urlscan.io logo urlscan.io
SecurityTrails logo

ld167.4nrdw.shop Open in urlscan Pro
172.67.133.203  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bim.7n3r1.shop/az/?y=139
Effective URL: https://ld167.4nrdw.shop/az/
Submission: On November 09 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 6 domains to perform 14 HTTP transactions. The main IP is 172.67.133.203, located in United States and belongs to CLOUDFLARENET, US. The main domain is ld167.4nrdw.shop.
TLS certificate: Issued by WE1 on October 15th 2024. Valid for: 3 months.
This is the only time ld167.4nrdw.shop was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 172.67.156.236 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
1 9 172.67.133.203 13335 (CLOUDFLAR...)
1 2606:4700:7::eb 13335 (CLOUDFLAR...)
1 2a04:4e42:600... 54113 (FASTLY)
1 172.67.144.182 13335 (CLOUDFLAR...)
14 6
1    172.67.156.236 (United States)

ASN13335 (CLOUDFLARENET, US)
bim.7n3r1.shop
2    2607:f8b0:4006:820::200a (United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
9    172.67.133.203 (United States)

ASN13335 (CLOUDFLARENET, US)
ld167.4nrdw.shop
1    2606:4700:7::eb (United States)

ASN13335 (CLOUDFLARENET, US)
pub-95d3cf6343194dcbaf37043cdbca4431.r2.dev
1    2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    172.67.144.182 (United States)

ASN13335 (CLOUDFLARENET, US)
tj.16gift.com
Apex Domain
Subdomains		 Transfer
9 4nrdw.shop
ld167.4nrdw.shop
62 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 412
67 KB
1 16gift.com
tj.16gift.com
708 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 311
1 KB
1 r2.dev
pub-95d3cf6343194dcbaf37043cdbca4431.r2.dev
45 KB
1 7n3r1.shop
bim.7n3r1.shop
3 KB
14 6
Domain Requested by
9 ld167.4nrdw.shop 1 redirects ajax.googleapis.com
bim.7n3r1.shop
ld167.4nrdw.shop
2 ajax.googleapis.com bim.7n3r1.shop
ld167.4nrdw.shop
1 tj.16gift.com ld167.4nrdw.shop
1 cdn.jsdelivr.net ld167.4nrdw.shop
1 pub-95d3cf6343194dcbaf37043cdbca4431.r2.dev ld167.4nrdw.shop
1 bim.7n3r1.shop
14 6

This site contains no links.

Subject Issuer Validity Valid
7n3r1.shop
WE1		 2024-10-15 -
2025-01-13		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
4nrdw.shop
WE1		 2024-10-15 -
2025-01-13		 3 months crt.sh
*.r2.dev
E5		 2024-09-29 -
2024-12-28		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
16gift.com
WE1		 2024-10-20 -
2025-01-18		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://ld167.4nrdw.shop/az/
Frame ID: F69AB2A7044476BBF8FEA4A9F1253DA9
Requests: 10 HTTP requests in this frame

Frame: https://ld167.4nrdw.shop/static/pu.html?seed=32463563452422&pid=data03.com&c=az&f=wa
Frame ID: C492D18F0D6D83006A605DDB9236438D
Requests: 1 HTTP requests in this frame

Frame: https://ld167.4nrdw.shop/static/pv.html?seed=32463563452422&pid=data03.com&utm_source=az&utm_medium=en-US&utm_campaign=wa
Frame ID: 561F4547ABF1F52D512F23AA5C64FD95
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Celebrate Victory Day with 50GB of Free Data for All!

Page URL History Show full URLs

  1. http://bim.7n3r1.shop/az/?y=139 HTTP 307
    https://bim.7n3r1.shop/az/?y=139 Page URL
  2. https://ld167.4nrdw.shop/az HTTP 301
    http://ld167.4nrdw.shop/az/ HTTP 307
    https://ld167.4nrdw.shop/az/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

1
Countries

178 kB
Transfer

405 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bim.7n3r1.shop/az/?y=139 HTTP 307
    https://bim.7n3r1.shop/az/?y=139 Page URL
  2. https://ld167.4nrdw.shop/az HTTP 301
    http://ld167.4nrdw.shop/az/ HTTP 307
    https://ld167.4nrdw.shop/az/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://bim.7n3r1.shop/az/?y=139 HTTP 307
  • https://bim.7n3r1.shop/az/?y=139

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
bim.7n3r1.shop/az/
Redirect Chain
  • http://bim.7n3r1.shop/az/?y=139
  • https://bim.7n3r1.shop/az/?y=139
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bim.7n3r1.shop/az/?y=139
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.156.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fc37ae10195c692545d9875dcad371fb4471827b50089a6807c84a76e597b85

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8dfe19c4dffc5413-YYZ
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Sat, 09 Nov 2024 13:20:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4dZ0yuNSlt7CVQqNj0JV38mPcDaOU%2FGP3F5BxkC7jVZXxCpwVdoDsUdsQIK1drvEsHAJQ6kMXlFFpszeGGgF48768HJ%2FPHBvv0ckGZvAQPf0IcWeAOKtDkDJO23IvVu1yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=25892&sent=14&recv=11&lost=0&retrans=0&sent_bytes=4231&recv_bytes=4541&delivery_rate=592&cwnd=12000&unsent_bytes=0&cid=2511698523e4ebc4&ts=260&x=1" cfHdrFlush;dur=0
vary
Accept-Encoding

Redirect headers

Location
https://bim.7n3r1.shop/az/?y=139
Non-Authoritative-Reason
HttpsUpgrades
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
Requested by
Host: bim.7n3r1.shop
URL: https://bim.7n3r1.shop/az/?y=139
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bim.7n3r1.shop/

Response headers

content-encoding
gzip
age
148556
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Fri, 07 Nov 2025 20:04:35 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 07 Nov 2024 20:04:35 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
33434
x-xss-protection
0
server
sffe
jquery.min.js
ld167.4nrdw.shop/js/ 		94 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ld167.4nrdw.shop/js/jquery.min.js?t=1731158431&_=1731158431911
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.133.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bim.7n3r1.shop/

Response headers

cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"640068c9-1762e"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s9fb5PlFbpTdRObt1gG%2F4kRpCoo67zoHEqs5p8TCvwm0tU573mEWy9v9y9Jl1CvQcPVM7QzpbMxztOOQn9oALveYWCNqPq3tPGB36sj05vM34XBs856VNg8jdUPpZFVXEaCn"}],"group":"cf-nel","max_age":604800}
cf-ray
8dfe19c8ec0fac94-YYZ
expires
Sun, 10 Nov 2024 01:20:32 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=24677&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4186&recv_bytes=4443&delivery_rate=583&cwnd=12000&unsent_bytes=0&cid=9ae4905b951feab0&ts=478&x=1", cfHdrFlush;dur=0
date
Sat, 09 Nov 2024 13:20:32 GMT
content-type
application/javascript
last-modified
Thu, 02 Mar 2023 09:13:45 GMT
vary
Accept-Encoding
server
cloudflare
Primary Request /
ld167.4nrdw.shop/az/
Redirect Chain
  • https://ld167.4nrdw.shop/az
  • http://ld167.4nrdw.shop/az/
  • https://ld167.4nrdw.shop/az/
67 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ld167.4nrdw.shop/az/
Requested by
Host: bim.7n3r1.shop
URL: https://bim.7n3r1.shop/az/?y=139
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.133.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b18cf2e0216421502165d65f949e7b560d41915f8a70aeaceba811f6c34e9a0

Request headers

Referer
https://bim.7n3r1.shop/az/?y=139
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8dfe19ce2f33ab75-YYZ
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Sat, 09 Nov 2024 13:20:33 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xtp21RL8imfS4XBAyqh%2F%2B2UzEWK81B063cw%2BBb6%2B4oshxlCqHEztvGhf9XrPMe%2FMBDx%2BVAckXUGj8%2BNaD%2FcmxwjPUCJzEMU9p6Y1Sy1ft0fAGtNkxPJ3KxXYeNEvUtzeKhpN"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=23411&sent=15&recv=13&lost=0&retrans=0&sent_bytes=5014&recv_bytes=4971&delivery_rate=542&cwnd=12000&unsent_bytes=0&cid=f1accceee035ecd0&ts=442&x=1" cfHdrFlush;dur=0
vary
Accept-Encoding

Redirect headers

Location
https://ld167.4nrdw.shop/az/
Non-Authoritative-Reason
HttpsUpgrades
ZeferGunu.jpg
pub-95d3cf6343194dcbaf37043cdbca4431.r2.dev/ 		44 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pub-95d3cf6343194dcbaf37043cdbca4431.r2.dev/ZeferGunu.jpg
Requested by
Host: ld167.4nrdw.shop
URL: https://ld167.4nrdw.shop/az/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab35b1eb484260b5c742295620932853ef80fe21097ca839124d627a5c42b98b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ld167.4nrdw.shop/

Response headers

ETag
"79367eba3c81310241a5afd4182d4474"
Connection
keep-alive
CF-RAY
8dfe19cf9b16a296-YUL
Accept-Ranges
bytes
Content-Length
45344
Date
Sat, 09 Nov 2024 13:20:33 GMT
Content-Type
image/jpeg
Last-Modified
Sat, 02 Nov 2024 09:06:45 GMT
Vary
Accept-Encoding
Server
cloudflare
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
Requested by
Host: ld167.4nrdw.shop
URL: https://ld167.4nrdw.shop/az/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ld167.4nrdw.shop/

Response headers

content-encoding
gzip
age
148558
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Fri, 07 Nov 2025 20:04:35 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 07 Nov 2024 20:04:35 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
33434
x-xss-protection
0
server
sffe
single.php
ld167.4nrdw.shop/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ld167.4nrdw.shop/single.php?p=az
Requested by
Host: ld167.4nrdw.shop
URL: https://ld167.4nrdw.shop/az/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.133.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6df6563224ad8cf2ab70ae77bebb96e7816cbb91047da42eb299823cae9323a6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ld167.4nrdw.shop/az/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DmV5QI9VtDvGMeQk8mWJ00pMcJ1CJc46KOP60CPsyvuahPZT36ydPTOvEh37HI9uHGkf4bYKa8nFR8Oel1xN%2FF7o3hiTuK3t8ZM6VSeXfi%2BSJfLvNLygZExgW80MypbmuqMK"}],"group":"cf-nel","max_age":604800}
cf-ray
8dfe19cfd840ab75-YYZ
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=24093&sent=34&recv=27&lost=0&retrans=0&sent_bytes=23642&recv_bytes=5845&delivery_rate=291959&cwnd=12000&unsent_bytes=0&cid=f1accceee035ecd0&ts=718&x=1", cfHdrFlush;dur=0
date
Sat, 09 Nov 2024 13:20:33 GMT
content-type
text/javascript;charset=utf-8
vary
Accept-Encoding
server
cloudflare
lazyload.min.js
cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.min.js
Requested by
Host: ld167.4nrdw.shop
URL: https://ld167.4nrdw.shop/az/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ld167.4nrdw.shop/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"8a2-ngY/Y9MDkyf1oyGHRNHDqclx9cM"
age
1169753
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Sat, 09 Nov 2024 13:20:33 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220036-FRA, cache-yul1970034-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
981
x-jsd-version
2.0.0-rc.2
favicon.ico
ld167.4nrdw.shop/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ld167.4nrdw.shop/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.133.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb0d359f799d305671ad77c252c6e253afed28ed4a19259bd084e0e2f40079de

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ld167.4nrdw.shop/az/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"6718fd0a-495"
age
2209
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MYKhwB7ZyCKYqxPc78MSp2WmV5fag6dpLR8zrhSNMgILBRD0ZjjDuupGOercjl4NF%2B%2BCcjZDu1NVXW7jJ%2Ba7v28yF6KIzskPbdVbJ9u76D6xE1p1OGLigWjceQs9U%2BmljsHc"}],"group":"cf-nel","max_age":604800}
cf-ray
8dfe19d0d8ceab75-YYZ
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23897&sent=37&recv=29&lost=0&retrans=0&sent_bytes=25598&recv_bytes=6246&delivery_rate=16172&cwnd=12000&unsent_bytes=0&cid=f1accceee035ecd0&ts=782&x=1", cfHdrFlush;dur=0
date
Sat, 09 Nov 2024 13:20:33 GMT
content-type
image/x-icon
last-modified
Wed, 23 Oct 2024 13:41:30 GMT
vary
Accept-Encoding
server
cloudflare
pu.html
ld167.4nrdw.shop/static/ Frame C492 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ld167.4nrdw.shop/static/pu.html?seed=32463563452422&pid=data03.com&c=az&f=wa
Requested by
Host: ld167.4nrdw.shop
URL: https://ld167.4nrdw.shop/single.php?p=az
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.133.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93a37f78be6d800f91d7fb1a576fefcfe51b36783048d931f9243c06633eaff6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8dfe19d40af0ab75-YYZ
content-encoding
zstd
content-type
text/html
date
Sat, 09 Nov 2024 13:20:34 GMT
last-modified
Thu, 31 Oct 2024 05:37:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UsefNaNUM%2FFpJUx4oOd87cY%2BGjEx5s8oHbkI0G%2FljvgjQj8t8GR5ISzzKLJDfgSY1yjWYPkU%2B2vEsdCSM3jE%2BW%2BGxl0E0zyGgYJ3FUt5GmKOws5x%2FN4NVtQFQso1Ou0iyBfD"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=24826&sent=41&recv=32&lost=0&retrans=0&sent_bytes=27513&recv_bytes=6760&delivery_rate=60285&cwnd=12000&unsent_bytes=0&cid=f1accceee035ecd0&ts=1380&x=1" cfHdrFlush;dur=0
vary
Accept-Encoding
favicon.ico
ld167.4nrdw.shop/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://ld167.4nrdw.shop/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.133.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb0d359f799d305671ad77c252c6e253afed28ed4a19259bd084e0e2f40079de

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ld167.4nrdw.shop/az/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
HIT
etag
W/"6718fd0a-495"
age
2209
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MYKhwB7ZyCKYqxPc78MSp2WmV5fag6dpLR8zrhSNMgILBRD0ZjjDuupGOercjl4NF%2B%2BCcjZDu1NVXW7jJ%2Ba7v28yF6KIzskPbdVbJ9u76D6xE1p1OGLigWjceQs9U%2BmljsHc"}],"group":"cf-nel","max_age":604800}
cf-ray
8dfe19d0d8ceab75-YYZ
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23897&sent=37&recv=29&lost=0&retrans=0&sent_bytes=25598&recv_bytes=6246&delivery_rate=16172&cwnd=12000&unsent_bytes=0&cid=f1accceee035ecd0&ts=782&x=1", cfHdrFlush;dur=0
date
Sat, 09 Nov 2024 13:20:33 GMT
content-type
image/x-icon
last-modified
Wed, 23 Oct 2024 13:41:30 GMT
vary
Accept-Encoding
server
cloudflare
pv.html
ld167.4nrdw.shop/static/ Frame 561F 		580 B
908 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ld167.4nrdw.shop/static/pv.html?seed=32463563452422&pid=data03.com&utm_source=az&utm_medium=en-US&utm_campaign=wa
Requested by
Host: ld167.4nrdw.shop
URL: https://ld167.4nrdw.shop/static/pu.html?seed=32463563452422&pid=data03.com&c=az&f=wa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.133.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f61cdc294d2d8fdad20eb1ff9b27d3c9d37166624909c4d209d2775076981f05

Request headers

Referer
https://ld167.4nrdw.shop/static/pu.html?seed=32463563452422&pid=data03.com&c=az&f=wa
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8dfe19d4fb82ab75-YYZ
content-encoding
zstd
content-type
text/html
date
Sat, 09 Nov 2024 13:20:34 GMT
last-modified
Thu, 31 Oct 2024 05:37:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NK27XG97Yd%2BG8VOLTHNaHQl14YBJvGGWjkytV58HnlusoGDloxuK%2FXfRdfnvonOOVsK6k10lzcRe%2BkCTNiCa7gJ5iyocbAsRslsiwBhNXUH8Yva5cQ53SCVdu2ohHm3PMlnW"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=24726&sent=43&recv=34&lost=0&retrans=0&sent_bytes=28646&recv_bytes=7320&delivery_rate=7723&cwnd=12000&unsent_bytes=0&cid=f1accceee035ecd0&ts=1533&x=1" cfHdrFlush;dur=0
script.js
ld167.4nrdw.shop/js/ Frame 561F 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ld167.4nrdw.shop/js/script.js
Requested by
Host: ld167.4nrdw.shop
URL: https://ld167.4nrdw.shop/static/pv.html?seed=32463563452422&pid=data03.com&utm_source=az&utm_medium=en-US&utm_campaign=wa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.133.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ld167.4nrdw.shop/static/pv.html?seed=32463563452422&pid=data03.com&utm_source=az&utm_medium=en-US&utm_campaign=wa

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"67231899-542"
age
97
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IcEUh2gDFQFY0BjXpnPrUoW7uHjZoKG91XYpALgSpScgYIsuPx5irEEYkXnBiW8nd8PG8WEDP3UyBiV5I393TbmXqGr1eyz7riKuHnzv7XyD9215Qt9M3b9%2F3EDUuXOvWVUb"}],"group":"cf-nel","max_age":604800}
expires
Sun, 10 Nov 2024 01:18:57 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=24416&sent=46&recv=36&lost=0&retrans=0&sent_bytes=29625&recv_bytes=7708&delivery_rate=8215&cwnd=12000&unsent_bytes=0&cid=f1accceee035ecd0&ts=1592&x=1", cfHdrFlush;dur=0
date
Sat, 09 Nov 2024 13:20:34 GMT
content-type
application/javascript
last-modified
Thu, 31 Oct 2024 05:41:45 GMT
vary
Accept-Encoding
cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8dfe19d5dc00ab75-YYZ
server
cloudflare
event
tj.16gift.com/api/ Frame 561F 		2 B
708 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tj.16gift.com/api/event
Requested by
Host: ld167.4nrdw.shop
URL: https://ld167.4nrdw.shop/js/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.144.182 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://ld167.4nrdw.shop/

Response headers

x-request-id
GAZPbKYusltNw_MAhPpB
access-control-expose-headers
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IegQW6pwRSKOJ6UPB%2BJrSmzMrEvsClQe8U8GZeRTbTX%2BcPlqs%2BbJD6x92cR%2BRnCRN63mx85%2FMrdrOpReGefLYcSoQry1vr0UR1R0IbERbarX5iS4DOUO6DeXDkAiOfQw"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22195&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4162&recv_bytes=4711&delivery_rate=589&cwnd=12000&unsent_bytes=0&cid=29f01326dd53c966&ts=522&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 09 Nov 2024 13:20:34 GMT
content-type
text/plain; charset=utf-8
priority
u=1,i
cache-control
max-age=0, private, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8dfe19d77ab43a08-YYZ
access-control-allow-origin
*
content-length
2
server
cloudflare

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| set_Cookie function| get_Cookie function| prevent function| $ function| jQuery string| ad1 string| ad2 string| ad3 string| landingDomain function| randomString function| hh number| madInt function| lazyload function| LazyLoad object| DOMString object| objServer function| deadline function| enviar function| tip_text function| messageToSend number| counter number| counter2 number| seconds function| jp function| fh

10 Cookies

Domain/Path Name / Value
bim.7n3r1.shop/az Name: pics
Value: %5B%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx10.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx08.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx06.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx05.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx01.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx03.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx02.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx07.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx04.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx09.jpg%22%5D
bim.7n3r1.shop/az Name: comments
Value: %5B%22I%20am%20disappointed%2C%20I%20got%2035GB%20only%21%22%2C%22First%20I%20thought%20its%20fake%20but%20I%20received%20the%20free%2050GB%20within%2015%20min.%20Thank%20you%2C%20for%20this%20gift.%22%2C%22Victory%20Day%20has%20the%20best%20service%20ever.%20Thank%20you%20for%20the%20free%2050GB%20you%20gave%20me%2C%20Allah%20bless%20you.%22%2C%22This%20is%20real%20guys%20just%20follow%20instructions.%20If%20you%20make%20a%20mistake%20you%27ll%20get%20only%2020GB.%20Thanks%20for%20the%20gift.%22%5D
bim.7n3r1.shop/az Name: names
Value: %5B%22Samir%22%2C%22Leyla%22%2C%22Aida%22%2C%22Farid%22%5D
ld167.4nrdw.shop/az Name: pics
Value: %5B%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx10.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx09.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx06.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx02.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx05.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx07.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx08.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx04.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx01.jpg%22%2C%22https%3A%5C%2F%5C%2Fpub-8754af4ca27141e2bbf6b00da920e3c6.r2.dev%5C%2Ftx03.jpg%22%5D
ld167.4nrdw.shop/az Name: comments
Value: %5B%22I%5Cu2019m%20so%20happy.%20I%20really%20received%20this%20gift.%20Remember%20to%20notify%20me%20if%20there%20is%20such%20an%20event.%22%2C%22Victory%20Day%20has%20the%20best%20service%20ever.%20Thank%20you%20for%20the%20free%2050GB%20you%20gave%20me%2C%20Allah%20bless%20you.%22%2C%22Thanks%20for%20getting%20this%2050GB%20at%20this%20time%2C%20I%20need%20it%20so%20much%22%2C%22I%20am%20disappointed%2C%20I%20got%2035GB%20only%21%22%5D
ld167.4nrdw.shop/az Name: names
Value: %5B%22Nigar%22%2C%22Aysel%22%2C%22Ilham%22%2C%22Elvin%22%5D
ld167.4nrdw.shop/az Name: reg
Value: 1
bim.7n3r1.shop/ Name: loclang
Value: en
.7n3r1.shop/ Name: godomain
Value: ld167.4nrdw.shop
ld167.4nrdw.shop/ Name: loclang
Value: en

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://ld167.4nrdw.shop/az/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o