-FRA content-encoding zstd content-type text/html; charset=utf-8 date Tue, 10 Dec 2024 22:50:54 GMT expires Tue, 10 Dec 2024 22:50:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TWkWV4bkhOWVvmg1a5z56T2t4U8tdJoGuPUlkrjQEXG9jolNF2SO8UKSkgSCuMAk09zZhD3879IWE6xml%2BW%2FuhW8RlnHaoE%2BZr%2B1fcR1DmXkZ6Id%2B%2FjhBeWb5Z1GIM3Pcj%2BF"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=32208&min_rtt=31505&rtt_var=7853&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4145&recv_bytes=4461&delivery_rate=16917&cwnd=12000&unsent_bytes=0&cid=187e611888178707&ts=92&x=1" cfExtPri cfHdrFlush;dur=0 vary Accept-Encoding
GET H3	404	favicon.ico lbg3ncntw5z2.com/	548 B 798 B	66ms 61ms	Other text/html	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://lbg3ncntw5z2.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://lbg3ncntw5z2.com/QMRB9g Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=punajTcowkDHut3L3RCxwcGVNuC6oPHilLeJMf%2Fgm8kBiAIFRG7YWrsnrH6VtO2wNFyncV4wYkFNunAVgEw%2FOAL%2FMbGZUtcrexo4wjACkj7Gl5vTm2E%2BnukQCK6pA39d1n0r"}],"group":"cf-nel","max_age":604800} cf-ray 8f00cbee289e3a74-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=36310&min_rtt=31505&rtt_var=11669&sent=14&recv=12&lost=0&retrans=0&sent_bytes=5046&recv_bytes=4899&delivery_rate=19042&cwnd=12000&unsent_bytes=0&cid=187e611888178707&ts=224&x=1", cfExtPri, cfHdrFlush;dur=0 date Tue, 10 Dec 2024 22:50:55 GMT content-type text/html vary Accept-Encoding server cloudflare priority u=1,i

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			my.rtmark.net/	1970-01-21 10:23:27	Name: ID Value: 01812e45a04940d1ec25b80fd8df116e

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://0.ygti905ffth7.com/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A0101D00AC120000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network	error	URL: https://lbg3ncntw5z2.com/QMRB9g Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://lbg3ncntw5z2.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.ygti905ffth7.com
fonts.googleapis.com
fonts.gstatic.com
kordooso.net
lbg3ncntw5z2.com
my.rtmark.net
news-zizipo.com
show.partners-show.com
142.250.186.35
172.67.139.226
188.114.96.3
188.114.97.3
2a00:1450:4001:80f::200a
2a01:4f8:1c1c:b437::1
65.109.24.247
46dae190545326e59c61be0a4dbd95520e16c7ca52c1a531fc5b5acedd5b0548
5c1629a8bbefa31875aadb66ea145bb41358a45cff65a5ac822d4a5305fa43ca
6678fbb34f3ef18c5649c7cfc1302c671ff5b1c8e9f4365fb51f3d629dab2924
6e8b772af36522cdc7ec8043ad282758dc16d3203189f873eb163b00dbb0caed
819e1ba066cf9db1bcc026225759412477f68b981dcfac9e855bf7a95345c462
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
c3e3d7e0bce6022ae66381d04eb4742252d577ba15c5f9cceb49cb14c9eb90b1
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d762aa1611d13a88f8bc48a0910674afcffec4cab08121611ab6aa19a9771d59
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eca4f6773ba87f73187d6a938c553d482a067d0a4bd29ac1f7912e89a3ec8d60
ecf14b9ebe7061cddc7e2097a66c90692cc9c1d70d96b5f7ebdd14a0dbb61f54