urlscan.io logo urlscan.io
SecurityTrails logo

www.18plusstream.net Open in urlscan Pro
2a05:d018:244:5200::ab  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cutt.us/lVaIm
Effective URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=...
Submission: On August 20 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 6 countries across 20 domains to perform 43 HTTP transactions. The main IP is 2a05:d018:244:5200::ab, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.18plusstream.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 18th 2020. Valid for: 3 months.
This is the only time www.18plusstream.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

1    69.61.26.121 (Atlanta, United States)

ASN22653 (GLOBALCOMPASS, US)
cutt.us
3    2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
adservice.google.de
adservice.google.com
1    2a00:1450:4001:820::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net
securepubads.g.doubleclick.net
2    2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:81d::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
220812116a78e5d1938cdb8492217978.safeframe.googlesyndication.com
1    2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    95.216.99.227 (Finland)

ASN24940 (HETZNER-AS, DE)
PTR: s62.nska.net
grin23.info
1    2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
7    3.125.100.153 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-100-153.eu-central-1.compute.amazonaws.com
love2nights.com
1    35.158.254.183 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-254-183.eu-central-1.compute.amazonaws.com
typerock.com
1    3.124.157.134 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-157-134.eu-central-1.compute.amazonaws.com
www.adultd8.com
4    2a05:d018:244:5200::ab (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
www.fucktrip.club
dwojj.ladiestofuck.net
www.18plusstream.net
1    52.71.111.21 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-111-21.compute-1.amazonaws.com
totrck.com
11    2.16.186.80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-186-80.deploy.static.akamaitechnologies.com
cdn-bimi.akamaized.net
1    2a00:1450:4001:817::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
mc.yandex.ru
Domain Requested by
11 cdn-bimi.akamaized.net www.18plusstream.net
cdn-bimi.akamaized.net
7 love2nights.com 2 redirects grin23.info
love2nights.com
6 mc.yandex.ru 1 redirects cutt.us
mc.yandex.ru
3 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
2 www.fucktrip.club love2nights.com
www.fucktrip.club
2 www.google-analytics.com www.googletagmanager.com
cutt.us
2 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
2 www.googletagmanager.com cutt.us
www.18plusstream.net
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com cdn-bimi.akamaized.net
1 www.18plusstream.net www.fucktrip.club
1 dwojj.ladiestofuck.net 1 redirects
1 totrck.com 1 redirects
1 www.adultd8.com 1 redirects
1 typerock.com love2nights.com
1 pagead2.googlesyndication.com securepubads.g.doubleclick.net
1 grin23.info cutt.us
1 220812116a78e5d1938cdb8492217978.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 www.googletagservices.com cutt.us
1 cutt.us
43 22

This site contains no links.

Subject Issuer Validity Valid
www.cutt.us
Let's Encrypt Authority X3		 2020-08-01 -
2020-10-30		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-08-11 -
2020-11-03		 3 months crt.sh
love2nights.com
Amazon		 2020-05-07 -
2021-06-07		 a year crt.sh
typerock.com
Amazon		 2020-05-07 -
2021-06-07		 a year crt.sh
fucktrip.club
Sectigo RSA Domain Validation Secure Server CA		 2019-04-30 -
2021-04-21		 2 years crt.sh
*.18plusstream.net
Let's Encrypt Authority X3		 2020-08-18 -
2020-11-16		 3 months crt.sh
a248.e.akamai.net
DigiCert Secure Site ECC CA-1		 2020-07-15 -
2021-09-13		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
mc.yandex.ru
Yandex CA		 2019-09-23 -
2020-09-22		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Frame ID: 05CA57EB3DEE71D129EE61054B57B87F
Requests: 42 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 524A43174BD7F2AC78B4EACBFB7E270B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://cutt.us/lVaIm Page URL
  2. http://grin23.info/ad1?3kwxz9f4 Page URL
  3. https://love2nights.com/tds/cpa?tdsId=p1541tok_r&tds_campaign=p1541tok&utm_source=int&utm_campaign=f... HTTP 302
    https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&t... Page URL
  4. https://love2nights.com/fg/tds/cpa?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_ci... HTTP 302
    https://www.adultd8.com/c/72942d6b800e37ad?s1=70_f576c6ad_ex_onrs&s2=f576c6ad&s3=r0299lav_nt&s5=63f2... HTTP 302
    https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=... Page URL
  5. https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=... Page URL
  6. https://totrck.com/?a=190&c=4614&p=r&s5=376827&s2=vfawm5f3e623465be9842146474 HTTP 302
    https://dwojj.ladiestofuck.net/c/0b78dd593aa286c9?s1=56029&s2=1042291&j1=1&j3=1&s3=190&s5=376827&click_id=2... HTTP 302
    https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291... Page URL

Page Statistics

43
Requests

98 %
HTTPS

60 %
IPv6

20
Domains

22
Subdomains

18
IPs

6
Countries

2058 kB
Transfer

2865 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cutt.us/lVaIm Page URL
  2. http://grin23.info/ad1?3kwxz9f4 Page URL
  3. https://love2nights.com/tds/cpa?tdsId=p1541tok_r&tds_campaign=p1541tok&utm_source=int&utm_campaign=f576c6ad&utm_content={utm_content}&data2={data2}&utm_sub=opnfnl&m=ps HTTP 302
    https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b Page URL
  4. https://love2nights.com/fg/tds/cpa?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&tds_id=p1541tok_r&tds_oid=b&dci=6df545806ea081894891893b6d2d33410763ace2&tds_host=love2nights.com&tdsId=p1541tok_targeting_b&utm_sub=opnfnl&m=ps&p_tds_cid=&tds_reason=direct HTTP 302
    https://www.adultd8.com/c/72942d6b800e37ad?s1=70_f576c6ad_ex_onrs&s2=f576c6ad&s3=r0299lav_nt&s5=63f231d5bc3190a0535c0b254872e9b811bad09c&dci=6df545806ea081894891893b6d2d33410763ace2&tds_host=love2nights.com&tds_split=b&tds_campaign=r0299lav&tds_id=r0299lav_non_target&tds_oid=non-target1&tds_cid=63f231d5bc3190a0535c0b254872e9b811bad09c&tdsId=r0299lav_non_target&s4=%7Butm_content%7D&s6=%7Bdata2%7D&utm_campaign=f576c6ad&utm_source=int&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&utm_sub=opnfnl&m=ps&p_tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&tds_reason=direct HTTP 302
    https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_tmp Page URL
  5. https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_final Page URL
  6. https://totrck.com/?a=190&c=4614&p=r&s5=376827&s2=vfawm5f3e623465be9842146474 HTTP 302
    https://dwojj.ladiestofuck.net/c/0b78dd593aa286c9?s1=56029&s2=1042291&j1=1&j3=1&s3=190&s5=376827&click_id=228435805 HTTP 302
    https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://love2nights.com/tds/cpa?tdsId=p1541tok_r&tds_campaign=p1541tok&utm_source=int&utm_campaign=f576c6ad&utm_content={utm_content}&data2={data2}&utm_sub=opnfnl&m=ps HTTP 302
  • https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
Request Chain 21
  • https://love2nights.com/fg/tds/cpa?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&tds_id=p1541tok_r&tds_oid=b&dci=6df545806ea081894891893b6d2d33410763ace2&tds_host=love2nights.com&tdsId=p1541tok_targeting_b&utm_sub=opnfnl&m=ps&p_tds_cid=&tds_reason=direct HTTP 302
  • https://www.adultd8.com/c/72942d6b800e37ad?s1=70_f576c6ad_ex_onrs&s2=f576c6ad&s3=r0299lav_nt&s5=63f231d5bc3190a0535c0b254872e9b811bad09c&dci=6df545806ea081894891893b6d2d33410763ace2&tds_host=love2nights.com&tds_split=b&tds_campaign=r0299lav&tds_id=r0299lav_non_target&tds_oid=non-target1&tds_cid=63f231d5bc3190a0535c0b254872e9b811bad09c&tdsId=r0299lav_non_target&s4=%7Butm_content%7D&s6=%7Bdata2%7D&utm_campaign=f576c6ad&utm_source=int&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&utm_sub=opnfnl&m=ps&p_tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&tds_reason=direct HTTP 302
  • https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_tmp
Request Chain 38
  • https://mc.yandex.ru/watch/65937478?wmode=7&page-ref=https%3A%2F%2Fwww.fucktrip.club%2Fredirect%2Findex%3Ftype%3Dscript%26to%3DaHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%253D%253D%26data%3DaHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%253D%26action%3Daction_final&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dlemzc5f3e6235349fa218615281%26s1%3D56029%26s2%3D1042291%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&charset=utf-8&browser-info=ti%3A10%3Ans%3A1597923892636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200820134453%3Aet%3A1597923894%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1475730126376%3Arqn%3A1%3Arn%3A937018921%3Ahid%3A938790188%3Ads%3A1%2C62%2C58%2C1%2C611%2C0%2C0%2C203%2C4%2C%2C%2C%2C944%3Afp%3A993%3Awn%3A40797%3Ahl%3A2%3Agdpr%3A14%3Av%3A1916%3Awv%3A2%3Arqnl%3A1%3Ast%3A1597923894%3Au%3A1597923894400687336 HTTP 302
  • https://mc.yandex.ru/watch/65937478/1?wmode=7&page-ref=https%3A%2F%2Fwww.fucktrip.club%2Fredirect%2Findex%3Ftype%3Dscript%26to%3DaHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%253D%253D%26data%3DaHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%253D%26action%3Daction_final&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dlemzc5f3e6235349fa218615281%26s1%3D56029%26s2%3D1042291%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&charset=utf-8&browser-info=ti%3A10%3Ans%3A1597923892636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200820134453%3Aet%3A1597923894%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1475730126376%3Arqn%3A1%3Arn%3A937018921%3Ahid%3A938790188%3Ads%3A1%2C62%2C58%2C1%2C611%2C0%2C0%2C203%2C4%2C%2C%2C%2C944%3Afp%3A993%3Awn%3A40797%3Ahl%3A2%3Agdpr%3A14%3Av%3A1916%3Awv%3A2%3Arqnl%3A1%3Ast%3A1597923894%3Au%3A1597923894400687336

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
lVaIm
cutt.us/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cutt.us/lVaIm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.61.26.121 Atlanta, United States, ASN22653 (GLOBALCOMPASS, US),
Reverse DNS
Software
Hotcores.com /
Resource Hash
a63e57f3fb182fc0a4342c13af2f63f82c35817f8cfba6f55b5eae34f5d53433
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Host
cutt.us
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
Hotcores.com
Date
Thu, 20 Aug 2020 11:43:24 GMT
Content-Type
text/html; Charset=UTF-8;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Cache-Control
no-cache, must-revalidate, max-age=0
Pragma
no-cache
X-Robots-Tag
noindex, nofollow
I-AM
Alpha
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Encoding
gzip
gpt.js
www.googletagservices.com/tag/js/ 		54 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: cutt.us
URL: https://cutt.us/lVaIm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8a4f5e91a710a5d520cc4bd421a52ec118fc14768a59e92149e18cb2cc0b4ace
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 20 Aug 2020 11:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"607 / 878 of 1000 / last-modified: 1597920087"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
18587
x-xss-protection
0
expires
Thu, 20 Aug 2020 11:44:50 GMT
js
www.googletagmanager.com/gtag/ 		89 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-31510493-1
Requested by
Host: cutt.us
URL: https://cutt.us/lVaIm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
16cfd3005d58e6726f4783e6c940c4c703f8455af9eb790c8861f058eb077ea2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 20 Aug 2020 11:44:50 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35774
x-xss-protection
0
last-modified
Thu, 20 Aug 2020 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 20 Aug 2020 11:44:50 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=cutt.us
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 20 Aug 2020 11:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		122 B
184 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=cutt.us
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9e6c6a021b04f0f77f169eafb56160afd36da6338c66c74217ce0c4e2cb405a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 20 Aug 2020 11:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
117
x-xss-protection
0
pubads_impl_2020081701.js
securepubads.g.doubleclick.net/gpt/ 		260 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081701.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
sffe /
Resource Hash
7f8d6c8264157ba49ca4c0fc3df5758b416d42f459b78cb9e67d6aa6e8546de5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 20 Aug 2020 11:44:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 17 Aug 2020 08:38:04 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
93253
x-xss-protection
0
expires
Thu, 20 Aug 2020 11:44:50 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
1750
date
Thu, 20 Aug 2020 11:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Thu, 20 Aug 2020 13:15:40 GMT
collect
www.google-analytics.com/r/ 		35 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1315614&t=pageview&_s=1&dl=https%3A%2F%2Fcutt.us%2FlVaIm&ul=en-us&de=UTF-8&dt=lVaIm&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1409817807&gjid=807299528&cid=849479213.1597923891&tid=UA-31510493-1&_gid=1032199356.1597923891&_r=1&gtm=2ou8c0&z=1762289748
Requested by
Host: cutt.us
URL: https://cutt.us/lVaIm
Protocol
HTTP/2+QUIC/46
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 20 Aug 2020 11:44:50 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		420 B
923 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1648350039107726&correlator=3398423870839544&output=ldjh&impl=fif&adsid=NT&jar=2020-08-20-11&eid=21067119%2C21067071%2C21066706&vrg=2020081701&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200820&iu_parts=5837603%2CCutt_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1597923890&dt=1597923890894&dlt=1597923890660&idt=221&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=1933368604&ucis=1&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcutt.us%2FlVaIm&dssz=10&icsg=680&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x423&msz=0x0&ga_vid=849479213.1597923891&ga_sid=1597923891&ga_hid=1315614&fws=128&ohw=0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081701.js
Protocol
HTTP/2+QUIC/46
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 20 Aug 2020 11:44:50 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
234
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://cutt.us
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
220812116a78e5d1938cdb8492217978.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://220812116a78e5d1938cdb8492217978.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
Cookie set ad1
grin23.info/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://grin23.info/ad1?3kwxz9f4
Requested by
Host: cutt.us
URL: https://cutt.us/lVaIm
Protocol
HTTP/1.1
Server
95.216.99.227 , Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
s62.nska.net
Software
Apache /
Resource Hash
850174971ccdb0dcaa281791080e6d9c95786ff5617d2d758b39d351f4e1ba6f

Request headers

Host
grin23.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:50 GMT
Server
Apache
Expires
Thu, 21 Jul 1977 07:30:00 GMT
Cache-Control
max-age=0
Pragma
no-cache
Set-Cookie
antibot-hostia=true; path=/; domain=grin23.info; expires=Fri, 21-Aug-2020 11:44:50 GMT 847ba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjRcIjoxNTk3OTIzODkwfSxcImNhbXBhaWduc1wiOntcIjJcIjoxNTk3OTIzODkwfSxcInRpbWVcIjoxNTk3OTIzODkwfSJ9.WfuJf-MLuEFWi5qwPJtEaHosWmReXWzn_IBturSONGc; expires=Sun, 20-Sep-2020 11:44:50 GMT; Max-Age=2678400; path=/; domain=.grin23.info
Vary
User-Agent,Accept-Encoding
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Last-Modified
Thu, 20 Aug 2020 11:44:50 GMT
Content-Encoding
gzip
Content-Length
333
Keep-Alive
timeout=3, max=100
Content-Type
text/html; charset=utf-8
sodar
pagead2.googlesyndication.com/getconfig/ 		8 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020081701&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 20 Aug 2020 11:44:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6300
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020081701.js
Protocol
HTTP/2+QUIC/46
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cutt.us/lVaIm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 20 Aug 2020 11:44:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1591403518460474"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5540
x-xss-protection
0
expires
Thu, 20 Aug 2020 11:44:51 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 524A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
HTTP/2+QUIC/46
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/210/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://cutt.us/lVaIm
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://cutt.us/lVaIm

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4590
date
Thu, 20 Aug 2020 11:33:51 GMT
expires
Fri, 20 Aug 2021 11:33:51 GMT
last-modified
Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
660
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
93aca7b332f3404d759e7ea44362eb59
love2nights.com/fg/s/
Redirect Chain
  • https://love2nights.com/tds/cpa?tdsId=p1541tok_r&tds_campaign=p1541tok&utm_source=int&utm_campaign=f576c6ad&utm_content={utm_content}&data2={data2}&utm_sub=opnfnl&m=ps
  • https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%...
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
Requested by
Host: grin23.info
URL: http://grin23.info/ad1?3kwxz9f4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.125.100.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-125-100-153.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
473e86b550cb38237870732fc2fd116510a3103fc30942ccc0d1c67aa5938546

Request headers

:method
GET
:authority
love2nights.com
:scheme
https
:path
/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://grin23.info/ad1?3kwxz9f4
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
AWSALB=zb8cEYAnGuY/5TYHgBevueldyZD7k77iWd2Az37Z7BeLMpF6u/cL3gqH6zljabv5MWq88y8XKu+F9gTSMI07pNKL1t0nShvvAmMK6E9mTpPb1spTh+E6u3Vvpwam; AWSALBCORS=zb8cEYAnGuY/5TYHgBevueldyZD7k77iWd2Az37Z7BeLMpF6u/cL3gqH6zljabv5MWq88y8XKu+F9gTSMI07pNKL1t0nShvvAmMK6E9mTpPb1spTh+E6u3Vvpwam; dci=6df545806ea081894891893b6d2d33410763ace2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://grin23.info/ad1?3kwxz9f4

Response headers

status
200
date
Thu, 20 Aug 2020 11:44:51 GMT
content-type
text/html
server
nginx
set-cookie
AWSALB=kvEvjg2267XmSoJ8SR4iIz1aa7/dH348EgLqS4qWnw7pZgyhNlLuDL5HiOdYYOO7wCcSZOvevLn5XtB3rhfXPCQ5E/QgpPzd/DEtEhSw7ckdF7pe4OGJO0qadkRZ; Expires=Thu, 27 Aug 2020 11:44:51 GMT; Path=/ AWSALBCORS=kvEvjg2267XmSoJ8SR4iIz1aa7/dH348EgLqS4qWnw7pZgyhNlLuDL5HiOdYYOO7wCcSZOvevLn5XtB3rhfXPCQ5E/QgpPzd/DEtEhSw7ckdF7pe4OGJO0qadkRZ; Expires=Thu, 27 Aug 2020 11:44:51 GMT; Path=/; SameSite=None; Secure
accept-ch
UA, Platform, Model, Mobile, Arch
vary
Accept-Encoding
content-encoding
gzip

Redirect headers

status
302
date
Thu, 20 Aug 2020 11:44:51 GMT
server
nginx
set-cookie
AWSALB=zb8cEYAnGuY/5TYHgBevueldyZD7k77iWd2Az37Z7BeLMpF6u/cL3gqH6zljabv5MWq88y8XKu+F9gTSMI07pNKL1t0nShvvAmMK6E9mTpPb1spTh+E6u3Vvpwam; Expires=Thu, 27 Aug 2020 11:44:51 GMT; Path=/ AWSALBCORS=zb8cEYAnGuY/5TYHgBevueldyZD7k77iWd2Az37Z7BeLMpF6u/cL3gqH6zljabv5MWq88y8XKu+F9gTSMI07pNKL1t0nShvvAmMK6E9mTpPb1spTh+E6u3Vvpwam; Expires=Thu, 27 Aug 2020 11:44:51 GMT; Path=/; SameSite=None; Secure dci=6df545806ea081894891893b6d2d33410763ace2; Max-Age=31536000; Domain=.love2nights.com; Path=/; Expires=Fri, 20 Aug 2021 11:44:51 GMT; Secure; SameSite=None
accept-ch
UA, Platform, Model, Mobile, Arch
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
access-control-allow-origin
*
location
/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
style.css
love2nights.com/fg/ 		1 KB
920 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://love2nights.com/fg/style.css
Requested by
Host: love2nights.com
URL: https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.125.100.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-125-100-153.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ea929ab07b7bf2a8848a25d3073bbf9b6b6c9bad34196d4f41e7ae5cbd84bc62

Request headers

Referer
https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 20 Aug 2020 11:44:51 GMT
content-encoding
gzip
last-modified
Thu, 20 Aug 2020 08:22:19 GMT
server
nginx
etag
W/"4b6-1740af62a78"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
status
200
cache-control
public, max-age=6
accept-ranges
bytes
script.js
love2nights.com/fg/ 		1 KB
1013 B 		Script
General
Check archive.org
Download Go to
Full URL
https://love2nights.com/fg/script.js
Requested by
Host: love2nights.com
URL: https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.125.100.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-125-100-153.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
25155bd764665f1335dec24598d5a787888b0faf12c5f03ef4fb58891bff430b

Request headers

Referer
https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 20 Aug 2020 11:44:51 GMT
content-encoding
gzip
last-modified
Thu, 20 Aug 2020 08:22:19 GMT
server
nginx
etag
W/"4d6-1740af62a78"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=6
accept-ranges
bytes
t
love2nights.com/fg/ 		35 B
554 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://love2nights.com/fg/t?_=1597923891724
Requested by
Host: love2nights.com
URL: https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.125.100.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-125-100-153.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Thu, 20 Aug 2020 11:44:51 GMT
server
nginx
accept-ch
UA, Platform, Model, Mobile, Arch
content-type
image/gif
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
8871b6e5dd5347f70db643ace286f45b
typerock.com/43fbb6270523e1760fa5f0d2579dea07/ 		35 B
722 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://typerock.com/43fbb6270523e1760fa5f0d2579dea07/8871b6e5dd5347f70db643ace286f45b?tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&dci=6df545806ea081894891893b6d2d33410763ace2
Requested by
Host: love2nights.com
URL: https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.254.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-254-183.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 20 Aug 2020 11:44:52 GMT
server
nginx
status
200
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
access-control-allow-credentials
true
accept-ch
UA, Platform, Model, Mobile, Arch
content-type
image/gif
t2
love2nights.com/fg/ 		35 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://love2nights.com/fg/t2?_=1597923891724
Requested by
Host: love2nights.com
URL: https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.125.100.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-125-100-153.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Thu, 20 Aug 2020 11:44:52 GMT
server
nginx
accept-ch
UA, Platform, Model, Mobile, Arch
content-type
image/gif
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
index
www.fucktrip.club/redirect/
Redirect Chain
  • https://love2nights.com/fg/tds/cpa?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&tds_id...
  • https://www.adultd8.com/c/72942d6b800e37ad?s1=70_f576c6ad_ex_onrs&s2=f576c6ad&s3=r0299lav_nt&s5=63f231d5bc3190a0535c0b254872e9b811bad09c&dci=6df545806ea081894891893b6d2d33410763ace2&tds_host=love2n...
  • https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDI...
241 B
316 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_tmp
Requested by
Host: love2nights.com
URL: https://love2nights.com/fg/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:244:5200::ab Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

:method
GET
:authority
www.fucktrip.club
:scheme
https
:path
/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_tmp
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://love2nights.com/fg/s/93aca7b332f3404d759e7ea44362eb59?utm_campaign=f576c6ad&utm_source=int&tds_campaign=p1541tok&tds_cid=a95d8a6f824653ec25646e2d21d3eaa878263008&utm_content=%7Butm_content%7D&data2=%7Bdata2%7D&__t=1597923891514&__l=60&tds_id=p1541tok_r&tds_oid=b

Response headers

status
200
server
nginx
date
Thu, 20 Aug 2020 11:44:52 GMT
content-type
text/html; charset=UTF-8
content-length
241

Redirect headers

status
302 302 Found
date
Thu, 20 Aug 2020 11:44:52 GMT
content-type
text/html; charset=UTF-8
content-length
0
location
https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_tmp
server
nginx
set-cookie
unique_3152273=unique_3152273; expires=Fri, 21-Aug-2020 11:44:52 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5f3e623465bee243288615; expires=Fri, 21-Aug-2020 11:44:52 GMT; Max-Age=86400; path=/; HttpOnly unique_3152273=unique_3152273; expires=Fri, 21-Aug-2020 11:44:52 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5f3e623465bee243288615; expires=Fri, 21-Aug-2020 11:44:52 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=376827; expires=Sat, 19-Sep-2020 11:44:52 GMT; Max-Age=2592000; path=/; HttpOnly unique_3152273=unique_3152273; expires=Fri, 21-Aug-2020 11:44:52 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5f3e623465bee243288615; expires=Fri, 21-Aug-2020 11:44:52 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=376827; expires=Sat, 19-Sep-2020 11:44:52 GMT; Max-Age=2592000; path=/; HttpOnly tid=vfawm5f3e623465be9842146474; path=/; HttpOnly
index
www.fucktrip.club/redirect/ 		115 B
189 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_final
Requested by
Host: www.fucktrip.club
URL: https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_tmp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:244:5200::ab Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
743a78083c4ac2aed173e0c73527d60fe08ce1a7d1b78b274d8ba236a977ce27

Request headers

:method
GET
:authority
www.fucktrip.club
:scheme
https
:path
/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_final
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_tmp
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_tmp

Response headers

status
200
server
nginx
date
Thu, 20 Aug 2020 11:44:52 GMT
content-type
text/html; charset=UTF-8
content-length
115
Primary Request 4c8a669b83e6c2d3
www.18plusstream.net/c/
Redirect Chain
  • https://totrck.com/?a=190&c=4614&p=r&s5=376827&s2=vfawm5f3e623465be9842146474
  • https://dwojj.ladiestofuck.net/c/0b78dd593aa286c9?s1=56029&s2=1042291&j1=1&j3=1&s3=190&s5=376827&click_id=228435805
  • https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Requested by
Host: www.fucktrip.club
URL: https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_final
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:244:5200::ab Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
339b094f80e0fc5ceab516aca8e8644e2a1e348814a2abb282196b6ea2de9b93

Request headers

:method
GET
:authority
www.18plusstream.net
:scheme
https
:path
/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_final
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.fucktrip.club/redirect/index?type=script&to=aHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%3D%3D&data=aHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%3D&action=action_final

Response headers

status
200
server
nginx
date
Thu, 20 Aug 2020 11:44:53 GMT
content-type
text/html; charset=UTF-8
set-cookie
unique_3122229=unique_3122229; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly unique_3122229=unique_3122229; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=411736_56029_1042291; expires=Sat, 19-Sep-2020 11:44:53 GMT; Max-Age=2592000; path=/; HttpOnly unique_3122229=unique_3122229; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=411736_56029_1042291; expires=Sat, 19-Sep-2020 11:44:53 GMT; Max-Age=2592000; path=/; HttpOnly
content-encoding
gzip

Redirect headers

status
302 302 Found
server
nginx
date
Thu, 20 Aug 2020 11:44:53 GMT
content-type
text/html; charset=UTF-8
content-length
0
location
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
set-cookie
unique_3152834=unique_3152834; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly unique_3152834=unique_3152834; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=490652_56029_1042291; expires=Sat, 19-Sep-2020 11:44:53 GMT; Max-Age=2592000; path=/; HttpOnly unique_3152834=unique_3152834; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 11:44:53 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=490652_56029_1042291; expires=Sat, 19-Sep-2020 11:44:53 GMT; Max-Age=2592000; path=/; HttpOnly tid=lemzc5f3e6235349fa218615281; path=/; HttpOnly
main.css
cdn-bimi.akamaized.net/landings/194623/1595422478/css/ 		17 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Requested by
Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
954e12847f46ed105bd1d56cff510d55a82cb14024bcbc629734650d8b57288a

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Jul 2020 12:54:41 GMT
Server
AmazonS3
x-amz-request-id
21A4E627345DCCB8
ETag
"89e6bf4845f2b95fcbdbe1247b107675"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2968
x-amz-id-2
Q9FeSCZ1OQ3VggDGiHx03gkH2cuEW62wcKT+4aQrgiuyCkAUzs3v5rETj3bR+12bnJV1umww594=
script.min.js
cdn-bimi.akamaized.net/landings/194623/1595422478/js/ 		252 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/js/script.min.js?1595422478
Requested by
Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
322d600431f53fb186989dad7e4ed1365b0d3012a808cd114390855a0dce16a6

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Jul 2020 12:54:41 GMT
Server
AmazonS3
x-amz-request-id
759C4B50044989EC
ETag
"28c2e529f18ba1afa7f17dc8776448d0"
Vary
Accept-Encoding
Content-Type
text/javascript
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
x-amz-id-2
+iO4ekfn1ogYeTkUXszZ/XYLZOgLM1r6nwE/zQkMFDkeRihKfJBqLiDsdBxB8moUIX4C4jh8i/g=
function.js
cdn-bimi.akamaized.net/landings/194623/1595422478/js/ 		768 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/js/function.js?1595422478
Requested by
Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
c4e62e899d387cd5be4770f35d30a90a4a0b7690e5a70fe510d61192a55df2fb

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Last-Modified
Wed, 22 Jul 2020 12:54:41 GMT
Server
AmazonS3
x-amz-request-id
BA41F46C91831DFC
ETag
"26b0713adea8f1ba936e44ca1dde0b9c"
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
768
x-amz-id-2
3M8hlheHecNnOJ6p6kVI8a5UlNZRqEKj9oPi85rmIUoaA7Fq2TA+31gXj4Xy3LUfq1O7uqXNwKY=
translate.js
cdn-bimi.akamaized.net/landings/194623/1595422478/js/ 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/js/translate.js?1595422478
Requested by
Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
0aa575ab7a50d63721a0bdc438eb3b4e627e372256c9e7007ae2523f02d191e3

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Jul 2020 12:54:41 GMT
Server
AmazonS3
x-amz-request-id
90ACAB32D16160AE
ETag
"cf2d0554e35d77b3b6c00a8d6e2ec90f"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9148
x-amz-id-2
HjtOxgIRN1gaRzJ7yU64EsaTrZynyC3edKHN0YrrBjLB6sku4M688lstkASXZcQbF7gbihvZqig=
css
fonts.googleapis.com/ 		767 B
475 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato&subset=latin-ext
Requested by
Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b4723b5b14abe7a2062b65bf79b4d5d1e575e786a439e61ff95a38e7e9e140e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 20 Aug 2020 11:44:53 GMT
server
ESF
date
Thu, 20 Aug 2020 11:44:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 20 Aug 2020 11:44:53 GMT
gtm.js
www.googletagmanager.com/ 		67 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PPJGZHL
Requested by
Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Protocol
HTTP/2+QUIC/46
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
13888d461889156b3256da7c850fb6e999cbb0db89078b25dd86fef1d0fe5692
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 20 Aug 2020 11:44:53 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26758
x-xss-protection
0
last-modified
Thu, 20 Aug 2020 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 20 Aug 2020 11:44:53 GMT
no.png
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/no.png
Requested by
Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1

Request headers

Referer
https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Last-Modified
Wed, 22 Jul 2020 12:54:40 GMT
Server
AmazonS3
x-amz-request-id
D7C471323FF0BFEC
ETag
"e51438397f6333f22081857d4236efca"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3134
x-amz-id-2
4c3fTXTz9l739Vrx2/ND/wCobkb6OG49uP5EWq73WghKMiHrqjwW1mLaM0XO5kh3PK8oijrGREk=
yes.png
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/yes.png
Requested by
Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43

Request headers

Referer
https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Last-Modified
Wed, 22 Jul 2020 12:54:40 GMT
Server
AmazonS3
x-amz-request-id
5G5Y3K8S0ZFMBQFP
ETag
"3d0dab8337c085af1541ee5b7d63b53b"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3480
x-amz-id-2
qkmJgujjO+3Lc+mB5I1XXHcKiW/Mz7EZxO6PN6O7U1oyoh+oU+vFxxv+6u/mDZEdBtXiBfK59Tg=
1.jpg
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 		324 KB
324 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/1.jpg
Requested by
Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2fe7cbf09c6957a5c0c5f6a9a52bd1e61b3aead25847c722f868cac98e90ec14

Request headers

Referer
https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Last-Modified
Wed, 22 Jul 2020 12:54:40 GMT
Server
AmazonS3
x-amz-request-id
1A42067328D5490C
ETag
"a5e3d2d66bb3df71a19fe51d020c4c79"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
331464
x-amz-id-2
wSGHhf2qxiZPceiuXOxd5llCNt52TyHFGM8H9hk4/u92NWxM3EDOeOF3o7ih/bL3yDy8GR2qJY8=
pattern.png
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/pattern.png
Requested by
Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004

Request headers

Referer
https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Last-Modified
Wed, 22 Jul 2020 12:54:40 GMT
Server
AmazonS3
x-amz-request-id
31D1FA9BA01D97D7
ETag
"f06b5903c3ed5ef39db9b98b60deba70"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2801
x-amz-id-2
ylUd+YtLiFHMzO0SA+5Uww0NGmuMSBmlUPRr0FR6KaLmDZDVv6SFZHcZjMLxCdsj+Q2KA3U9a+s=
2.jpg
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 		489 KB
490 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/2.jpg
Requested by
Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
9b5daf91bc0b4b1f63ec35edce8c797ee41fa07dd3619b46177f5ae9ef10d5ef

Request headers

Referer
https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Last-Modified
Wed, 22 Jul 2020 12:54:41 GMT
Server
AmazonS3
x-amz-request-id
8528A2977BCF7F98
ETag
"a0e8cb9f3384d53d3dd7321a5f6c3edf"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
501082
x-amz-id-2
ZE5oeE/ihUwvhraALmyCX8ThX1Gl9k71yN0RKvGVmPfSIcXr6gRubO/iqF8GkgrH8gV9IZcmKUU=
3.jpg
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 		355 KB
356 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/3.jpg
Requested by
Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
bc6998d9501b76f353c2984a0a30bac78f7e2a543848796e738b9b82e3396bc0

Request headers

Referer
https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Last-Modified
Wed, 22 Jul 2020 12:54:41 GMT
Server
AmazonS3
x-amz-request-id
A90F0587F3302701
ETag
"ac4d35b2de308f28ec0918b978ed47a4"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
363681
x-amz-id-2
lBim/SVBmt/YqQcS7H6elC152ONTeypxZOZXgTfAHaXW3OcxS8iH3inzhza6TbKyoCO1GyRKF24=
4.jpg
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 		464 KB
465 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/4.jpg
Requested by
Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
66ef250a284f56f2ffe6fb74c4cf8009626266279d9d1d87f046d0eee0d53a42

Request headers

Referer
https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Last-Modified
Wed, 22 Jul 2020 12:54:41 GMT
Server
AmazonS3
x-amz-request-id
2AD4E973E0F64240
ETag
"d90faf35ca8d01c48bd475f45859f821"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
475311
x-amz-id-2
7rUZkCyfvU6tuogdT6odkof56Mf6WmONAcbYUGR5BT75lgJhz6IqwELe1m22i2tH9TdNWQ2Dd4M=
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.18plusstream.net
Referer
https://fonts.googleapis.com/css?family=Lato&subset=latin-ext
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 11 Aug 2020 23:41:53 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:55 GMT
server
sffe
age
734580
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
expires
Wed, 11 Aug 2021 23:41:53 GMT
tag.js
mc.yandex.ru/metrika/ 		365 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: cutt.us
URL: https://cutt.us/lVaIm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
b69418f0a804f48b7bac08bc2c6cb54de2921e382c0d280dda2c616dec3dbde5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:53 GMT
Content-Encoding
br
Last-Modified
Tue, 18 Aug 2020 11:06:25 GMT
Server
nginx/1.14.2
ETag
"5f27cdbf-1743e"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
95294
Expires
Thu, 20 Aug 2020 12:44:53 GMT
1
mc.yandex.ru/watch/65937478/
Redirect Chain
  • https://mc.yandex.ru/watch/65937478?wmode=7&page-ref=https%3A%2F%2Fwww.fucktrip.club%2Fredirect%2Findex%3Ftype%3Dscript%26to%3DaHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%253D%253D%26data%3DaHR0cHM6Ly90b3Ry...
  • https://mc.yandex.ru/watch/65937478/1?wmode=7&page-ref=https%3A%2F%2Fwww.fucktrip.club%2Fredirect%2Findex%3Ftype%3Dscript%26to%3DaHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%253D%253D%26data%3DaHR0cHM6Ly90b3...
167 B
723 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/65937478/1?wmode=7&page-ref=https%3A%2F%2Fwww.fucktrip.club%2Fredirect%2Findex%3Ftype%3Dscript%26to%3DaHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%253D%253D%26data%3DaHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%253D%26action%3Daction_final&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dlemzc5f3e6235349fa218615281%26s1%3D56029%26s2%3D1042291%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&charset=utf-8&browser-info=ti%3A10%3Ans%3A1597923892636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200820134453%3Aet%3A1597923894%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1475730126376%3Arqn%3A1%3Arn%3A937018921%3Ahid%3A938790188%3Ads%3A1%2C62%2C58%2C1%2C611%2C0%2C0%2C203%2C4%2C%2C%2C%2C944%3Afp%3A993%3Awn%3A40797%3Ahl%3A2%3Agdpr%3A14%3Av%3A1916%3Awv%3A2%3Arqnl%3A1%3Ast%3A1597923894%3Au%3A1597923894400687336
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
85c9cb6588d8d8f3e8c30242deb6ef1e591bbf8f91e3b4cf6fb2d2d32b0404b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 20 Aug 2020 11:44:54 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 20-Aug-2020 11:44:54 GMT
Server
nginx/1.14.2
Strict-Transport-Security
max-age=31536000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.18plusstream.net
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
167
X-XSS-Protection
1; mode=block
Expires
Thu, 20-Aug-2020 11:44:54 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 20 Aug 2020 11:44:54 GMT
Last-Modified
Thu, 20-Aug-2020 11:44:54 GMT
Server
nginx/1.14.2
Access-Control-Allow-Origin
https://www.18plusstream.net
Strict-Transport-Security
max-age=31536000
Location
/watch/65937478/1?wmode=7&page-ref=https%3A%2F%2Fwww.fucktrip.club%2Fredirect%2Findex%3Ftype%3Dscript%26to%3DaHR0cHM6Ly93d3cuZnVja3RyaXAuY2x1Yg%253D%253D%26data%3DaHR0cHM6Ly90b3RyY2suY29tLz9hPTE5MCZjPTQ2MTQmcD1yJnM1PTM3NjgyNyZzMj12ZmF3bTVmM2U2MjM0NjViZTk4NDIxNDY0NzQ%253D%26action%3Daction_final&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dlemzc5f3e6235349fa218615281%26s1%3D56029%26s2%3D1042291%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&charset=utf-8&browser-info=ti%3A10%3Ans%3A1597923892636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200820134453%3Aet%3A1597923894%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1475730126376%3Arqn%3A1%3Arn%3A937018921%3Ahid%3A938790188%3Ads%3A1%2C62%2C58%2C1%2C611%2C0%2C0%2C203%2C4%2C%2C%2C%2C944%3Afp%3A993%3Awn%3A40797%3Ahl%3A2%3Agdpr%3A14%3Av%3A1916%3Awv%3A2%3Arqnl%3A1%3Ast%3A1597923894%3Au%3A1597923894400687336
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Thu, 20-Aug-2020 11:44:54 GMT
advert.gif
mc.yandex.ru/metrika/ 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/metrika/advert.gif
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 20 Aug 2020 11:44:54 GMT
Last-Modified
Mon, 06 Jul 2020 15:32:05 GMT
Server
nginx/1.14.2
ETag
"5f0343f5-2b"
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 20 Aug 2020 12:44:54 GMT
65937478
mc.yandex.ru/webvisor/ 		43 B
543 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/65937478?wmode=0&rn=575793695&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dlemzc5f3e6235349fa218615281%26s1%3D56029%26s2%3D1042291%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&wv-type=3&wv-hit=938790188&wv-part=1&browser-info=ti%3A8%3Aet%3A1597923894%3Aw%3A1600x1200%3Av%3A1916%3Az%3A120%3Ai%3A20200820134453%3Abt%3A1%3Ast%3A1597923896%3Au%3A1597923894400687336
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 20 Aug 2020 11:44:56 GMT
Last-Modified
Thu, 20-Aug-2020 11:44:56 GMT
Server
nginx/1.14.2
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.18plusstream.net
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
Thu, 20-Aug-2020 11:44:56 GMT
65937478
mc.yandex.ru/webvisor/ 		43 B
543 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/65937478?wmode=0&rn=287496449&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dlemzc5f3e6235349fa218615281%26s1%3D56029%26s2%3D1042291%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&wv-type=3&wv-hit=938790188&wv-part=1&browser-info=ti%3A8%3Aet%3A1597923894%3Aw%3A1600x1200%3Av%3A1916%3Az%3A120%3Ai%3A20200820134453%3Ast%3A1597923896%3Au%3A1597923894400687336
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=lemzc5f3e6235349fa218615281&s1=56029&s2=1042291&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 20 Aug 2020 11:44:56 GMT
Last-Modified
Thu, 20-Aug-2020 11:44:56 GMT
Server
nginx/1.14.2
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.18plusstream.net
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
Thu, 20-Aug-2020 11:44:56 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery object| langs object| dataLayer boolean| exit object| google_tag_manager number| th_bridge_jump_step function| ym object| Ya object| yaCounter65937478 number| chromeVersion

5 Cookies

Domain/Path Name / Value
.18plusstream.net/ Name: _ym_uid
Value: 1597923894400687336
www.18plusstream.net/ Name: unique_id
Value: 5ed2298bac537218526104
.18plusstream.net/ Name: _ym_d
Value: 1597923894
www.18plusstream.net/ Name: scriptHash
Value: 411736_56029_1042291
www.18plusstream.net/ Name: unique_3122229
Value: unique_3122229

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

220812116a78e5d1938cdb8492217978.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
cdn-bimi.akamaized.net
cutt.us
dwojj.ladiestofuck.net
fonts.googleapis.com
fonts.gstatic.com
grin23.info
love2nights.com
mc.yandex.ru
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
totrck.com
tpc.googlesyndication.com
typerock.com
www.18plusstream.net
www.adultd8.com
www.fucktrip.club
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
2.16.186.80
216.58.212.162
2a00:1450:4001:801::200e
2a00:1450:4001:802::2008
2a00:1450:4001:80b::2001
2a00:1450:4001:817::200a
2a00:1450:4001:818::2002
2a00:1450:4001:81a::2003
2a00:1450:4001:81c::2001
2a00:1450:4001:81d::2001
2a00:1450:4001:820::2002
2a00:1450:4001:820::2008
2a02:6b8::1:119
2a05:d018:244:5200::ab
3.124.157.134
3.125.100.153
35.158.254.183
52.71.111.21
69.61.26.121
95.216.99.227
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0aa575ab7a50d63721a0bdc438eb3b4e627e372256c9e7007ae2523f02d191e3
13888d461889156b3256da7c850fb6e999cbb0db89078b25dd86fef1d0fe5692
16cfd3005d58e6726f4783e6c940c4c703f8455af9eb790c8861f058eb077ea2
25155bd764665f1335dec24598d5a787888b0faf12c5f03ef4fb58891bff430b
2fe7cbf09c6957a5c0c5f6a9a52bd1e61b3aead25847c722f868cac98e90ec14
322d600431f53fb186989dad7e4ed1365b0d3012a808cd114390855a0dce16a6
339b094f80e0fc5ceab516aca8e8644e2a1e348814a2abb282196b6ea2de9b93
473e86b550cb38237870732fc2fd116510a3103fc30942ccc0d1c67aa5938546
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
66ef250a284f56f2ffe6fb74c4cf8009626266279d9d1d87f046d0eee0d53a42
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
743a78083c4ac2aed173e0c73527d60fe08ce1a7d1b78b274d8ba236a977ce27
7f8d6c8264157ba49ca4c0fc3df5758b416d42f459b78cb9e67d6aa6e8546de5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
850174971ccdb0dcaa281791080e6d9c95786ff5617d2d758b39d351f4e1ba6f
85c9cb6588d8d8f3e8c30242deb6ef1e591bbf8f91e3b4cf6fb2d2d32b0404b8
8a4f5e91a710a5d520cc4bd421a52ec118fc14768a59e92149e18cb2cc0b4ace
954e12847f46ed105bd1d56cff510d55a82cb14024bcbc629734650d8b57288a
9b5daf91bc0b4b1f63ec35edce8c797ee41fa07dd3619b46177f5ae9ef10d5ef
9e6c6a021b04f0f77f169eafb56160afd36da6338c66c74217ce0c4e2cb405a7
a63e57f3fb182fc0a4342c13af2f63f82c35817f8cfba6f55b5eae34f5d53433
b4723b5b14abe7a2062b65bf79b4d5d1e575e786a439e61ff95a38e7e9e140e9
b69418f0a804f48b7bac08bc2c6cb54de2921e382c0d280dda2c616dec3dbde5
bc6998d9501b76f353c2984a0a30bac78f7e2a543848796e738b9b82e3396bc0
c4e62e899d387cd5be4770f35d30a90a4a0b7690e5a70fe510d61192a55df2fb
ea929ab07b7bf2a8848a25d3073bbf9b6b6c9bad34196d4f41e7ae5cbd84bc62
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1