URL: https://foreverquote.xyz/brkt/t9.php?=ch9
Submission: On December 19 via api from GB — Scanned from DE

Summary

This website contacted 11 IPs in 4 countries across 10 domains to perform 25 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is foreverquote.xyz.
TLS certificate: Issued by WE1 on November 30th 2024. Valid for: 3 months.
This is the only time foreverquote.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 188.114.97.3 13335 (CLOUDFLAR...)
5 188.114.96.3 13335 (CLOUDFLAR...)
3 2a04:4e42::485 54113 (FASTLY)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 149.56.240.130 16276 (OVH OVH SAS)
1 172.67.177.214 13335 (CLOUDFLAR...)
1 172.67.188.110 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 51.77.64.70 16276 (OVH OVH SAS)
1 172.67.146.36 13335 (CLOUDFLAR...)
7 172.67.139.232 13335 (CLOUDFLAR...)
25 11
Apex Domain
Subdomains
Transfer
9 hbbbpi.buzz
hbbbpi.buzz
9 MB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
217 KB
3 acscdn.com
acscdn.com — Cisco Umbrella Rank: 40706
102 KB
2 hutg54.site
hutg54.site
3 KB
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 14713
s4.histats.com — Cisco Umbrella Rank: 12589
5 KB
2 foreverquote.xyz
foreverquote.xyz
4 KB
1 cdnbye.com
eu.cdnbye.com — Cisco Umbrella Rank: 140311
751 B
1 ip-api.com
pro.ip-api.com — Cisco Umbrella Rank: 7020
321 B
1 pubtrky.com
pubtrky.com — Cisco Umbrella Rank: 33025
640 B
1 youradexchange.com
youradexchange.com — Cisco Umbrella Rank: 31478
1 KB
25 10
Domain Requested by
9 hbbbpi.buzz cdn.jsdelivr.net
3 cdn.jsdelivr.net foreverquote.xyz
3 acscdn.com foreverquote.xyz
acscdn.com
2 hutg54.site cdn.jsdelivr.net
2 foreverquote.xyz
1 eu.cdnbye.com cdn.jsdelivr.net
1 pro.ip-api.com cdn.jsdelivr.net
1 pubtrky.com acscdn.com
1 youradexchange.com acscdn.com
1 s4.histats.com s10.histats.com
1 s10.histats.com foreverquote.xyz
25 11

This site contains links to these domains. Also see Links.

Domain
youradexchange.com
Subject Issuer Validity Valid
foreverquote.xyz
WE1
2024-11-30 -
2025-02-28
3 months crt.sh
acscdn.com
WE1
2024-10-21 -
2025-01-19
3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3
2024-07-30 -
2025-08-31
a year crt.sh
s10.histats.com
WE1
2024-12-18 -
2025-03-18
3 months crt.sh
histats.com
R11
2024-10-30 -
2025-01-28
3 months crt.sh
youradexchange.com
WE1
2024-12-06 -
2025-03-06
3 months crt.sh
pubtrky.com
WE1
2024-11-09 -
2025-02-07
3 months crt.sh
hutg54.site
WE1
2024-11-25 -
2025-02-23
3 months crt.sh
hbbbpi.buzz
WE1
2024-11-29 -
2025-02-27
3 months crt.sh
*.ip-api.com
Sectigo RSA Domain Validation Secure Server CA
2023-12-21 -
2025-01-20
a year crt.sh
cdnbye.com
WE1
2024-11-11 -
2025-02-09
3 months crt.sh

This page contains 1 frames:

Primary Page: https://foreverquote.xyz/brkt/t9.php?=ch9
Frame ID: 12624CEE4F84970312C6821B1DE06ECE
Requests: 25 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

25
Requests

100 %
HTTPS

27 %
IPv6

10
Domains

11
Subdomains

11
IPs

4
Countries

9061 kB
Transfer

9853 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request t9.php
foreverquote.xyz/brkt/
10 KB
3 KB
Document
General
Full URL
https://foreverquote.xyz/brkt/t9.php?=ch9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
434f38b41bc7e91cb13e99337f2f931d7b01be7f90a6b9850e77d573b325eb07

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f46c1e78fa72c27-FRA
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Thu, 19 Dec 2024 10:37:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8KRpcsT87Gf3pIno3q7USw8TIzEfo0ZKYngAVXh1FJc7n49HvW%2F%2B%2FYB7Uyt695iljmv2zMvGZwpjPeyn9%2B4r9GucweZZwl%2BhjN5W%2BHnDvCCINSDptsCnssbuC8cKXsUnytBA"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=6581&min_rtt=6367&rtt_var=1226&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4153&recv_bytes=4500&delivery_rate=871&cwnd=12000&unsent_bytes=0&cid=6255f7d7326bef9b&ts=64&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
aclib.js
acscdn.com/script/
131 KB
44 KB
Script
General
Full URL
https://acscdn.com/script/aclib.js
Requested by
Host: foreverquote.xyz
URL: https://foreverquote.xyz/brkt/t9.php?=ch9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f435488d45b53058e71d6f4078fbc241c922e8adc35d521593da67830fbb005

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

x-goog-metageneration
2
x-goog-hash
crc32c=u3ryWg==, md5=1PuVBTh3me3kNVH28DnSPg==
cf-cache-status
HIT
etag
W/"d4fb9505387799ede43551f6f039d23e"
age
1951
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jx63lZCx0rNTMKjz2CCFNJgKjIntPjUZPNCb0cE4%2BxWcb0al5ZEiGUGMQcoG0V4eGdc9OlvqPq2uhrH0qzZ2vzOU4ZCKjxhtXIadJj277kFtwQv4A0JUrGxjqmmN"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding
identity
expires
Thu, 19 Dec 2024 11:04:56 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
134520
server-timing
cfL4;desc="?proto=QUIC&rtt=6810&min_rtt=6343&rtt_var=1670&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4145&recv_bytes=4343&delivery_rate=91909&cwnd=12000&unsent_bytes=0&cid=d14eb65367fa9391&ts=27&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:27 GMT
content-type
text/javascript
last-modified
Tue, 03 Dec 2024 14:39:11 GMT
vary
Accept-Encoding
priority
u=1,i=?0
x-guploader-uploadid
AFiumC7-UbpTY-a4eruMEPNG50EWlnm69IZt1HAx3HKt6KlGSNkf-qkVxDcDJTE33gIJSCIo3w0
cache-control
public, max-age=3600
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class
MULTI_REGIONAL
cf-ray
8f46c1e80f3a9253-FRA
access-control-allow-origin
*
x-goog-generation
1733236751689553
server
cloudflare
clappr.min.js
cdn.jsdelivr.net/npm/@clappr/player@0.8/dist/
616 KB
159 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/@clappr/player@0.8/dist/clappr.min.js
Requested by
Host: foreverquote.xyz
URL: https://foreverquote.xyz/brkt/t9.php?=ch9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f0243f6e2395c077f4ae46ae4b1d969090d64106387b45cb39a28bbdb07e6752
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"9a048-VUE4kN104YCisqBJlMQIdr2LF2k"
age
30944
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Thu, 19 Dec 2024 10:37:27 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220052-FRA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
162561
x-jsd-version
0.8.0
p2p-engine.min.js
cdn.jsdelivr.net/npm/@swarmcloud/hls/
191 KB
55 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Requested by
Host: foreverquote.xyz
URL: https://foreverquote.xyz/brkt/t9.php?=ch9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
786f269ed18afe713331b4a9dbaa727fb89324862e6be2ca5f4009602e0035f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"2fdd2-Bd+xgciUAmpgqRrFA/2WZAC5xVU"
age
29977
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Thu, 19 Dec 2024 10:37:27 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220052-FRA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
56177
x-jsd-version
2.12.15
level-selector.min.js
cdn.jsdelivr.net/clappr.level-selector/latest/
9 KB
3 KB
Script
General
Full URL
https://cdn.jsdelivr.net/clappr.level-selector/latest/level-selector.min.js
Requested by
Host: foreverquote.xyz
URL: https://foreverquote.xyz/brkt/t9.php?=ch9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
23a715a6d8a35921f8c02eab19a93b6c9c42271ecfccbde0005476959e2edff9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"2524-9Cxz5uiSAcz1rVE5FbtBguw6QQw"
age
731122
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Thu, 19 Dec 2024 10:37:27 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220052-FRA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
3219
js15_as.js
s10.histats.com/
11 KB
5 KB
Script
General
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: foreverquote.xyz
URL: https://foreverquote.xyz/brkt/t9.php?=ch9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:245 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cache-control
max-age=28800
content-encoding
gzip
cf-cache-status
HIT
etag
"-375139978"
age
2718
cf-ray
8f46c1e83f66d296-FRA
accept-ranges
bytes
content-length
4547
date
Thu, 19 Dec 2024 10:37:27 GMT
content-type
text/javascript
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
vary
Accept-Encoding
server
cloudflare
0.php
s4.histats.com/stats/
52 B
186 B
Script
General
Full URL
https://s4.histats.com/stats/0.php?3451427&@f16&@g1&@h1&@i1&@j1734604647729&@k0&@l1&@m&@n0&@o1000&@q0&@r0&@s0&@tde-DE&@u1600&@b1:199425005&@b3:1734604648&@b4:js15_as.js&@b5:60&@a-_0.2.1&@vhttps%3A%2F%2Fforeverquote.xyz%2Fbrkt%2Ft9.php%3F%3Dch9&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
149.56.240.130 Montreal, Canada, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns534298.ip-149-56-240.net
Software
/
Resource Hash
1a52b8fce073ffae9b31dcbbc5f294e49d8675b02c553460d23b75fb374fb8cb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

Content-Length
52
Date
Thu, 19 Dec 2024 10:37:34 GMT
Content-Type
text/html;charset=UTF-8
Connection
close
ut.js
acscdn.com/script/
65 KB
25 KB
Script
General
Full URL
https://acscdn.com/script/ut.js?cb=1734604647740
Requested by
Host: acscdn.com
URL: https://acscdn.com/script/aclib.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

x-goog-metageneration
2
x-goog-hash
crc32c=VBET1w==, md5=SvoqyZ+XMx3JgmPUkCKpWA==
cf-cache-status
HIT
etag
W/"4afa2ac99f97331dc98263d49022a958"
age
1124
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVgF6Ji1Czbfaph4fiQcHEmh36a6u3tG7x65Rc%2Fv7mZEkNWn56DZaplzgfHIGYQzB%2B9R3GD28PSp4OTznmRpsN7gn%2FFWwIArWkXNxayW4JviajOBXxqKaajVKa%2F3"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding
identity
expires
Thu, 19 Dec 2024 10:54:50 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
66473
server-timing
cfL4;desc="?proto=QUIC&rtt=6931&min_rtt=6246&rtt_var=283&sent=53&recv=31&lost=0&retrans=0&sent_bytes=49987&recv_bytes=5743&delivery_rate=2791965&cwnd=39600&unsent_bytes=0&cid=d14eb65367fa9391&ts=77&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:27 GMT
content-type
text/javascript
last-modified
Mon, 02 Dec 2024 08:21:47 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-guploader-uploadid
AFiumC6yi2LSI8FIuXF7Y7ootPZ2ywcPUwlNgxvCHYUgjlxZJD-b6ekbWYf73V6bEB0gQbNrEw
cache-control
public, max-age=3600
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class
MULTI_REGIONAL
cf-ray
8f46c1e86f6f9253-FRA
access-control-allow-origin
*
x-goog-generation
1733127707295818
server
cloudflare
suv5.js
acscdn.com/script/
94 KB
34 KB
Script
General
Full URL
https://acscdn.com/script/suv5.js
Requested by
Host: acscdn.com
URL: https://acscdn.com/script/aclib.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a4d2783b78bdf662e363de22187f5a5a8a8eb9c77cac7b159bf7ba9adec15e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

x-goog-metageneration
2
x-goog-hash
crc32c=Qldx6Q==, md5=XQ7dYpjD2B1FC1uKXb9dSg==
cf-cache-status
HIT
etag
W/"5d0edd6298c3d81d450b5b8a5dbf5d4a"
age
2963
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YZYMwXBgP7TabudhcrJ9QcKjbM36lPo1TS8XWGjZ3WrK8jaVI0f4NRC3oPQ%2FhcRlWTKz3W%2BcTE9PJOzZAENE04ilqXYg6T%2B4QCfEjWjwUXLBju3qXzTDczagmn39"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding
identity
expires
Thu, 19 Dec 2024 10:24:18 GMT
alt-svc
h3=":443"; ma=86400
x-goog-stored-content-length
96192
server-timing
cfL4;desc="?proto=QUIC&rtt=6931&min_rtt=6246&rtt_var=283&sent=54&recv=31&lost=0&retrans=0&sent_bytes=51005&recv_bytes=5743&delivery_rate=2791965&cwnd=39600&unsent_bytes=0&cid=d14eb65367fa9391&ts=77&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:27 GMT
content-type
text/javascript
last-modified
Tue, 03 Dec 2024 14:46:43 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-guploader-uploadid
AFiumC6D-8qeUEU2hU4-PvXN3srlBUUVQ2KBxgg6iUZ2Bri1Lb1Q6P50M0zYqhR9F9rWAhfvnek
cache-control
public, max-age=3600
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-storage-class
MULTI_REGIONAL
cf-ray
8f46c1e86f729253-FRA
access-control-allow-origin
*
x-goog-generation
1733237203493345
server
cloudflare
suurl5.php
youradexchange.com/script/
949 B
1 KB
Fetch
General
Full URL
https://youradexchange.com/script/suurl5.php?r=9055278&chmob=%3F0&cbur=0.0721904331283385&cbiframe=0&cbWidth=1600&cbHeight=1200&cbtitle=&cbpage=https%3A%2F%2Fforeverquote.xyz%2Fbrkt%2Ft9.php%3F%3Dch9&cbref=&cbdescription=&cbkeywords=&cbcdn=acscdn.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2FGoogle%20Inc.1600x1200-60de-DE83224%20bits&ts=1734604647792&srs=4db242c141deaf457f8ab669c09760ee&atv=57.0
Requested by
Host: acscdn.com
URL: https://acscdn.com/script/suv5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.177.214 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f98c442b98992546596c246ace06a093ec8db23bc00cda9aefaa8da214a31a9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qdRqBDEBD4w3m1dwCg3undDr3rbCZYMSxBoz8LNuFmniVRnBy4r9A5N4kbSu7LdzrO0MoIkWLge970n0wN5osWlLLrqwB%2BYICKNRSNl39C5pOYdR52T0tMJ2DXYxtQuyCgXECs8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, POST, OPTIONS
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=17514&min_rtt=15447&rtt_var=5178&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4182&recv_bytes=4689&delivery_rate=635&cwnd=12000&unsent_bytes=0&cid=e49edca37c7dda45&ts=190&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:27 GMT
content-type
application/json; charset=utf-8
vary
accept-encoding
priority
u=1,i
access-control-allow-headers
Content-Type
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 google
cf-ray
8f46c1e8fab52baf-FRA
access-control-allow-origin
*
server
cloudflare
hb.php
pubtrky.com/ut/
0
640 B
Ping
General
Full URL
https://pubtrky.com/ut/hb.php?cb=0.10650851013138274&v=1
Requested by
Host: acscdn.com
URL: https://acscdn.com/script/ut.js?cb=1734604647740
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.188.110 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain; charset=utf-8
Referer
https://foreverquote.xyz/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wyjr3Ndo9UmMezeznejU7E%2B%2F99Ji4URwR8RUg7KmKexvJJ26eEuSrm%2FYguX1uTVce16e5z0NqOc24B6Df5TXilU57v06V6f%2Biar7eeY5M2ZgnUzVl9kVyzAdptyYlw%3D%3D"}],"group":"cf-nel","max_age":604800}
via
1.1 google
cf-ray
8f46c1e98fdadc8e-FRA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=18775&min_rtt=15660&rtt_var=7543&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4128&recv_bytes=5359&delivery_rate=790&cwnd=12000&unsent_bytes=0&cid=08e29933fcd34958&ts=147&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:28 GMT
server
cloudflare
priority
u=4,i
hlsch9.m3u8
hutg54.site/chunklist/
3 KB
1 KB
XHR
General
Full URL
https://hutg54.site/chunklist/hlsch9.m3u8?wmsAuthSign=c2VydmVyX3RpbWU9MTIvMTkvMjAyNCAxMCA6MzcgOjI3ICBBTSZoYXNoX3ZhbHVlPWE3SGIyRlppRkQvckxoMTlVTFJUdlE9PSZ2YWxpZG1pbnV0ZXM9NzIwJmlkPTgxLjk1LjUuMzkmc3RybV9sZW49NQ==
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@clappr/player@0.8/dist/clappr.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bf8cf3f49001cf703d85a6babb9d8cd5546d784b8c4d31568474ce47c991c1d
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

content-encoding
zstd
cf-cache-status
DYNAMIC
etag
W/"6763f767-de6"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7My7D1oo%2Fp2lLSmqrfnDW8JFILl8wuZeMTCZsNXDux8b1zPxGcUihlxwd0QrK347JeJpCpa2dPEjhrAlFFJo%2Bp2tOI3g%2BZpHv7mU2pXbP%2FQl1zoWEIJM8K4DFhIIGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=8178&min_rtt=7557&rtt_var=2038&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4177&recv_bytes=4563&delivery_rate=816&cwnd=12000&unsent_bytes=0&cid=7b497bfb109f1405&ts=79&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:28 GMT
content-type
application/vnd.apple.mpegurl
last-modified
Thu, 19 Dec 2024 10:37:27 GMT
priority
u=1,i
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1ea3f0fd2fa-FRA
access-control-allow-origin
*
x-xss-protection
1; mode=block
server
cloudflare
favicon.ico
foreverquote.xyz/
708 B
1 KB
Other
General
Full URL
https://foreverquote.xyz/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/brkt/t9.php?=ch9

Response headers

cache-control
private, no-cache, no-store, must-revalidate, max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
BYPASS
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q8KXIpwsoUXyjkaOKi88dpDMONwUwwJqlqmctJw4B9rnqmmQOwQlcQwXgmQjyk7t0pLQuRQnIP3pJ1yjLPrtqRdPEKR6WjbfSwdkqj7iZJHCBUEWyjFoNpHUZaLVPcW6LGys"}],"group":"cf-nel","max_age":604800}
cf-ray
8f46c1ea59412c27-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=8985&min_rtt=6367&rtt_var=4461&sent=19&recv=16&lost=0&retrans=0&sent_bytes=10391&recv_bytes=5602&delivery_rate=127784&cwnd=12000&unsent_bytes=0&cid=6255f7d7326bef9b&ts=488&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:28 GMT
content-type
text/html
vary
Accept-Encoding
server
cloudflare
priority
u=1,i
hlsch9.m3u8
hutg54.site/chunklist/
3 KB
1 KB
XHR
General
Full URL
https://hutg54.site/chunklist/hlsch9.m3u8?wmsAuthSign=c2VydmVyX3RpbWU9MTIvMTkvMjAyNCAxMCA6MzcgOjI3ICBBTSZoYXNoX3ZhbHVlPWE3SGIyRlppRkQvckxoMTlVTFJUdlE9PSZ2YWxpZG1pbnV0ZXM9NzIwJmlkPTgxLjk1LjUuMzkmc3RybV9sZW49NQ==
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@clappr/player@0.8/dist/clappr.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44e62c0969f72d3204d843c659ccf2a2d4b8cba87b0ad6d90f89c9e4ef4e0f76
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

content-encoding
zstd
cf-cache-status
DYNAMIC
etag
W/"6763f768-de6"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hemu2DXMMrTNJTPgvrgKcbd1LztQ14ALVHB6DZKwQXY211ymu3XRKIup3FowbOKyRY3S69g%2B0PO9fnIvPlziulqUgt00243NDTUPptwnZDxUdSA%2BevZDgriy6b%2BIrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=9178&min_rtt=7205&rtt_var=3572&sent=18&recv=13&lost=0&retrans=0&sent_bytes=5695&recv_bytes=5526&delivery_rate=8515&cwnd=12000&unsent_bytes=0&cid=7b497bfb109f1405&ts=1312&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:29 GMT
content-type
application/vnd.apple.mpegurl
last-modified
Thu, 19 Dec 2024 10:37:28 GMT
priority
u=1,i
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1f10c94d2fa-FRA
access-control-allow-origin
*
x-xss-protection
1; mode=block
server
cloudflare
hlsch9_4097_077.gif
hbbbpi.buzz/
505 KB
506 KB
XHR
General
Full URL
https://hbbbpi.buzz/hlsch9_4097_077.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@clappr/player@0.8/dist/clappr.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:8be8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42afee356fa38d17daede5e161a3d9376cf0c5b3a1a30bc0c7ef49e167ac54ee
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cf-cache-status
MISS
etag
"6763f745-7e210"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w0PS58YpTfryhW3CHdM7i%2BZeA%2BzBv%2FQa4lxY2j3UN8CNLCS52EcxwfvNoUg8%2F7fkZX6Cc74FG4i4CoSKPC4dO09ZG87GnaisvOpsrwSz%2F0LlolqXP%2FuyjymE%2FqgYNOQsfWJqLaHdESbPDg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=8556&min_rtt=6308&rtt_var=2102&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3936&recv_bytes=2213&delivery_rate=444838&cwnd=253&unsent_bytes=0&cid=0640ef82fc3b5a72&ts=48&x=0"
date
Thu, 19 Dec 2024 10:37:29 GMT
content-type
image/gif
last-modified
Thu, 19 Dec 2024 10:36:53 GMT
vary
Accept-Encoding
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1f31f80d35a-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
516624
x-xss-protection
1; mode=block
server
cloudflare
json
pro.ip-api.com/
165 B
321 B
Fetch
General
Full URL
https://pro.ip-api.com/json?fields=2181826&key=XOpiansRgYxGTho
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.77.64.70 , Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
de-fra-1.pro.ip-api.com
Software
/
Resource Hash
206a897d4335ab4e2688975d97034a3e4f2709326beccac21a91fbdc48880e72

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

Access-Control-Allow-Origin
*
Content-Length
165
Date
Thu, 19 Dec 2024 10:37:29 GMT
Content-Type
application/json; charset=utf-8
channel
eu.cdnbye.com/v1/
84 B
751 B
Fetch
General
Full URL
https://eu.cdnbye.com/v1/channel
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.146.36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0043a51b791aff1352c55be2ab996dbc521629ed952be04c9ad04c458c1ab134

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://foreverquote.xyz/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tc4v9qG8lWOjAIr0kG0rbVamKsLDbK8CcsDFJmW2Q4CP5yfYFgVK%2FeAS8%2FKetZQoHvNiTNn5n6R89IJUPnG6l62F8FI0FmDewKikCc4qmL8%2FPIm4JwE70OKUA%2FKiwu15"}],"group":"cf-nel","max_age":604800}
cf-ray
8f46c1f1c9a59b43-FRA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7268&min_rtt=6920&rtt_var=1908&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4174&recv_bytes=4792&delivery_rate=74338&cwnd=12000&unsent_bytes=0&cid=f4eb4922543450dc&ts=25&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:29 GMT
content-type
application/json; charset=utf-8
server
cloudflare
priority
u=1,i
hlsch9_4097_078.gif
hbbbpi.buzz/
894 KB
896 KB
Fetch
General
Full URL
https://hbbbpi.buzz/hlsch9_4097_078.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:8be8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a393db6eae464afb667219e73e61179297a8ac0571ccbed5a97defd971e6136
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cf-cache-status
MISS
etag
"6763f74a-df924"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gQkahDD2smLIN%2FyNUvRcL%2FQaD5NvDA54wGU3wbJ%2FvGnD%2FuFZYnpYUmV3kI7TFjqUHJ6BohrTVjAep1mXXYPBUIq3Q%2F4%2F0el0Ak1CsCKXjpNIcpP%2FRvAIXlJYaQe9hZAwtGwu9CylK9Nlgg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=14197&min_rtt=6230&rtt_var=10153&sent=421&recv=213&lost=0&retrans=0&sent_bytes=524476&recv_bytes=2279&delivery_rate=35507852&cwnd=590&unsent_bytes=0&cid=0640ef82fc3b5a72&ts=150&x=0"
date
Thu, 19 Dec 2024 10:37:29 GMT
content-type
image/gif
last-modified
Thu, 19 Dec 2024 10:36:58 GMT
vary
Accept-Encoding
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1f3d8bcd35a-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
915748
x-xss-protection
1; mode=block
server
cloudflare
hlsch9_4097_079.gif
hbbbpi.buzz/
822 KB
823 KB
Fetch
General
Full URL
https://hbbbpi.buzz/hlsch9_4097_079.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.232 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39b8b1059024313d0916f171a28bc0feed68046664182083beebdcec7bbd0878
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cf-cache-status
MISS
etag
"6763f74e-cd7cc"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gu9NugCM5E9a3iuyF%2FvPscONgul8DXFe9O6qu8WLDri7W%2B%2BKso9GcsnYtVAH%2BpAQ75DyXktftGSc%2FF%2BZo40seIfxX43TqIv%2FPuRpNIHCMK17fSrvtkx48bHtBcbkQg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=11775&min_rtt=6615&rtt_var=9259&sent=15&recv=12&lost=0&retrans=1&sent_bytes=4255&recv_bytes=4498&delivery_rate=2411&cwnd=12000&unsent_bytes=0&cid=1a7cf21d6de938b2&ts=250&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:29 GMT
content-type
image/gif
last-modified
Thu, 19 Dec 2024 10:37:02 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1f53fe39a0c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
841676
x-xss-protection
1; mode=block
server
cloudflare
hlsch9_4097_080.gif
hbbbpi.buzz/
1 MB
1 MB
Fetch
General
Full URL
https://hbbbpi.buzz/hlsch9_4097_080.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.232 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec525d4a73f475057b44f82d926571ac34e4caaa3f0b2dc5e1d4b3ba3b1d4121
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cf-cache-status
MISS
etag
"6763f752-118ab4"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kgks3Tn8FoyGtiTE7czG%2FKro3h8ZQ6EkY4akbPTSYCuiniWOQw1M9QAZtDLX7Lxeaa11wCJsegHZDYX%2F6lPXGZBD8TQCSC86KtmorREyDZPZsUoDWjp%2FS4RCpU8FiA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=8527&min_rtt=6428&rtt_var=237&sent=737&recv=123&lost=1&retrans=1&sent_bytes=865984&recv_bytes=9728&delivery_rate=35955875&cwnd=444000&unsent_bytes=0&cid=1a7cf21d6de938b2&ts=406&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:29 GMT
content-type
image/gif
last-modified
Thu, 19 Dec 2024 10:37:06 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1f628409a0c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1149620
x-xss-protection
1; mode=block
server
cloudflare
hlsch9_4097_081.gif
hbbbpi.buzz/
910 KB
912 KB
Fetch
General
Full URL
https://hbbbpi.buzz/hlsch9_4097_081.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.232 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9e566dc422364e35836b4850694abe32a15a2f62f38ebe4e9901fb331b716fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cf-cache-status
MISS
etag
"6763f756-e3908"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=avmkQF5cGSz%2FEuATi1Wa28D0aRIeI2Mkvilj0iKAP8%2F9h8ryh78%2FAHB0IT9CCCk2hy95uedxT2czLvieZMB7xIIr5XSSmMU89q2cxB8G0f%2FM9gXt8MFpmZyiaMjZOw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=12249&min_rtt=6863&rtt_var=8827&sent=40&recv=36&lost=5&retrans=3&sent_bytes=8607&recv_bytes=36867&delivery_rate=888&cwnd=8400&unsent_bytes=0&cid=0939d506b79ca488&ts=1012&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:30 GMT
content-type
image/gif
last-modified
Thu, 19 Dec 2024 10:37:10 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1f74c542c56-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
932104
x-xss-protection
1; mode=block
server
cloudflare
hlsch9_4097_082.gif
hbbbpi.buzz/
2 MB
2 MB
Fetch
General
Full URL
https://hbbbpi.buzz/hlsch9_4097_082.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.232 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70fe55448f6da8d24b48f90467a161aeebe35a3e895f396ac3fa2c2b24c24f1b
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cf-cache-status
MISS
etag
"6763f75b-1ba81c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DcZsNjEFobNTDAlyoNe36eXBfSCtZMXorBvbyrNf4Jz%2Bc6LBiLesSKkdqVFlnx7qJdXAgMxGhvJc8zbeqJcArjXb6BSZZqlt%2Fjyg68pLdk0AO2TpS58S4g3mMCLQhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7230&min_rtt=6433&rtt_var=416&sent=861&recv=184&lost=10&retrans=8&sent_bytes=969332&recv_bytes=43845&delivery_rate=6687870&cwnd=46680&unsent_bytes=0&cid=0939d506b79ca488&ts=1382&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:30 GMT
content-type
image/gif
last-modified
Thu, 19 Dec 2024 10:37:15 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1f99dd32c56-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1812508
x-xss-protection
1; mode=block
server
cloudflare
hlsch9_4097_083.gif
hbbbpi.buzz/
584 KB
585 KB
Fetch
General
Full URL
https://hbbbpi.buzz/hlsch9_4097_083.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.232 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22a3546aa067c7fe2526be256c006ae70b7439076a3b25c437e6aa59470af654
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cf-cache-status
MISS
etag
"6763f75e-91e94"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DliSwjUwDLZLePLTy0IG17LUYa63O4nW805CCSXeLOmk040y7F50GL8TuZQJRuSwUg8M%2BrcjDqMizP9cB70pzhp8NhQJw0q0QuPsNQH8ZncYQV16erdS595qgngz7g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7111&min_rtt=6401&rtt_var=522&sent=2414&recv=362&lost=10&retrans=8&sent_bytes=2823771&recv_bytes=52167&delivery_rate=8825237&cwnd=80280&unsent_bytes=0&cid=0939d506b79ca488&ts=1671&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:30 GMT
content-type
image/gif
last-modified
Thu, 19 Dec 2024 10:37:18 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1fb6efe2c56-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
597652
x-xss-protection
1; mode=block
server
cloudflare
hlsch9_4097_084.gif
hbbbpi.buzz/
1 MB
1 MB
Fetch
General
Full URL
https://hbbbpi.buzz/hlsch9_4097_084.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.232 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43ab5929fead41afcc85cd9ce4dca7ab2689b06937fbbe3f1b93fba3d3cf0e18
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cf-cache-status
MISS
etag
"6763f765-13856c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a6QQtK0e3CHJoQzx8MI4dKhFJl8rx8nsATf3d17UFDtF47BgNMlmC%2BU5OXHHtizEfeQXJXGtSB1t%2FRZVFyAJTuqmIekkcYy5W3pQfRP%2B6Mx99yh%2BFPTqe48fakklJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=8672&min_rtt=6401&rtt_var=535&sent=2933&recv=420&lost=10&retrans=8&sent_bytes=3435970&recv_bytes=55059&delivery_rate=8491912&cwnd=87480&unsent_bytes=0&cid=0939d506b79ca488&ts=1780&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:30 GMT
content-type
image/gif
last-modified
Thu, 19 Dec 2024 10:37:25 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c1fc1f662c56-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1279340
x-xss-protection
1; mode=block
server
cloudflare
hlsch9_4097_085.gif
hbbbpi.buzz/
859 KB
860 KB
Fetch
General
Full URL
https://hbbbpi.buzz/hlsch9_4097_085.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.232 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a161b5516ce09f6ddf368d23bce15d001c279eec7351e3ced492383cb328010
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://foreverquote.xyz/

Response headers

cf-cache-status
MISS
etag
"6763f768-d6c24"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AdpsSe5UfV1cYKaA%2FJquCvCxRSFU0WuUPxO9rctjLS%2B7sPHlvEw1LrvyDozxBF%2B%2FGnuahnGsn12WhBjbGjqA7cDMH7VU%2BW600Wz2C5ZJh6NRNz4HF8DNns8r3Gv%2FRw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6903&min_rtt=6401&rtt_var=240&sent=4040&recv=539&lost=10&retrans=8&sent_bytes=4745414&recv_bytes=60711&delivery_rate=14022455&cwnd=103080&unsent_bytes=0&cid=0939d506b79ca488&ts=2602&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 10:37:31 GMT
content-type
image/gif
last-modified
Thu, 19 Dec 2024 10:37:28 GMT
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
X-requested-With, Accept, Content-Type, Origin
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
cache-control
max-age=2, no-store, must-revalidate, proxy-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin
cf-ray
8f46c2013ad22c56-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
879652
x-xss-protection
1; mode=block
server
cloudflare

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| BLOCKED_URL string| FORWARDING_URL string| b object| _Hasync function| chfh function| chfh2 string| _HST_cntval object| Histats function| Adcash function| AtcshAltNm string| rgxngibqxq object| aclib object| LcKkvrRNy5ckiv object| Clappr function| Zepto function| $ function| P2PEngineHls function| P2pEngineHls function| LevelSelector object| p2pConfig object| player boolean| user_engagement1219 function| PopUnder string| utsid-send object| _HistatsCounterGraphics_0_setValues

8 Cookies

Domain/Path Name / Value
foreverquote.xyz/ Name: HstCfa3451427
Value: 1734604647729
foreverquote.xyz/ Name: HstCla3451427
Value: 1734604647729
foreverquote.xyz/ Name: HstCmu3451427
Value: 1734604647729
foreverquote.xyz/ Name: HstPn3451427
Value: 1
foreverquote.xyz/ Name: HstPt3451427
Value: 1
foreverquote.xyz/ Name: HstCnv3451427
Value: 1
foreverquote.xyz/ Name: HstCns3451427
Value: 1
my.rtmark.net/ Name: ID
Value: 018137c7276944dbf08955d1b8430469

1 Console Messages

Source Level URL
Text
network error URL: https://foreverquote.xyz/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acscdn.com
cdn.jsdelivr.net
eu.cdnbye.com
foreverquote.xyz
hbbbpi.buzz
hutg54.site
pro.ip-api.com
pubtrky.com
s10.histats.com
s4.histats.com
youradexchange.com
149.56.240.130
172.67.139.232
172.67.146.36
172.67.177.214
172.67.188.110
188.114.96.3
188.114.97.3
2606:4700:10::6814:245
2606:4700:3034::ac43:8be8
2a04:4e42::485
51.77.64.70
0043a51b791aff1352c55be2ab996dbc521629ed952be04c9ad04c458c1ab134
0a4d2783b78bdf662e363de22187f5a5a8a8eb9c77cac7b159bf7ba9adec15e7
1a52b8fce073ffae9b31dcbbc5f294e49d8675b02c553460d23b75fb374fb8cb
1f435488d45b53058e71d6f4078fbc241c922e8adc35d521593da67830fbb005
206a897d4335ab4e2688975d97034a3e4f2709326beccac21a91fbdc48880e72
22a3546aa067c7fe2526be256c006ae70b7439076a3b25c437e6aa59470af654
23a715a6d8a35921f8c02eab19a93b6c9c42271ecfccbde0005476959e2edff9
2a161b5516ce09f6ddf368d23bce15d001c279eec7351e3ced492383cb328010
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
39b8b1059024313d0916f171a28bc0feed68046664182083beebdcec7bbd0878
3a393db6eae464afb667219e73e61179297a8ac0571ccbed5a97defd971e6136
42afee356fa38d17daede5e161a3d9376cf0c5b3a1a30bc0c7ef49e167ac54ee
434f38b41bc7e91cb13e99337f2f931d7b01be7f90a6b9850e77d573b325eb07
43ab5929fead41afcc85cd9ce4dca7ab2689b06937fbbe3f1b93fba3d3cf0e18
44e62c0969f72d3204d843c659ccf2a2d4b8cba87b0ad6d90f89c9e4ef4e0f76
6f98c442b98992546596c246ace06a093ec8db23bc00cda9aefaa8da214a31a9
70fe55448f6da8d24b48f90467a161aeebe35a3e895f396ac3fa2c2b24c24f1b
786f269ed18afe713331b4a9dbaa727fb89324862e6be2ca5f4009602e0035f6
8bf8cf3f49001cf703d85a6babb9d8cd5546d784b8c4d31568474ce47c991c1d
a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32
a9e566dc422364e35836b4850694abe32a15a2f62f38ebe4e9901fb331b716fd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec525d4a73f475057b44f82d926571ac34e4caaa3f0b2dc5e1d4b3ba3b1d4121
f0243f6e2395c077f4ae46ae4b1d969090d64106387b45cb39a28bbdb07e6752