urlscan.io logo urlscan.io
SecurityTrails logo

w1ft1qku.cn Open in urlscan Pro
2a06:98c1:3121::7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://odylmtqif.rhzriq.tw/fb20RARKU2N8BnEDdUImNjEXS3RkIQoGQQAGNmMkACkYLDY_fAAQNhoeMAEqFmlbIHwPR20vQUUfDgMZ?tko1646580854370
Effective URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Submission Tags: falconsandbox
Submission: On March 06 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 43 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is w1ft1qku.cn. The Cisco Umbrella rank of the primary domain is 740723.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 15th 2022. Valid for: a year.
This is the only time w1ft1qku.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
4 2a06:98c1:312... 13335 (CLOUDFLAR...)
6 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
15 2606:4700:303... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
2 185.66.201.42 201702 (SKHOSTING-EU)
2 185.66.200.220 201702 (SKHOSTING-EU)
8 103.235.46.191 55967 (BAIDU Bei...)
1 2a00:1450:400... 15169 (GOOGLE)
43 10
1    2606:4700:3031::ac43:cfb8 (United States)

ASN13335 (CLOUDFLARENET, US)
odylmtqif.rhzriq.tw
4    2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)
w1ft1qku.cn
6    2606:4700:3037::ac43:c7d0 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.cc
1    2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
15    2606:4700:3034::ac43:debe (United States)

ASN13335 (CLOUDFLARENET, US)
img.publicdn.xyz
3    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
1.bp.blogspot.com
2    185.66.201.42 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: affilist.com
qoaaa.com
2    185.66.200.220 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.220.skhosting.eu
uprimp.com
8    103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com
1    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Apex Domain
Subdomains		 Transfer
15 publicdn.xyz
img.publicdn.xyz — Cisco Umbrella Rank: 336404
213 KB
8 baidu.com
hm.baidu.com — Cisco Umbrella Rank: 8656
61 KB
6 jsdelivr.cc
cdn.jsdelivr.cc — Cisco Umbrella Rank: 250869
102 KB
4 w1ft1qku.cn
w1ft1qku.cn — Cisco Umbrella Rank: 740723
20 KB
3 blogspot.com
1.bp.blogspot.com — Cisco Umbrella Rank: 8530
121 KB
2 uprimp.com
uprimp.com — Cisco Umbrella Rank: 182770
936 B
2 qoaaa.com
qoaaa.com — Cisco Umbrella Rank: 276392
5 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
335 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 54
63 KB
1 rhzriq.tw
odylmtqif.rhzriq.tw
1 KB
43 10
Domain Requested by
15 img.publicdn.xyz w1ft1qku.cn
8 hm.baidu.com w1ft1qku.cn
6 cdn.jsdelivr.cc w1ft1qku.cn
4 w1ft1qku.cn odylmtqif.rhzriq.tw
w1ft1qku.cn
cdn.jsdelivr.cc
3 1.bp.blogspot.com w1ft1qku.cn
2 uprimp.com w1ft1qku.cn
uprimp.com
2 qoaaa.com w1ft1qku.cn
qoaaa.com
1 www.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com w1ft1qku.cn
1 odylmtqif.rhzriq.tw
43 10

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-02-15 -
2023-02-15		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
qoaaa.com
R3		 2022-02-06 -
2022-05-07		 3 months crt.sh
uprimp.com
R3		 2022-01-01 -
2022-04-01		 3 months crt.sh
baidu.com
GlobalSign Organization Validation CA - SHA256 - G2		 2021-07-01 -
2022-08-02		 a year crt.sh

This page contains 3 frames:

Primary Page: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Frame ID: 0ECD811B9F4C67E3E565500D3E3BF44D
Requests: 41 HTTP requests in this frame

Frame: https://uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=164658097829751&xtt=4530445
Frame ID: 336C84C55286FFAA4354D81F09FDF072
Requests: 1 HTTP requests in this frame

Frame: https://qoaaa.com//4fe48aebd6/4f59451604/?placementName=default&randomA=0_3512&maxw=0
Frame ID: 11A7C9D19E82E70E1CC547E52492BC32
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

🎉️💸️️️Lidl Geschenk zum Frauentag!👧🎁️️️️🎊

Page URL History Show full URLs

  1. http://odylmtqif.rhzriq.tw/fb20RARKU2N8BnEDdUImNjEXS3RkIQoGQQAGNmMkACkYLDY_fAAQNhoeMAEqFmlbIHwPR20vQUUf... Page URL
  2. https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • hm\.baidu\.com/hm\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • sweetalert2(?:\.all)?(?:\.min)?\.js
  • /npm/sweetalert2@([\d.]+)
  • sweetalert2@([\d.]+)/dist/sweetalert2(?:\.all)(?:\.min)\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

43
Requests

98 %
HTTPS

70 %
IPv6

10
Domains

10
Subdomains

10
IPs

4
Countries

587 kB
Transfer

1182 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://odylmtqif.rhzriq.tw/fb20RARKU2N8BnEDdUImNjEXS3RkIQoGQQAGNmMkACkYLDY_fAAQNhoeMAEqFmlbIHwPR20vQUUfDgMZ?tko1646580854370 Page URL
  2. https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
fb20RARKU2N8BnEDdUImNjEXS3RkIQoGQQAGNmMkACkYLDY_fAAQNhoeMAEqFmlbIHwPR20vQUUfDgMZ
odylmtqif.rhzriq.tw/ 		710 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://odylmtqif.rhzriq.tw/fb20RARKU2N8BnEDdUImNjEXS3RkIQoGQQAGNmMkACkYLDY_fAAQNhoeMAEqFmlbIHwPR20vQUUfDgMZ?tko1646580854370
Protocol
HTTP/1.1
Server
2606:4700:3031::ac43:cfb8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Sun, 06 Mar 2022 15:36:17 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
POST,GET,OPTIONS
Access-Control-Allow-Headers
X-Requested-With,X_Requested_With,X-PINGOTHER,Content-Type
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0UwLl1YihVxy2ywt6Bghm%2FF1TflJtC8pr6yYK2l1kzEkodihcTMBFqieVQ%2FP58roeHpA2EM8dny6ziRUp4zVU3w28K6ZLlJRsbGs5%2B9gtQkWywq9IEs%2Fi2N3UXxvtDvhYu9WBDtm2OdEUvdVVEe3HCx9"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
6e7c2a854c0e9942-FRA
Content-Encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Primary Request /
w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/ 		81 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Requested by
Host: odylmtqif.rhzriq.tw
URL: http://odylmtqif.rhzriq.tw/fb20RARKU2N8BnEDdUImNjEXS3RkIQoGQQAGNmMkACkYLDY_fAAQNhoeMAEqFmlbIHwPR20vQUUfDgMZ?tko1646580854370
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32b3c4a9f4eebd8fb6caf135e3310ffbc555864af2814bcbf965eaebf6af4738

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://odylmtqif.rhzriq.tw/

Response headers

date
Sun, 06 Mar 2022 15:36:17 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ERLwqeGis6STiWchRdbr0cUjGYqbfId2WPldbXVZeLzjIKFcLr8UdafptweLKJNQS9efJoWNHqdSHpDGa1pR5p%2BLDKVSBRpeG7VbVXHKHbirH3kC%2B4gcMU1K1iOxPYJBuqoKFwoGu%2BYvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6e7c2a881c449a3c-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
jquery.min.js
cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c7d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
19876
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 14 Apr 2021 06:26:22 GMT
server
cloudflare
etag
W/"60768b0e-15d9d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xOoRLTa4ONugO62g5t9dV2PCWmHUOOyC2uo7eD17cUs5Jm9HZ2GYb%2FoBwIeOcgyDB%2Bw14mte1i2Ijzli5tH7iq55qWzy28L0rPYGvDHuJ0XC0Mjf4Gr34j%2BUhVQQW77DlCIx6ABRhLCcmwUh%2Fnk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6e7c2a88e997695d-FRA
expires
Sun, 06 Mar 2022 22:05:02 GMT
bootstrap.min.js
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/ 		62 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c7d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18528
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 14 Apr 2021 02:49:20 GMT
server
cloudflare
etag
W/"60765830-f7f1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFZrKowslnzaw33X5K2mXGhou8cJSItyuyxDdT18Y9FZIZ0EK1FQaqbwrqMCTG7I3TbSSOwjHUJUPLA9NrArNTvrEnF7DXSNlSeLOv%2Fgcw8cM%2FeVLvBxUcJEG21RdT1Gcxyawr7hwF%2Flb7nfiPo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6e7c2a88e99b695d-FRA
expires
Sun, 06 Mar 2022 22:27:30 GMT
sweetalert2.all.min.js
cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/ 		71 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.cc/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c7d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b7274b0b5b7f411de46416a6c9941062f7a57aaf919fdeda367b5959f4ce8ef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
20538
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 14 Apr 2021 02:43:30 GMT
server
cloudflare
etag
W/"607656d2-11c3d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68CX5OWOZOdzsn49Dnz3KM%2BUdrqRLGT203SShzQIfFJvT5nmIF6LE%2FlSWt%2B1%2FJg%2BI4Ke54bYGmj9BMk1W1aqC7d6a98BPM2dWHfKpsTvctw4tE7hwNNKvt4hVJnk2TDF8hxe1cnb%2BNCf%2FqkeoFA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6e7c2a88e995695d-FRA
expires
Sun, 06 Mar 2022 21:54:00 GMT
lazyload.min.js
cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.cc/npm/lazyload@2.0.0-rc.2/lazyload.min.js
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c7d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b219e4cd8f8f9216f159285019be30d6bfe475d92ca30b3561551aaa2174751d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
20541
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 27 Jul 2021 04:19:04 GMT
server
cloudflare
etag
W/"60ff8938-12be"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0I%2F%2FE1qroS%2BUSLYFaFrmZrsu%2BtRzoeBSvN26qtc8FTwa1gL6XmgoyR60IfeLFCnt4wMa2DRCQGZoY00wfju2WM9pykVcggiIv%2BmV2KWusK1YYgDiL6sDdvyRufSqa%2BP4qCnvx627NkAzPJryhYQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6e7c2a88e99c695d-FRA
expires
Sun, 06 Mar 2022 21:53:56 GMT
popper.min.js
cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.cc/npm/popper.js@1.16.1/dist/umd/popper.min.js
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c7d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e290dc4993b9ae7d34440db26be412b4bc4547a48ff635750d400164665d7fa6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
20500
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 16 Apr 2021 01:43:03 GMT
server
cloudflare
etag
W/"6078eba7-52f4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YajIZOX05mPWIsZMd1J63hTfAaFhdxamf%2FBwRouELS4UbqPfpkQSaS%2FQ8Gxau4UN6sMlqiSRFPrRH73doVKZgV%2BvZPBwVyb2bcEPe3ygJl4pCKhQer29migjivPa3BhDZClL4FldxdTWIaTsdqk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6e7c2a88e999695d-FRA
expires
Sun, 06 Mar 2022 21:54:38 GMT
bootstrap.min.css
cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/ 		158 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.cc/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c7d0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d7a9043f4bed303fe2974ac4e3ba10d6b214e70f7ae549786ba2d347de05f81

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
20526
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 14 Apr 2021 02:50:45 GMT
server
cloudflare
etag
W/"60765885-27687"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ETFCVxDxr7n96Qjj4kgLX0WW0sD%2FSXd5kkGSIeVlVsJt5AvRwEFqJDkkdTnA9sRTyFh7wCDPYp9mIu0BbSZIqDuyyBsDNurjqYZi5Gn9MxjWpkm5EyMPneiE92QW2B60vSuH1aQDIGPhkgRcJM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
6e7c2a88e993695d-FRA
expires
Sun, 06 Mar 2022 21:54:12 GMT
sur.css
w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/static/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/static/sur.css
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d683da1701abdec19eecd95c5613fb36f014993d6b6e2f45ac464e45cec7f12b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
18
cf-polished
origSize=14725
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 28 Feb 2022 19:55:28 GMT
server
cloudflare
etag
W/"621d28b0-3985"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7gvfVwULGBwNNHgUfy43b%2Bip25dcGLVB931NLfU1wr%2FEVNzyK%2FO32iq6%2FUonAz8cUg9%2Bb1LepAeMh%2F2qb6ur8YcPOBn5O4%2FMAr3IFEHY3%2FIPXg6xhn%2Bc3GsDtfjxRy%2FWgQDVU2gYZ0pBRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
6e7c2a889d159a3c-FRA
expires
Mon, 07 Mar 2022 03:36:00 GMT
js
www.googletagmanager.com/gtag/ 		171 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ENF0F84E24
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0b525f0932670565a803d3b2aecacd2c0a2a6b65f725748f4b593735491d15d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64473
x-xss-protection
0
expires
Sun, 06 Mar 2022 15:36:18 GMT
lidexizuo.png
img.publicdn.xyz/upload/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/lidexizuo.png
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc3d032c7ccdf72d307bede8f3be1d6e7b6ef9b01cde369d2620d3d066d8ae99

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=aaiBHw==, md5=C70hJbC7SjBvE4K2K1EQhQ==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3558
x-guploader-uploadid
ADPycdtBw__M4kBDTzUGzuyw_WcNVVK_LsKMdwPjxmc-H4UIXbj0HfMcGU5WMju_eJchYrDqge4Gn1RD0bCuKLIq5aM
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8226
last-modified
Mon, 28 Feb 2022 18:46:40 GMT
server
cloudflare
etag
"0bbd2125b0bb4a306f1382b62b511085"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ihhCeNejnKibyubvpf7APGE4gurCZArNj0A9JjmK1DdTLD17UhH8KXwSBXGG%2BZAJw1RlH8qDoKpLdWoVxtEsvbrTa%2BYQ%2FhGB6hjQLnG6Gmh84rdPAW794Qbuyp43gUlt1sswCsB0gENkT9FC6pUU"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1646074000562609
content-type
image/png
cache-control
public, max-age=14400
x-goog-stored-content-length
8226
accept-ranges
bytes
cf-ray
6e7c2a89d86d9094-FRA
expires
Sun, 06 Mar 2022 15:37:00 GMT
lidexiyou.png
img.publicdn.xyz/upload/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/lidexiyou.png
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d9232c567b41ed62ae5f9bab40717f0d28d37c4e6a33b3178f4fa56e143b6d2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=1cBeQA==, md5=uXUyz4M04tOqOC3TcnlBMQ==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3558
x-guploader-uploadid
ADPycdswGF2zYqcLxPY1IXRlwx2gjLa8QszL0R7C1EkWrnIwuK3OASfNOOO2xAhZJ088IxhU2Ayyv4w3abWEAzFrSlZyKjFTUA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9236
last-modified
Mon, 28 Feb 2022 18:46:40 GMT
server
cloudflare
etag
"b97532cf8334e2d3aa382dd372794131"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tr5ou0kw%2FCxm3BHxU4%2F286DZXUpsvwhTZeaxUuIozrsAMVQk02VJ%2BzVMZgGDLEUKjDCcZufEVD8WZY13UHvlSh%2FrFzyw6Q1MRUqddaLKo0ED%2Bhw7pp9yppL6Kb2Mbf28xypafBi1naz%2BuLKZ4EEB"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1646074000429926
content-type
image/png
cache-control
public, max-age=14400
x-goog-stored-content-length
9236
accept-ranges
bytes
cf-ray
6e7c2a89d8729094-FRA
expires
Sun, 06 Mar 2022 15:37:00 GMT
sdsfd.jpg
1.bp.blogspot.com/-d8ut_Bipts0/Yeyw9jSjB2I/AAAAAAAAD-A/ZjgBWmR6irUiGXrBBatvpl4hkkl7gbcywCNcBGAsYHQ/s16000/ 		62 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-d8ut_Bipts0/Yeyw9jSjB2I/AAAAAAAAD-A/ZjgBWmR6irUiGXrBBatvpl4hkkl7gbcywCNcBGAsYHQ/s16000/sdsfd.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5f87d0dd1795c78454ba9d2a8ef2f46bdfd182b17fbd8f26c62bb81dffd4b38e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 13:49:26 GMT
x-content-type-options
nosniff
age
6412
content-disposition
inline;filename="sdsfd.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63938
x-xss-protection
0
server
fife
etag
"vfe4"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Mon, 24 Jan 2022 01:52:34 GMT
Germany_outbox.png
1.bp.blogspot.com/-mhFwYo28B2Q/YKppmIsu7ZI/AAAAAAAABgQ/c7DWa0Yxwm49LJDcNEkzDr503wyn4hLtACLcBGAsYHQ/s16000/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-mhFwYo28B2Q/YKppmIsu7ZI/AAAAAAAABgQ/c7DWa0Yxwm49LJDcNEkzDr503wyn4hLtACLcBGAsYHQ/s16000/Germany_outbox.png
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9b7f1ddc36af29778df73a309d2861822456de3eb416e6921a5c44e68435a42f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 11:37:49 GMT
x-content-type-options
nosniff
age
14309
content-disposition
inline;filename="Germany_outbox.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44729
x-xss-protection
0
server
fife
etag
"v605"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 18 Nov 2021 09:39:41 GMT
lidexib1.png
img.publicdn.xyz/upload/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/lidexib1.png
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
164d9aafa618e1e1c1936fcfb5212b51ba2c4cc59a2e30f2a0d61fa2d667fb33

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=HaPuLw==, md5=KUL0hSHnEIMBPwOoKVqf7w==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3558
x-guploader-uploadid
ADPycdtmUhayltEwGstl_wtWyTK62IFLAgxzKlrc8nY3FSylKq_tXw34x_7e-6eLg1ysJVqClDRrEfOwPy9SCqXbh8k
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
16955
last-modified
Mon, 28 Feb 2022 18:46:39 GMT
server
cloudflare
etag
"2942f48521e71083013f03a8295a9fef"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q73H5woXF4jbFQwN7DC1UnvDSac5GfmSoOY3S81nF1yI49lbyAsMZx5f9rFw3%2BHYYKj0q9%2BpbCv4zgB7E8uKe9x4SHWOFF22yxFLbg%2BH10HihBWPSwNj%2Fg7%2FmXX03lT%2Bkr8tWwttt1EoUKyEz3b%2F"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1646073999489107
content-type
image/png
cache-control
public, max-age=14400
x-goog-stored-content-length
16955
accept-ranges
bytes
cf-ray
6e7c2a89d8779094-FRA
expires
Sun, 06 Mar 2022 15:37:00 GMT
lidexib2.png
img.publicdn.xyz/upload/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/lidexib2.png
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e68fbebde0cda275a2721f95339e1f7f33e00615e2de65d57fcd2e05a1242f5e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=IhcdCg==, md5=kCFUcVTMm1VobLSf7rsTpQ==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3560
x-guploader-uploadid
ADPycdsXzh6Ukb9pKOZ7RXK_qkY6MUtu_AoowPR0bjUyAEuuM66t9Y69JjcWVbbhMn-U4wG6XE8d6o7OJO2KFTYa4shrXnZcgg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8457
last-modified
Mon, 28 Feb 2022 18:46:39 GMT
server
cloudflare
etag
"9021547154cc9b55686cb49feebb13a5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wH58PmRZn1m%2F%2FLDd%2BvA2CiNmQKCExZjaehu%2BisyoGVUaRusOP50S%2F6d9pXUNpVpDgxc7uf60fa4tLRgXCGDtZfCtn49lbmFvn81lnqtyxIOAx8QdhX9Cymac9IA%2FMCxYx%2Fu%2B%2Fk6eQAcp2KAwztKj"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1646073999595199
content-type
image/png
cache-control
public, max-age=14400
x-goog-stored-content-length
8457
accept-ranges
bytes
cf-ray
6e7c2a89d8759094-FRA
expires
Sun, 06 Mar 2022 15:36:58 GMT
Germany_inbox.png
1.bp.blogspot.com/-rJwuzcnw3VI/YKppmA0KHEI/AAAAAAAABgM/g534cHj8oxsuYau_w-e69RyO0APgsmLlwCLcBGAsYHQ/s16000/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-rJwuzcnw3VI/YKppmA0KHEI/AAAAAAAABgM/g534cHj8oxsuYau_w-e69RyO0APgsmLlwCLcBGAsYHQ/s16000/Germany_inbox.png
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
32bc695a4583118b2adca0fe87d1f4844905692f48f5f2a0eece23f205536e60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 14:08:21 GMT
x-content-type-options
nosniff
age
5277
content-disposition
inline;filename="Germany_inbox.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14208
x-xss-protection
0
server
fife
etag
"v605"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 13 Nov 2021 04:28:47 GMT
lidexib3.png
img.publicdn.xyz/upload/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/lidexib3.png
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d3185ef374b15663e2cec23cb13ad4bfa3b810dba43a12d64a629cf2b179c35

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=Xkacpw==, md5=RGqlVPo4qLu7JC5mQiCoGw==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1387
x-guploader-uploadid
ADPycdtPXiG-TOz-gq-iJRgFYfuq3_QnPq5cN2MDfE1ByYMHRcBDShXLAfF4PD80HZw-gbMinYDYaHH6eVWlJl6xCFE
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
50795
last-modified
Mon, 28 Feb 2022 18:46:39 GMT
server
cloudflare
etag
"446aa554fa38a8bbbb242e664220a81b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h4lXGWRbpT2FMBuQ2I59uCzcKZkdo2iXmLIkAkq2nlnQynuGQQ8rsESe7RMKDVaI5stSbjPXtuEj%2B3Frlj9088YNIuYcYQwhImHv0aOzg1O02a2oQbZ%2B1DB%2BWsh%2BuSsq5hXf5eSMq7KNc5Q6Alt4"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1646073999614803
content-type
image/png
cache-control
public, max-age=14400
x-goog-stored-content-length
50795
accept-ranges
bytes
cf-ray
6e7c2a89d87a9094-FRA
expires
Sun, 06 Mar 2022 16:05:07 GMT
responsive.js
qoaaa.com/js/ 		3 KB
1013 B 		Script
General
Check archive.org
Download Go to
Full URL
https://qoaaa.com/js/responsive.js
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.201.42 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
affilist.com
Software
nginx /
Resource Hash
4987d5f43ecfeeb96384876eb9247b9653c4cb66628a594cfe87e922ab0a18b5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
last-modified
Tue, 21 Dec 2021 14:23:16 GMT
server
nginx
etag
W/"61c1e354-b1d"
content-type
application/javascript
bnr.php
uprimp.com/ 		427 B
681 B 		Script
General
Check archive.org
Download Go to
Full URL
https://uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.200.220 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.220.skhosting.eu
Software
nginx /
Resource Hash
eef7551ecdb4b93e78e39bc8dac5a968b831cb5552556da6d8733dc1dbb56942

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:36:18 GMT
last-modified
Sun, 06 Mar 2022 15:36:18 GMT
server
nginx
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-robots-tag
noindex, nofollow, noarchive, nosnippet
expires
Sun, 06 Mar 2022 15:36:18 GMT
deguos.jpg
img.publicdn.xyz/upload/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/deguos.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c075f4b04bdb89c9a52e0558e2663250fd842cf53394536f373e8e630fd9e5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=hz0rVA==, md5=/hQTIvFAqNleUC+kizNZ4Q==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1977
x-guploader-uploadid
ADPycdtuy6cNqZ8EWjMakNWn4HMkkNeA9Yr2tFhDrB4EnNU1GWrt8oukjGA77LgohmqaNNsRDiCIBOA1ORtvz1lGuEQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
14651
last-modified
Thu, 24 Feb 2022 10:36:14 GMT
server
cloudflare
etag
"fe141322f140a8d95e502fa48b3359e1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ApSEEu7I8vMsdXtDmJmqj5YAOdkv7OgKrIyEV%2BoJwlEKC%2F46bA8H2fNOve%2BO5E%2Fwj3%2Fn6BCNKAWfhCauW5QjLMMcG5kwnkp%2F8qk17vCNjE9ksBeS1JGBeBn9bW%2Btto%2BnkJOCikmN%2BkMkTsLGLICJ"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645698974307702
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
14651
accept-ranges
bytes
cf-ray
6e7c2a8a49ed923d-FRA
expires
Sun, 06 Mar 2022 15:26:32 GMT
halzz.jpg
img.publicdn.xyz/upload/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/halzz.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2379c4e20f74cf3d2f63867f0fef183757f1b46b9e231670064fd773ce92f48

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=to6Dcw==, md5=n+em9gwJSHjdgwbuB/KsJA==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
722
x-guploader-uploadid
ADPycdvbutmeUXhT48Hv0BqRxANpotrmhh3i90s3PufDBQcaddqo8VS1ememjWEKMg1uSY8y8dn5wNeeC1WKpwA63lg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11177
last-modified
Thu, 24 Feb 2022 12:07:03 GMT
server
cloudflare
etag
"9fe7a6f60c094878dd8306ee07f2ac24"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uh04ECCWZ2HfDTlt3SUvlnmEZojF0MejD%2BH%2ByqHdPds4eXOAQifwcWjZr8UvnTOB1jWhnNnGJw%2FL78AssdMk84AMVWXr0a0Z%2FGwLYFVxlegcN8DCPI8TZUzYlfUApTAAgq66BTCAgqt3QN%2Bh0LSK"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645704423258384
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
11177
accept-ranges
bytes
cf-ray
6e7c2a8a49ef923d-FRA
expires
Sun, 06 Mar 2022 15:35:55 GMT
healsd.jpg
img.publicdn.xyz/upload/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/healsd.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a51cd0b99fdf6d9a20fa8f799ad90e2b570745d50decd48a872f4b5c5cd1883

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=s5B2nQ==, md5=yvKBOigXmMsKqNPqgIWyrQ==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3580
x-guploader-uploadid
ADPycduHwUiV2XuuzUqym5er-1iTLZwcxjiSl_Zg3Z4lu8QaVWQ4T9qrJTKBPDmcP4jtmOvj4xB3NujEG1Hvf8Wu3EQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10576
last-modified
Thu, 24 Feb 2022 12:07:04 GMT
server
cloudflare
etag
"caf2813a281798cb0aa8d3ea8085b2ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AfLFift%2FuH3HssJf7frkWhe%2FgIkNloPTR2VG%2F7P0EePwP4LxIB%2FbANj1rhob6%2BsmsXuZmGz9TLnERqcbZ5gtfB3lFwrl4QAJ3DgqNW4WJ52G9bXrgUI8Xn%2BIppbRZUsewQ%2FyZxCQ4D388US%2FzNN2"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645704424160017
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
10576
accept-ranges
bytes
cf-ray
6e7c2a8a49df923d-FRA
expires
Sun, 06 Mar 2022 15:06:28 GMT
halzzpp.jpg
img.publicdn.xyz/upload/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/halzzpp.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce580e987852055424603d0b6d8d3dce93ec101cc5248af91ad02a2332e393a4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=DyZFog==, md5=eOAhkkEqs32+5kvQulpVDA==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3500
x-guploader-uploadid
ADPycdtIB3ym6XFSZmq9rDFtzclOG0N4p0vYNtkcEnHj359kRkG5UA_FNXuzvMFko_R1BOTKoVENaN0UnuGnY4msBfqhYb834Q
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11266
last-modified
Thu, 24 Feb 2022 12:07:03 GMT
server
cloudflare
etag
"78e02192412ab37dbee64bd0ba5a550c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dg05ltOwVkV3u9yex0JEjkYJVc5yKxqsQeaVTd2OPLzo%2FOvlX7Jg6mjWKY3pSfN50eQkl5U%2FbD0Sm5UyDZEL145zbdFivl5dnv2wC3BWIjAafJwyn1NwirDBUz2ER%2Fn5BS3Ce5JZMTp%2FLeV89tFk"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645704423487378
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
11266
accept-ranges
bytes
cf-ray
6e7c2a8a49e4923d-FRA
expires
Sun, 06 Mar 2022 15:26:32 GMT
wuksx.jpg
img.publicdn.xyz/upload/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/wuksx.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca19081ec77bbf1369b107db26ecca901710f4d9302cd696e14a6568117191c3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=g1jMPg==, md5=a38Fl5nYyTlLdPrqZrpq+g==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1684
x-guploader-uploadid
ADPycduWrLD19A3fH_RHJmYMqEyvi8H_rXhdylFWlKbad29ZlCbtCVbi2y8X9H6MfLwCCmRO6aif01JEBCSWuAI1mFY
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11318
last-modified
Mon, 21 Feb 2022 13:46:07 GMT
server
cloudflare
etag
"6b7f059799d8c9394b74faea66ba6afa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27sthCaqtXhrkxZ0igHPOtLVkdtk25Ag%2FuIWsgD7aEtVhO0RdCR%2B2Zz2mHzJwHz4hqStLdKEuw0hLFtbRLtY6uMwo9%2FD5hTgN92l9Xsl2uL9BOimO9ctAG9gdohGU8BOcd1E3y70C7Z9g7wbd9I6"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645451167483604
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
11318
accept-ranges
bytes
cf-ray
6e7c2a8a49eb923d-FRA
expires
Sun, 06 Mar 2022 15:26:32 GMT
halo.jpg
img.publicdn.xyz/upload/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/halo.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d9c5264a2d050a6afe574bcded3790e869edfb8774485bdc7d4fc1eafd48d1e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=I6KvYw==, md5=JN3IXAy71f3ezzLu29NwOQ==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2947
x-guploader-uploadid
ADPycduvt2cta2lL5mHvjASeMoD2ro5kYE0Y54RMfICcxjQiEKuSpsBRXOX3ZpAlzfatMZ5ivwi1aobYJiOEAD4nBL4
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11560
last-modified
Thu, 24 Feb 2022 12:07:02 GMT
server
cloudflare
etag
"24ddc85c0cbbd5fddecf32eedbd37039"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8VB3YctTMnhUfIxmD9uWEGwG57VQaIF6e%2FES3AsrxlnucLGCXZbaiQAYZ6avBC3f%2BB4zC7U4ZeuN7tvddZYYfyvcEYb3CW5lmccdupZiL8aJLpHA77Dc1omlQz%2Bwr%2FNwzm%2B7AjlBGVaJ0vDg4tST"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645704422317758
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
11560
accept-ranges
bytes
cf-ray
6e7c2a8a49cc923d-FRA
expires
Sun, 06 Mar 2022 15:23:44 GMT
dkjshd.jpg
img.publicdn.xyz/upload/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/dkjshd.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9877011b33ad526d2240aa3b15702c43f6f14cff10a38c00bc8d2aeb2de0d75c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=6wHjWg==, md5=tIsRhMYcQwSzWyeVgMlqOA==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
574
x-guploader-uploadid
ADPycdt3OJs81fOw88u4eOqdu6azXdw86Afy52JJoerbLj6u5Gf65Vum_6YfBAzr8caX_8H64i46y5tSRm-s9FOmizg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
12666
last-modified
Mon, 21 Feb 2022 13:46:07 GMT
server
cloudflare
etag
"b48b1184c61c4304b35b279580c96a38"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nPyF4%2F7PLaN8FNz7TH56WdZjRsZ3XjHHxV9VJjf8P5%2BWRHmXzJHhnu5XeFgWd30%2B87f3R1HF4jvaOcxsx7tO8ciAv9%2Fy0qvdhQq4wXpioMWk1QOEu%2BT9z1YEZh%2BI1bD0a7uAKcsokfo69h0bT33Q"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645451167504611
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
12666
accept-ranges
bytes
cf-ray
6e7c2a8a49ce923d-FRA
expires
Sun, 06 Mar 2022 16:26:36 GMT
halzzas.jpg
img.publicdn.xyz/upload/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/halzzas.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
450a51a0b9ab8d3c3d71d602b7faa2c69dd674b2fd1e2bf4d64469bc30ee833c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=N6fdkQ==, md5=4nIKIlzobf7tjhGlhVO4+A==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1682
x-guploader-uploadid
ADPycdv8dl6-VGowon6hAJCMejGF4H5btD3Zrp7pm1m4DX5AxkoLtJ0hoAkDVDQKKtKIyh6YCRnf6freebop9p5-Rro
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9939
last-modified
Thu, 24 Feb 2022 12:07:03 GMT
server
cloudflare
etag
"e2720a225ce86dfeed8e11a58553b8f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PlmI%2BlYxUFuTOR%2BJ5MNK%2B93Bs7GbU38Ty9HdgYbJqyBMsi%2BnLKf7%2BKcTihzE1xN6GSMcFzeKtlpiayX0Mnd5SzOt7IcePh1rYrL1HJV8igWk1lm%2FPDIq3rJutC1nEcb%2BVftEUBSgO5MTEOyvC4Oe"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645704423270749
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
9939
accept-ranges
bytes
cf-ray
6e7c2a8a49d0923d-FRA
expires
Sun, 06 Mar 2022 16:08:16 GMT
vividd.jpg
img.publicdn.xyz/upload/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/vividd.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c12604b63667652d836d9cb889a3caf45d6e64ddccb46b2e4d067e0e0490b6d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=5UILgA==, md5=sl613HQhjMihnS3EYdL4Lg==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2634
x-guploader-uploadid
ADPycdsEW-0v_OQ5X4QjVJslk4N5bgCiB6d4GBIB-QxdSz-HbbhSi9xhpMI3aZgEGMcFIs29BRB07py7CfJa_IMtGes
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11448
last-modified
Tue, 15 Feb 2022 05:04:15 GMT
server
cloudflare
etag
"b25eb5dc74218cc8a19d2dc461d2f82e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJe4mGniPbAUvd52coXml4A5wi%2BQm6MnYhS6UUtPh232ZRxi%2BIu5joLjsXbHK1QjCn8RLrA%2BVRBEwpx%2FNdakD02YwxIhtcbu%2BhEFumfRgO2Iw1oBMP7PfudDHUN7yKHqEe7CaJRsAV02Qa0%2BHU5y"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1644901455777596
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
11448
accept-ranges
bytes
cf-ray
6e7c2a8a49d2923d-FRA
expires
Sun, 06 Mar 2022 15:40:33 GMT
heutch.jpg
img.publicdn.xyz/upload/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.publicdn.xyz/upload/heutch.jpg
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:debe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b72befbf93f1ca696a43f069aada8d91b51bdea39d93a86305200d42dc19aeef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=wVmIhQ==, md5=CL0t3HY8szBylP4cDx6K7g==
date
Sun, 06 Mar 2022 15:36:18 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2396
x-guploader-uploadid
ADPycdvHePcmCatoKXYFYmjvvrz8a7NCcJqh5yfRB5ppTWkBE2BEcbm6uroZ9qbgwNrALYsOITkb-EQg185ibshlM-vuoql28A
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7698
last-modified
Thu, 24 Feb 2022 12:24:59 GMT
server
cloudflare
etag
"08bd2ddc763cb3307294fe1c0f1e8aee"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zGzUAGEojLqG16uk8oipyUaiXAXzS79u8NKTWp8aiws3iug0zZ%2FnKjfZMs2fi2HH3BbV7g8wKBOomHcmEVi9yCvCAYqDW%2FlEzpd%2FUhUDsOdP9Xm3Z12tp%2FwXjAuobEdz81sXQ5H7bgyOSXXTcpjU"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645705499922541
content-type
image/jpeg
cache-control
public, max-age=14400
x-goog-stored-content-length
7698
accept-ranges
bytes
cf-ray
6e7c2a8a49da923d-FRA
expires
Sun, 06 Mar 2022 15:27:00 GMT
bnr_xload.php
uprimp.com/ Frame 336C 		0
255 B 		Document
General
Check archive.org
Download Go to
Full URL
https://uprimp.com/bnr_xload.php?section=General&pub=593174&format=300x50&ga=g&xt=164658097829751&xtt=4530445
Requested by
Host: uprimp.com
URL: https://uprimp.com/bnr.php?section=General&pub=593174&format=300x50&ga=g
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.200.220 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.220.skhosting.eu
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/

Response headers

server
nginx
date
Sun, 06 Mar 2022 15:36:18 GMT
content-type
text/html; charset=UTF-8
expires
Sun, 06 Mar 2022 15:36:18 GMT
last-modified
Sun, 06 Mar 2022 15:36:18 GMT
cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma
no-cache
x-robots-tag
noindex, nofollow, noarchive, nosnippet
yuming.js
w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/ 		279 B
780 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/yuming.js?1646580978267&_=1646580978096
Requested by
Host: cdn.jsdelivr.cc
URL: https://cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9be19f597ff7fae6f2d86fc23f6c0381ad08c6c11169a57a4ceb958af04124bb

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 28 Feb 2022 19:55:28 GMT
server
cloudflare
etag
W/"621d28b0-117"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BGZxYSnZMjTQaQhaqxYQlfm3PxgbSp%2BF6lzw1vmr4d8BpLm%2FuUnO10jo5Pd2avfcFEW4RxylXh1LGIbxMQUJGmEwDKYDJWEHara64aKpAtKcE%2BDV9FMYKVOvsPAQdSR0RfwlGzJ1nEv0fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6e7c2a8a494a9168-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Mon, 07 Mar 2022 03:36:18 GMT
hm.js
hm.baidu.com/ 		42 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?d0bd1f076ae9a998211cbc2caecf9df2
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
16bf26d7ec0642237837a8410262b09689b57bb044558ee1aa42aab7889b86bc
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sun, 06 Mar 2022 15:36:20 GMT
Content-Encoding
gzip
Server
apache
Etag
66e10158b7cb2c2eb64146d8b2b7eca3
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
15500
hm.js
hm.baidu.com/ 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?c7f1b3f152598f901bc0aad793b18b59
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
750fd6bc7f6914597e8622a2b618f68900521cc04750352b151dbbc8b735b473
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sun, 06 Mar 2022 15:36:20 GMT
Content-Encoding
gzip
Server
apache
Etag
514d7e9cd728fae0c4594ed0694e649b
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
13737
hm.js
hm.baidu.com/ 		42 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?ee082e5d73b289b4f71288ef23cf2ef1
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
d0fddfd4c67af338be395845f34fb548ca75d86674ff956f3bdda8202c3bcb4e
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sun, 06 Mar 2022 15:36:20 GMT
Content-Encoding
gzip
Server
apache
Etag
0cbc1a3e918d03e8dd45149dfdc5b124
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
15496
hm.js
hm.baidu.com/ 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?3883cd39b3c18ae26539940d487c3741
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
336be0dbe96116e62d6411b55c855fcdd5012a21e34694593fc3b47ffc4b62dd
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sun, 06 Mar 2022 15:36:20 GMT
Content-Encoding
gzip
Server
apache
Etag
e0a50041477925f0b3f7fdd858e71bab
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
13744
collect
www.google-analytics.com/g/ 		0
335 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-ENF0F84E24&gtm=2oe320&_p=2046400840&_z=ccd.B&cid=1312002327.1646580978&ul=en-us&sr=1600x1200&_s=1&sid=1646580978&sct=1&seg=0&dl=https%3A%2F%2Fw1ft1qku.cn%2F0ez2IMSy%2Fldyinddew-ms%2F%3F_t%3D1646580977hhh&dr=http%3A%2F%2Fodylmtqif.rhzriq.tw%2F&dt=%F0%9F%8E%89%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8F%EF%B8%8FLidl%20Geschenk%20zum%20Frauentag!%F0%9F%91%A7%F0%9F%8E%81%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ENF0F84E24
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 06 Mar 2022 15:36:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://w1ft1qku.cn
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tb55.php
w1ft1qku.cn/0ez2IMSy/j/ 		500 B
748 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://w1ft1qku.cn/0ez2IMSy/j/tb55.php?c=ldyinddew-ms&np=Advertisement&_=1646580978097
Requested by
Host: cdn.jsdelivr.cc
URL: https://cdn.jsdelivr.cc/npm/jquery@3.6.0/dist/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5444b4d698261be01627b7792cc43320f384f07fda9670d9b210e74f3373da6

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 15:36:18 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wZ%2FiNP0XJGp6EGiSYXZB7ptUWuXDIUB9kBBaRmT92WOhqzvu%2FNqZR2eCyIXUxiXxNKZC%2Fi0Xn5a3PJfu%2FjFFh8SLYXkDi8MSpMCTHGdpVRL4pJ4YDBRnK8hIHXyF4RBz6cQoxDh4UqNcoA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
6e7c2a8bcdfe9168-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=376407107&si=d0bd1f076ae9a998211cbc2caecf9df2&su=http%3A%2F%2Fodylmtqif.rhzriq.tw%2F&v=1.2.90&lv=1&sn=14106&r=0&ww=1600&ct=!!&u=https%3A%2F%2Fw1ft1qku.cn%2F0ez2IMSy%2Fldyinddew-ms%2F%3F_t%3D1646580977hhh%231646580978770&tt=%F0%9F%8E%89%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8F%EF%B8%8FLidl%20Geschenk%20zum%20Frauentag!%F0%9F%91%A7%F0%9F%8E%81%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 06 Mar 2022 15:36:20 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1618971433&si=ee082e5d73b289b4f71288ef23cf2ef1&su=http%3A%2F%2Fodylmtqif.rhzriq.tw%2F&v=1.2.90&lv=1&sn=14106&r=0&ww=1600&ct=!!&u=https%3A%2F%2Fw1ft1qku.cn%2F0ez2IMSy%2Fldyinddew-ms%2F%3F_t%3D1646580977hhh%231646580978770&tt=%F0%9F%8E%89%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8F%EF%B8%8FLidl%20Geschenk%20zum%20Frauentag!%F0%9F%91%A7%F0%9F%8E%81%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 06 Mar 2022 15:36:20 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=519533596&si=c7f1b3f152598f901bc0aad793b18b59&su=http%3A%2F%2Fodylmtqif.rhzriq.tw%2F&v=1.2.90&lv=1&sn=14106&r=0&ww=1600&ct=!!&u=https%3A%2F%2Fw1ft1qku.cn%2F0ez2IMSy%2Fldyinddew-ms%2F%3F_t%3D1646580977hhh%231646580978770&tt=%F0%9F%8E%89%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8F%EF%B8%8FLidl%20Geschenk%20zum%20Frauentag!%F0%9F%91%A7%F0%9F%8E%81%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 06 Mar 2022 15:36:21 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1944921588&si=3883cd39b3c18ae26539940d487c3741&su=http%3A%2F%2Fodylmtqif.rhzriq.tw%2F&v=1.2.90&lv=1&sn=14106&r=0&ww=1600&ct=!!&u=https%3A%2F%2Fw1ft1qku.cn%2F0ez2IMSy%2Fldyinddew-ms%2F%3F_t%3D1646580977hhh%231646580978770&tt=%F0%9F%8E%89%EF%B8%8F%F0%9F%92%B8%EF%B8%8F%EF%B8%8F%EF%B8%8FLidl%20Geschenk%20zum%20Frauentag!%F0%9F%91%A7%F0%9F%8E%81%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F%F0%9F%8E%8A
Requested by
Host: w1ft1qku.cn
URL: https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 06 Mar 2022 15:36:21 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
/
qoaaa.com//4fe48aebd6/4f59451604/ Frame 11A7 		30 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qoaaa.com//4fe48aebd6/4f59451604/?placementName=default&randomA=0_3512&maxw=0
Requested by
Host: qoaaa.com
URL: https://qoaaa.com/js/responsive.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.201.42 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
affilist.com
Software
nginx /
Resource Hash
fac2cc5d3d0c4614213514778076312cde28364929bfc2dd75ca1613c94f3db9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://w1ft1qku.cn/0ez2IMSy/ldyinddew-ms/?_t=1646580977hhh

Response headers

server
nginx
date
Sun, 06 Mar 2022 15:36:21 GMT
content-type
text/html; charset=UTF-8
expires
Sun, 01 Jan 2014 00:00:00 GMT
cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma
no-cache
x-robots-tag
noindex,nofollow
access-control-allow-origin
*
content-encoding
br

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery object| bootstrap function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal object| _0x57c5 function| _0x5233 function| _0x2060cc function| lazyload function| LazyLoad function| Popper function| gtag object| dataLayer string| brand_country object| dayNames object| monthNames string| minutos_y string| segundos object| modalOptions number| g_share_step boolean| g_banner_ad number| g_share_type number| type_op number| cl number| p_e number| p_s object| all_p_e function| stepfinal function| goToUrlFinish function| getBrowser function| getPlatform function| set_Cookie function| get_Cookie function| move boolean| box_ini number| count number| windraw number| intentos boolean| puedo object| boxRoot number| datetime function| swal_box number| maxParticleCount number| particleSpeed function| startConfetti function| stopConfetti function| toggleConfetti function| removeConfetti number| qs number| share_number function| showShare function| continueBtn function| swalert function| shareOkBtn function| shareBtn function| getVcode function| wxalert function| hh1 function| jp function| fh object| _hmt object| google_tag_manager object| google_tag_data object| gaGlobal function| onYouTubeIframeAPIReady function| ReplaceWithPolyfill string| randaffilistX45 object| paths string| project string| np object| nptimes string| Ads string| Web string| j string| j2 string| tj string| tj2 boolean| _bdhm_loaded_d0bd1f076ae9a998211cbc2caecf9df2 object| mini_tangram_log_rdhmai boolean| _bdhm_loaded_ee082e5d73b289b4f71288ef23cf2ef1 object| mini_tangram_log_vapip0 boolean| _bdhm_loaded_c7f1b3f152598f901bc0aad793b18b59 object| mini_tangram_log_6jmeb7 boolean| _bdhm_loaded_3883cd39b3c18ae26539940d487c3741 object| mini_tangram_log_78rdh8

11 Cookies

Domain/Path Name / Value
.w1ft1qku.cn/ Name: _ga_ENF0F84E24
Value: GS1.1.1646580978.1.0.1646580978.0
.w1ft1qku.cn/ Name: _ga
Value: GA1.1.1312002327.1646580978
.hm.baidu.com/ Name: HMACCOUNT_BFESS
Value: 74C7DE922427EB4B
.w1ft1qku.cn/ Name: Hm_lvt_d0bd1f076ae9a998211cbc2caecf9df2
Value: 1646580981
.w1ft1qku.cn/ Name: Hm_lpvt_d0bd1f076ae9a998211cbc2caecf9df2
Value: 1646580981
.w1ft1qku.cn/ Name: Hm_lvt_ee082e5d73b289b4f71288ef23cf2ef1
Value: 1646580981
.w1ft1qku.cn/ Name: Hm_lpvt_ee082e5d73b289b4f71288ef23cf2ef1
Value: 1646580981
.w1ft1qku.cn/ Name: Hm_lvt_c7f1b3f152598f901bc0aad793b18b59
Value: 1646580981
.w1ft1qku.cn/ Name: Hm_lpvt_c7f1b3f152598f901bc0aad793b18b59
Value: 1646580981
.w1ft1qku.cn/ Name: Hm_lvt_3883cd39b3c18ae26539940d487c3741
Value: 1646580981
.w1ft1qku.cn/ Name: Hm_lpvt_3883cd39b3c18ae26539940d487c3741
Value: 1646580981

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
cdn.jsdelivr.cc
hm.baidu.com
img.publicdn.xyz
odylmtqif.rhzriq.tw
qoaaa.com
uprimp.com
w1ft1qku.cn
www.google-analytics.com
www.googletagmanager.com
103.235.46.191
185.66.200.220
185.66.201.42
2606:4700:3031::ac43:cfb8
2606:4700:3034::ac43:debe
2606:4700:3037::ac43:c7d0
2a00:1450:4001:808::200e
2a00:1450:4001:812::2008
2a00:1450:4001:831::2001
2a06:98c1:3121::7
0b525f0932670565a803d3b2aecacd2c0a2a6b65f725748f4b593735491d15d2
0b7274b0b5b7f411de46416a6c9941062f7a57aaf919fdeda367b5959f4ce8ef
164d9aafa618e1e1c1936fcfb5212b51ba2c4cc59a2e30f2a0d61fa2d667fb33
16bf26d7ec0642237837a8410262b09689b57bb044558ee1aa42aab7889b86bc
1d9232c567b41ed62ae5f9bab40717f0d28d37c4e6a33b3178f4fa56e143b6d2
1d9c5264a2d050a6afe574bcded3790e869edfb8774485bdc7d4fc1eafd48d1e
2a51cd0b99fdf6d9a20fa8f799ad90e2b570745d50decd48a872f4b5c5cd1883
2c12604b63667652d836d9cb889a3caf45d6e64ddccb46b2e4d067e0e0490b6d
32b3c4a9f4eebd8fb6caf135e3310ffbc555864af2814bcbf965eaebf6af4738
32bc695a4583118b2adca0fe87d1f4844905692f48f5f2a0eece23f205536e60
336be0dbe96116e62d6411b55c855fcdd5012a21e34694593fc3b47ffc4b62dd
450a51a0b9ab8d3c3d71d602b7faa2c69dd674b2fd1e2bf4d64469bc30ee833c
4987d5f43ecfeeb96384876eb9247b9653c4cb66628a594cfe87e922ab0a18b5
56c075f4b04bdb89c9a52e0558e2663250fd842cf53394536f373e8e630fd9e5
5d3185ef374b15663e2cec23cb13ad4bfa3b810dba43a12d64a629cf2b179c35
5f87d0dd1795c78454ba9d2a8ef2f46bdfd182b17fbd8f26c62bb81dffd4b38e
750fd6bc7f6914597e8622a2b618f68900521cc04750352b151dbbc8b735b473
7d7a9043f4bed303fe2974ac4e3ba10d6b214e70f7ae549786ba2d347de05f81
9877011b33ad526d2240aa3b15702c43f6f14cff10a38c00bc8d2aeb2de0d75c
9b7f1ddc36af29778df73a309d2861822456de3eb416e6921a5c44e68435a42f
9be19f597ff7fae6f2d86fc23f6c0381ad08c6c11169a57a4ceb958af04124bb
a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709
a5444b4d698261be01627b7792cc43320f384f07fda9670d9b210e74f3373da6
b219e4cd8f8f9216f159285019be30d6bfe475d92ca30b3561551aaa2174751d
b2379c4e20f74cf3d2f63867f0fef183757f1b46b9e231670064fd773ce92f48
b72befbf93f1ca696a43f069aada8d91b51bdea39d93a86305200d42dc19aeef
ca19081ec77bbf1369b107db26ecca901710f4d9302cd696e14a6568117191c3
ce580e987852055424603d0b6d8d3dce93ec101cc5248af91ad02a2332e393a4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0fddfd4c67af338be395845f34fb548ca75d86674ff956f3bdda8202c3bcb4e
d683da1701abdec19eecd95c5613fb36f014993d6b6e2f45ac464e45cec7f12b
dc3d032c7ccdf72d307bede8f3be1d6e7b6ef9b01cde369d2620d3d066d8ae99
e290dc4993b9ae7d34440db26be412b4bc4547a48ff635750d400164665d7fa6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e68fbebde0cda275a2721f95339e1f7f33e00615e2de65d57fcd2e05a1242f5e
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
eef7551ecdb4b93e78e39bc8dac5a968b831cb5552556da6d8733dc1dbb56942
fac2cc5d3d0c4614213514778076312cde28364929bfc2dd75ca1613c94f3db9