Submitted URL: http://speedflow.io/adult/?a=rr
Effective URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclit...
Submission Tags: demotag1 demotag2 Search All
Submission: On November 08 via api from US

Summary

This website contacted 10 IPs in 5 countries across 11 domains to perform 25 HTTP transactions. The main IP is 2606:4700:3036::681b:bd5f, located in United States and belongs to CLOUDFLARENET, US. The main domain is baise-une-coquine.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 10th 2020. Valid for: a year.
This is the only time baise-une-coquine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 198.54.116.135 22612 (NAMECHEAP...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 95.211.229.246 60781 (LEASEWEB-...)
1 162.213.255.36 22612 (NAMECHEAP...)
1 4 107.170.39.103 14061 (DIGITALOC...)
1 35.190.72.161 15169 (GOOGLE)
1 2a04:4e42:1b:... 54113 (FASTLY)
1 6 18.192.7.22 16509 (AMAZON-02)
2 2 18.195.149.11 16509 (AMAZON-02)
1 1 34.248.244.161 16509 (AMAZON-02)
8 2606:4700:303... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
25 10
Domain Requested by
8 baise-une-coquine.com ads.adextrem.com
baise-une-coquine.com
6 ads.adextrem.com 1 redirects traffdaq.com
baise-une-coquine.com
ads.adextrem.com
4 traffdaq.com 1 redirects speedflow.io
traffdaq.com
3 fonts.gstatic.com baise-une-coquine.com
2 vasy.clickmoileclito.com 2 redirects
1 da.off3riz.com 1 redirects
1 cdn.jsdelivr.net traffdaq.com
1 c.securepaths.com traffdaq.com
1 manyhit.com speedflow.io
1 syndication.realsrv.com a.realsrv.com
1 a.realsrv.com speedflow.io
1 speedflow.io
25 12

This site contains links to these domains. Also see Links.

Domain
vasy.clickmoileclito.com
Subject Issuer Validity Valid
realsrv.com
Let's Encrypt Authority X3
2020-10-26 -
2021-01-24
3 months crt.sh
traffdaq.com
Let's Encrypt Authority X3
2020-10-31 -
2021-01-29
3 months crt.sh
*.securepaths.com
Let's Encrypt Authority X3
2020-09-22 -
2020-12-21
3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-26 -
2021-04-17
6 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-07-10 -
2021-07-10
a year crt.sh
*.adextrem.com
Amazon
2020-01-09 -
2021-02-09
a year crt.sh
*.gstatic.com
GTS CA 1O1
2020-10-20 -
2021-01-12
3 months crt.sh

This page contains 4 frames:

Primary Page: https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Frame ID: DD57D7686F233A63E2DFFBAD05C71C82
Requests: 22 HTTP requests in this frame

Frame: http://syndication.realsrv.com/ads-iframe-display.php?idzone=4053336&type=900x250&p=http%3A//speedflow.io/adult/%3Fa%3Drr&dt=1604801323558&sub=&tags=&screen_resolution=1600x1200&el=%22
Frame ID: E779321B29E7CDAABBC29E9E78173C14
Requests: 1 HTTP requests in this frame

Frame: http://manyhit.com/autosurf_if.php?user=speedflow
Frame ID: C357D5838EF096152C4A8FEDFB402CCB
Requests: 1 HTTP requests in this frame

Frame: https://ads.adextrem.com/push/ifp.php?slot=4
Frame ID: E4A41E59C77D274852DF0E319300BFA6
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://speedflow.io/adult/?a=rr Page URL
  2. http://traffdaq.com/delivery/dl/47382?category=ebony HTTP 301
    https://traffdaq.com/delivery/dl/47382?category=ebony Page URL
  3. https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6ImozTDhKUVBPMHE5Wm9NK0FCUHZUK2c9PSIsI... Page URL
  4. http://ads.adextrem.com/delivery/directlink.php?slot=8297 Page URL
  5. http://ads.adextrem.com/delivery/directlink.php?slot=8297&fp2=AX1|tz:-60|w:1600|h:1200|ua:Mozilla/5.... HTTP 302
    https://vasy.clickmoileclito.com/b5d5f93e-32ea-4512-8758-ada5e50d4de3?adxzoneid=8297&adxdomain=&adxcampaignid... HTTP 302
    https://da.off3riz.com/aff_c?offer_id=889&aff_id=1001&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k&source=8297... HTTP 302
    https://vasy.clickmoileclito.com/707fc582-e801-4927-b201-912f81fb1085?transaction_id=10298da078fe6e22b6abdfd3... HTTP 302
    https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

25
Requests

84 %
HTTPS

33 %
IPv6

11
Domains

12
Subdomains

10
IPs

5
Countries

807 kB
Transfer

965 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://speedflow.io/adult/?a=rr Page URL
  2. http://traffdaq.com/delivery/dl/47382?category=ebony HTTP 301
    https://traffdaq.com/delivery/dl/47382?category=ebony Page URL
  3. https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6ImozTDhKUVBPMHE5Wm9NK0FCUHZUK2c9PSIsInZhbHVlIjoiZnVpcFpieGZ0OGpOWjF1cUdQajBvQ2VDTEdBSGwwUHVOOFRtckpQK2gxZnl5NitGNmJRUjV5enFLMlptcFIwRmFmc1ZBR0ZXeE40eVJKSDNuK1wvN0loTHRhVENnbmtSb2tQNUREUW5IU0xQa0ZiXC90dUJSVjBxdlFrWFRYUTFhQWFaYmJnRVBpUmFJQlI4ZkQ1YlwvWkdYSVVtSlR0QXNiMGhiak5JNzgzNzB3RksxSXcwZFljZVNjQ2NCNlUyTHRWRVE2bzV3WE9ZdTdHaGVZejBSZVVjamFHb2tseldkVVU2V2djaE0zclN0eEFnRjZYNlwvT1dIZDNwVDhkb21GZ1FFSUhTdXBPY3BCTGgyVGxZSm9Cb1R1NEJ2c1Y4VU1wN1orc05mRDZUWTJZcXhmRWF2XC9hdlFSTVR5TFBkNHQrTiIsIm1hYyI6IjkxMzFhZDRkYzIzNzdiMGQzYzA0NmVkYmFhMzRiMDAzMmI1ZTZlZTIwMGJjNWQ2ZDAwMzZmYWMzNWM3YmFiMGQifQ%3D%3D&fp=66abd220fd1aeed21a48c2d9b60f0bf8 Page URL
  4. http://ads.adextrem.com/delivery/directlink.php?slot=8297 Page URL
  5. http://ads.adextrem.com/delivery/directlink.php?slot=8297&fp2=AX1|tz:-60|w:1600|h:1200|ua:Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36|lng:en-US|IP:82.102.18.114&allowcookie=true&setreferrer= HTTP 302
    https://vasy.clickmoileclito.com/b5d5f93e-32ea-4512-8758-ada5e50d4de3?adxzoneid=8297&adxdomain=&adxcampaignid=1418&adxmaterialname=&adxcost=0&adxcid=rkPvpLXDA3bckDFrUth6jkFOc6b5TpZlzP6DB4rlVrmfURwPl3utCYhD4iixxi8L HTTP 302
    https://da.off3riz.com/aff_c?offer_id=889&aff_id=1001&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k&source=8297&aff_sub3=1418&aff_sub5= HTTP 302
    https://vasy.clickmoileclito.com/707fc582-e801-4927-b201-912f81fb1085?transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k HTTP 302
    https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • http://traffdaq.com/delivery/dl/47382?category=ebony HTTP 301
  • https://traffdaq.com/delivery/dl/47382?category=ebony

25 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
speedflow.io/adult/
1021 B
1 KB
Document
General
Full URL
http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Server
198.54.116.135 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server193-5.web-hosting.com
Software
Apache / PHP/7.1.33
Resource Hash
67e228f50a90c3fc7e9d44ceb82e118a37b4588849bcaefe9be29fa6bba6f440

Request headers

Host
speedflow.io
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr

Response headers

date
Sun, 08 Nov 2020 02:08:43 GMT
server
Apache
x-powered-by
PHP/7.1.33
set-cookie
visits_todaya=1; expires=Sun, 08-Nov-2020 22:59:00 GMT; Max-Age=75017; path=/ time_start=1604801323.4529; expires=Sun, 08-Nov-2020 22:59:00 GMT; Max-Age=75017; path=/ ip=82.102.18.114 mobile=0 country=PT visits_todayi=0; expires=Sun, 08-Nov-2020 22:59:00 GMT; Max-Age=75017; path=/
accept-ranges
none
vary
Accept-Encoding
content-encoding
gzip
content-length
543
content-type
text/html; charset=UTF-8
ads.js
a.realsrv.com/
2 KB
1 KB
Script
General
Full URL
https://a.realsrv.com/ads.js
Requested by
Host: speedflow.io
URL: http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
d3f814d49049b29143de2fccdbd97d0a1f0739e2554c482684c7c906b535ea43

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 08 Nov 2020 02:08:43 GMT
Content-Encoding
gzip
X-HW
1604801323.dop057.fr8.shc,1604801323.dop057.fr8.t,1604801323.cds129.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
928
Cookie set ads-iframe-display.php
syndication.realsrv.com/ Frame E779
0
0
Document
General
Full URL
http://syndication.realsrv.com/ads-iframe-display.php?idzone=4053336&type=900x250&p=http%3A//speedflow.io/adult/%3Fa%3Drr&dt=1604801323558&sub=&tags=&screen_resolution=1600x1200&el=%22
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/ads.js
Protocol
HTTP/1.1
Server
95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Host
syndication.realsrv.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://speedflow.io/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://speedflow.io/

Response headers

Server
nginx
Date
Sun, 08 Nov 2020 02:08:43 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, must-revalidate
Pragma
no-cache
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
__uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%225fa7532b944583.632513562717246675%22%3B%7D; expires=Tue, 08 Nov 2022 02:08:43 GMT; path=; domain=.realsrv.com;
Content-Encoding
gzip
autosurf_if.php
manyhit.com/ Frame C357
0
0
Document
General
Full URL
http://manyhit.com/autosurf_if.php?user=speedflow
Requested by
Host: speedflow.io
URL: http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Server
162.213.255.36 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server145-4.web-hosting.com
Software
Apache / PHP/5.4.45
Resource Hash

Request headers

Host
manyhit.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://speedflow.io/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://speedflow.io/

Response headers

date
Sun, 08 Nov 2020 02:08:43 GMT
server
Apache
x-powered-by
PHP/5.4.45
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=7db55123a59838cbf96303cde4b37f49; path=/
vary
Accept-Encoding
content-encoding
gzip
content-length
1270
content-type
text/html
47382
traffdaq.com/delivery/dl/
Redirect Chain
  • http://traffdaq.com/delivery/dl/47382?category=ebony
  • https://traffdaq.com/delivery/dl/47382?category=ebony
3 KB
2 KB
Document
General
Full URL
https://traffdaq.com/delivery/dl/47382?category=ebony
Requested by
Host: speedflow.io
URL: http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash
ad609376e5ceadbeffe0feeade48d8a4f228b711b5e59367703b61c84992b7f9

Request headers

Host
traffdaq.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://speedflow.io/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://speedflow.io/adult/?a=rr

Response headers

Server
nginx/1.16.1 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Cache-Control
no-cache
Date
Sun, 08 Nov 2020 02:08:44 GMT
Content-Encoding
gzip

Redirect headers

Content-length
0
Location
https://traffdaq.com/delivery/dl/47382?category=ebony
Connection
close
eyJpdiI6Ilp5NFBMb2tCR1QrbldtbktlTFBqYkE9PSIsInZhbHVlIjoiSnhaWkRPUklJWnZjc2VJNE9takN4eGdHSkJoXC94VnBaUit3R2tGcUV4WWRUenFFd29JejY3M1hGOVh1QkZweHg3T2dPNWd1K1VqUVBxbHpobkRpYnN3PT0iLCJtYWMiOiIxMjJiZjlmM...
traffdaq.com/users/track/
0
854 B
Image
General
Full URL
https://traffdaq.com/users/track/eyJpdiI6Ilp5NFBMb2tCR1QrbldtbktlTFBqYkE9PSIsInZhbHVlIjoiSnhaWkRPUklJWnZjc2VJNE9takN4eGdHSkJoXC94VnBaUit3R2tGcUV4WWRUenFFd29JejY3M1hGOVh1QkZweHg3T2dPNWd1K1VqUVBxbHpobkRpYnN3PT0iLCJtYWMiOiIxMjJiZjlmMmQ4NTEzZjAwNjE2YmY2YzYzNWM3YjExYzA5YmNiZjljZGVkNzA2YjhlMjQwMGVkNzRiNmU0Y2E0In0%3D
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=ebony
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 08 Nov 2020 02:08:44 GMT
Cache-Control
no-cache
Server
nginx/1.16.1 (Ubuntu)
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
implement.js
c.securepaths.com/js/
0
0
Script
General
Full URL
https://c.securepaths.com/js/implement.js?org=FziBhN0qA1aE5tBQrQLl&s=5fa7532c1e9f4&p=TDQ47382&a=47382&cmp=47382&rd=http%3A%2F%2Fspeedflow.io%2F&rt=click&sl=0&stId=0&ty=l
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=ebony
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.72.161 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
161.72.190.35.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 08 Nov 2020 02:08:44 GMT
via
1.1 google
status
401
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
x-xss-protection
0
expires
0
fingerprint2.min.js
cdn.jsdelivr.net/fingerprintjs2/1.4.0/
33 KB
10 KB
Script
General
Full URL
https://cdn.jsdelivr.net/fingerprintjs2/1.4.0/fingerprint2.min.js
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=ebony
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4ef071f26a6a95d20498fa67e78856aebf65e9e06d46046604acac1ac3e87033
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
885312
x-cache
HIT, HIT
status
200
cross-origin-resource-policy
cross-origin
content-length
10191
etag
W/"83f3-ijg3WuTgKQH1Hch06eHdIajrA24"
x-served-by
cache-fra19149-FRA, cache-hhn4056-HHN
date
Sun, 08 Nov 2020 02:08:44 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
47382
traffdaq.com/delivery/directlink/
2 KB
1 KB
Document
General
Full URL
https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6ImozTDhKUVBPMHE5Wm9NK0FCUHZUK2c9PSIsInZhbHVlIjoiZnVpcFpieGZ0OGpOWjF1cUdQajBvQ2VDTEdBSGwwUHVOOFRtckpQK2gxZnl5NitGNmJRUjV5enFLMlptcFIwRmFmc1ZBR0ZXeE40eVJKSDNuK1wvN0loTHRhVENnbmtSb2tQNUREUW5IU0xQa0ZiXC90dUJSVjBxdlFrWFRYUTFhQWFaYmJnRVBpUmFJQlI4ZkQ1YlwvWkdYSVVtSlR0QXNiMGhiak5JNzgzNzB3RksxSXcwZFljZVNjQ2NCNlUyTHRWRVE2bzV3WE9ZdTdHaGVZejBSZVVjamFHb2tseldkVVU2V2djaE0zclN0eEFnRjZYNlwvT1dIZDNwVDhkb21GZ1FFSUhTdXBPY3BCTGgyVGxZSm9Cb1R1NEJ2c1Y4VU1wN1orc05mRDZUWTJZcXhmRWF2XC9hdlFSTVR5TFBkNHQrTiIsIm1hYyI6IjkxMzFhZDRkYzIzNzdiMGQzYzA0NmVkYmFhMzRiMDAzMmI1ZTZlZTIwMGJjNWQ2ZDAwMzZmYWMzNWM3YmFiMGQifQ%3D%3D&fp=66abd220fd1aeed21a48c2d9b60f0bf8
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=ebony
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash

Request headers

Host
traffdaq.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://traffdaq.com/delivery/dl/47382?category=ebony
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
tdqct=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
https://traffdaq.com/delivery/dl/47382?category=ebony

Response headers

Server
nginx/1.16.1 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Cache-Control
no-cache
Date
Sun, 08 Nov 2020 02:08:47 GMT
Content-Encoding
gzip
Cookie set directlink.php
ads.adextrem.com/delivery/
32 KB
11 KB
Document
General
Full URL
http://ads.adextrem.com/delivery/directlink.php?slot=8297
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6ImozTDhKUVBPMHE5Wm9NK0FCUHZUK2c9PSIsInZhbHVlIjoiZnVpcFpieGZ0OGpOWjF1cUdQajBvQ2VDTEdBSGwwUHVOOFRtckpQK2gxZnl5NitGNmJRUjV5enFLMlptcFIwRmFmc1ZBR0ZXeE40eVJKSDNuK1wvN0loTHRhVENnbmtSb2tQNUREUW5IU0xQa0ZiXC90dUJSVjBxdlFrWFRYUTFhQWFaYmJnRVBpUmFJQlI4ZkQ1YlwvWkdYSVVtSlR0QXNiMGhiak5JNzgzNzB3RksxSXcwZFljZVNjQ2NCNlUyTHRWRVE2bzV3WE9ZdTdHaGVZejBSZVVjamFHb2tseldkVVU2V2djaE0zclN0eEFnRjZYNlwvT1dIZDNwVDhkb21GZ1FFSUhTdXBPY3BCTGgyVGxZSm9Cb1R1NEJ2c1Y4VU1wN1orc05mRDZUWTJZcXhmRWF2XC9hdlFSTVR5TFBkNHQrTiIsIm1hYyI6IjkxMzFhZDRkYzIzNzdiMGQzYzA0NmVkYmFhMzRiMDAzMmI1ZTZlZTIwMGJjNWQ2ZDAwMzZmYWMzNWM3YmFiMGQifQ%3D%3D&fp=66abd220fd1aeed21a48c2d9b60f0bf8
Protocol
HTTP/1.1
Server
18.192.7.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-7-22.eu-central-1.compute.amazonaws.com
Software
Apache/2.4.10 (Debian) /
Resource Hash
e445fb75780fb47c738378e1191d9267b8d4fd99419c5aa102e8ddb81e4e4d7d

Request headers

Host
ads.adextrem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
Cache-control
no-cache="set-cookie"
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 08 Nov 2020 02:08:47 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
Apache/2.4.10 (Debian)
Set-Cookie
PHPSESSID=v4k8v31d20j5q6pqiagvcbjtv6; path=/ AWSELB=671BC5111EC8C439EC6ECDAADF42C2FCC39A19517227BECBED123D3D2F3DC41482870D4994F5F60AFCADD93926CF44860692B62F1C4120FACC74D4DFDF0F9F6312DC6AA918;PATH=/;MAX-AGE=900
Vary
Accept-Encoding
Content-Length
10807
Connection
keep-alive
Primary Request index.html
baise-une-coquine.com/fr/azlmkdciuvgfd/
Redirect Chain
  • http://ads.adextrem.com/delivery/directlink.php?slot=8297&fp2=AX1|tz:-60|w:1600|h:1200|ua:Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%...
  • https://vasy.clickmoileclito.com/b5d5f93e-32ea-4512-8758-ada5e50d4de3?adxzoneid=8297&adxdomain=&adxcampaignid=1418&adxmaterialname=&adxcost=0&adxcid=rkPvpLXDA3bckDFrUth6jkFOc6b5TpZlzP6DB4rlVrmfURwP...
  • https://da.off3riz.com/aff_c?offer_id=889&aff_id=1001&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k&source=8297&aff_sub3=1418&aff_sub5=
  • https://vasy.clickmoileclito.com/707fc582-e801-4927-b201-912f81fb1085?transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
  • https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGa...
5 KB
2 KB
Document
General
Full URL
https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Requested by
Host: ads.adextrem.com
URL: http://ads.adextrem.com/delivery/directlink.php?slot=8297
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:bd5f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97d2cbbe88ac9677ae8316771e5d14a0326ae9e8c737d3265081307ecf1c3901

Request headers

:method
GET
:authority
baise-une-coquine.com
:scheme
https
:path
/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://ads.adextrem.com/delivery/directlink.php?slot=8297
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://ads.adextrem.com/delivery/directlink.php?slot=8297

Response headers

status
200
date
Sun, 08 Nov 2020 02:08:48 GMT
content-type
text/html
set-cookie
__cfduid=d2f5a3fc700b83c7cdee7b648f9a259991604801328; expires=Tue, 08-Dec-20 02:08:48 GMT; path=/; domain=.baise-une-coquine.com; HttpOnly; SameSite=Lax
last-modified
Mon, 10 Feb 2020 08:31:18 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
cf-request-id
0647360cad00002c3a1420f000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=A41mrHta92OYaoVLD8NdOJyul7f5WKX8g%2Fd4VMqVM4KF2hs9TWCCYZjxSucFnsSabaaFkZedae%2F8MGWSLhmp4iiVP%2FAbvKej51N7gbePmT3BVAyQoMxC%2FncOm8Dy%2FPYEoMA%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
5eebbf8de9102c3a-FRA
content-encoding
br

Redirect headers

Server
nginx
Date
Sun, 08 Nov 2020 02:08:48 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Pragma
no-cache
Set-Cookie
707fc582-e801-4927-b201-912f81fb1085-v4=707fc582-e801-4927-b201-912f81fb1085; Max-Age=86400; Expires=Mon, 09-Nov-2020 02:08:48 GMT; Domain=vasy.clickmoileclito.com; Path=/; Secure; HttpOnly;SameSite=None cep-v4=4ICWik0oXHm3a3mX35vbvKCM9s50Fq5_Un8gzMFNI_g4MUl1NdHcoSV81ElZTrd5GHhaTP__fcVDgDxH3zPVOkC8leXWkXGSmQ6zB-SEdZc4cn5V2wpvI56hubYSKI00uqO2rRcyf-QaBolL5ZMMmgopMEdZ8GW59HpPJJd0dINtEFMuBHy7bpj4rYG1IdBX5dDubMHoP-0srakZvL9NvSk7w_gC8cbBy5phwPikN2YlUsa1yabN6hhCezgK0Q25YLaeFLd7MwSyTr5TENT1LtBTqTH8n071p_ukr5Xz2-tBw1NQwAkOfH1RGTYbYjW8czkdfHsWBGLDOZvuQnToREN-oaW1624mHEnknLObq2ekAuLTqGZie1AicE5yBjSCZ0DQ72xYab967wQjLsJGWrc8BE9__fFYSnGzoUZcD6b6UYVrzzj3LwPUMpv0RK6bQIerl-pEY30c_QWhPqceNAJMRtvltm2rhaWc26r_j-Q; Max-Age=86400; Expires=Mon, 09-Nov-2020 02:08:48 GMT; Domain=vasy.clickmoileclito.com; Path=/; Secure; HttpOnly;SameSite=None
style.css
baise-une-coquine.com/fr/azlmkdciuvgfd/
2 KB
1 KB
Stylesheet
General
Full URL
https://baise-une-coquine.com/fr/azlmkdciuvgfd/style.css
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:bd5f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebd22861ba47b1f1ebcfd5fac2b09f3d29e4502f30c6705d8d5df1768b1e4509

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 02:08:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2594
status
200
cf-request-id
0647360cfc00002c3ad0a7a000000001
last-modified
Tue, 16 Apr 2019 08:02:03 GMT
server
cloudflare
etag
W/"7b1-586a12f3a4b42-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dKNNbMa5H9tUiawQ9o7gMx80wxiO4apT0K4Q6W2V14k3QkqqNC%2BE37gfuUPdSkCIiT3L4UFiLgW7tIIFObGYyDyCcCh0a3Sj41BZT7YRq8lLuxaPB3%2B0Rf1qC4dtJ1i0oNc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
5eebbf8e599c2c3a-FRA
script.js
baise-une-coquine.com/fr/azlmkdciuvgfd/
95 KB
33 KB
Script
General
Full URL
https://baise-une-coquine.com/fr/azlmkdciuvgfd/script.js
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:bd5f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3464d03ddc780f46403d055e8055075d664053e955c891262327419a58c6d7c8

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 02:08:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2146
status
200
cf-request-id
0647360cfc00002c3a1d184000000001
last-modified
Tue, 16 Apr 2019 08:02:03 GMT
server
cloudflare
etag
W/"17df6-586a12f37ab62-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0PQ1nVmJUbNv89KRmNcbkJCSDFg0RXKBWWlaOtMSBGs8apvJxT0R8dH7CXHnmTIqMQqYPN94lr5czBJP83r3Ff06HClnSZgx3gvs0IwEcu2GjwWWg5y%2FWvS5dxI7FIjdxl4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
5eebbf8e699d2c3a-FRA
detect.js
ads.adextrem.com/
78 B
826 B
Script
General
Full URL
https://ads.adextrem.com/detect.js
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.7.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-7-22.eu-central-1.compute.amazonaws.com
Software
Apache/2.4.10 (Debian) /
Resource Hash
1fab08ee7301c1c5676fa683c923e47681d2b1ec4fd396045937e8fb6befa7c8

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 08 Nov 2020 02:08:48 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 Sep 2017 11:31:43 GMT
Server
Apache/2.4.10 (Debian)
ETag
"4e-559751641a5c0-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-control
no-cache="set-cookie"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
91
pshbckAvril.js
baise-une-coquine.com/
5 KB
1 KB
Script
General
Full URL
https://baise-une-coquine.com/pshbckAvril.js
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:bd5f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22808aba11378e6f7e4675bbe15129a56e77d41fa5431bcef1293b2853b995ca

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 02:08:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2433
status
200
cf-request-id
0647360cfc00002c3ac413f000000001
last-modified
Fri, 17 Apr 2020 16:39:29 GMT
server
cloudflare
etag
W/"13cf-5a37f317a3076-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=f%2BEz27gUvdyCFqi4EjnrGo1DI1KKQXE93qwFUcOQCAJjyDaK2tGP%2Fu1xrduBwyPrkK4IT%2BnxnQU7yluzsrkDGIGqu4PFNl3XkVNloMYjDanNGpNve1TOwAOxBYkQ0sm21f8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
5eebbf8e699e2c3a-FRA
css.css
baise-une-coquine.com/fr/azlmkdciuvgfd/
683 B
530 B
Stylesheet
General
Full URL
https://baise-une-coquine.com/fr/azlmkdciuvgfd/css.css
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:bd5f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96f3d7aaa76926dc90b8d6fed452bfaef5b6dda123c9add711d3365b5857a4c4

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 02:08:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
5891
status
200
cf-request-id
0647360d0800002c3abb15b000000001
last-modified
Tue, 16 Apr 2019 08:02:03 GMT
server
cloudflare
etag
W/"2ab-586a12f3818c2-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BD%2BMRAE9AyNjL3a%2BEP2qDk4BIX5PNJvdnfnqi2v0vL5M4atBHQjQYxRU%2FZqA9YLUZypUg2V%2F%2FIbanlW3yE6FkrLGCDBAV0N16YvGtFjGfKRJZwQxkDrO4UioMS5fBSEtmdU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
5eebbf8e79b62c3a-FRA
detect.php
ads.adextrem.com/
34 B
206 B
Script
General
Full URL
https://ads.adextrem.com/detect.php
Requested by
Host: ads.adextrem.com
URL: https://ads.adextrem.com/detect.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.7.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-7-22.eu-central-1.compute.amazonaws.com
Software
Apache/2.4.10 (Debian) /
Resource Hash
6ab2b9bf505bf16efda449af810081478279b4b4151996c66cfccdbc8cd33175

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Sun, 08 Nov 2020 02:08:48 GMT
Server
Apache/2.4.10 (Debian)
Connection
keep-alive
Content-Length
34
Content-Type
text/html; charset=UTF-8
KFOlCnqEu92Fr1MmWUlfBBc-AMP6lQ.woff
fonts.gstatic.com/s/roboto/v18/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-AMP6lQ.woff
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/css.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f34918c65d1d92fe8daaf8b5c3516403699c6572410baf5e734f10593e4b5a94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://baise-une-coquine.com
Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 19:17:09 GMT
x-content-type-options
nosniff
last-modified
Mon, 16 Oct 2017 17:33:03 GMT
server
sffe
age
24699
status
200
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14032
x-xss-protection
0
expires
Sun, 07 Nov 2021 19:17:09 GMT
KFOmCnqEu92Fr1Mu4mxMKTU1Kg.woff
fonts.gstatic.com/s/roboto/v18/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxMKTU1Kg.woff
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/css.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dc4d37779a8cefd1f2d83c5becf8ad92d594f012ae84ab9b16cc80d0000aa687
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://baise-une-coquine.com
Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 02 Nov 2020 13:12:14 GMT
x-content-type-options
nosniff
last-modified
Mon, 16 Oct 2017 17:32:52 GMT
server
sffe
age
478594
status
200
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13988
x-xss-protection
0
expires
Tue, 02 Nov 2021 13:12:14 GMT
KFOlCnqEu92Fr1MmSU5fBBc-AMP6lQ.woff
fonts.gstatic.com/s/roboto/v18/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc-AMP6lQ.woff
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/css.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e0d50a953bd3c48526558226079057f369e6dc8bb4ef54a72b87af89b4e9a6d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://baise-une-coquine.com
Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 06 Nov 2020 09:17:13 GMT
x-content-type-options
nosniff
last-modified
Mon, 16 Oct 2017 17:32:46 GMT
server
sffe
age
147095
status
200
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14180
x-xss-protection
0
expires
Sat, 06 Nov 2021 09:17:13 GMT
girl.mp4
baise-une-coquine.com/fr/azlmkdciuvgfd/
42 KB
0
Media
General
Full URL
https://baise-une-coquine.com/fr/azlmkdciuvgfd/girl.mp4
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:bd5f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
http://speedflow.io/adult/a=rr
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 08 Nov 2020 02:08:48 GMT
cf-cache-status
DYNAMIC
last-modified
Tue, 16 Apr 2019 08:02:04 GMT
server
cloudflare
status
206
etag
"af078-586a12f4cba05"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MtnIBR2fHIuxgAUoDY2Q08k282EW%2FbDjJRCQRBwAhITvLbmkC83Rx8%2FqlBCzFDWUBTyIo9pWyM33tq11Q%2BlWxXR9pt1Kk6%2B5sYhSHkkaAP8TQlOgjh4FOnyz6UIaRXRxXrY%3D"}],"group":"cf-nel","max_age":604800}
content-type
video/mp4
Content-Range
bytes 0-716919/716920
accept-ranges
bytes
cf-ray
5eebbf8fbb032c3a-FRA
Content-Length
716920
cf-request-id
0647360dd000002c3a2202c000000001
loader.php
ads.adextrem.com/push/
4 KB
2 KB
Script
General
Full URL
https://ads.adextrem.com/push/loader.php
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/pshbckAvril.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.7.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-7-22.eu-central-1.compute.amazonaws.com
Software
Apache/2.4.10 (Debian) /
Resource Hash
8b9ea8752caa6b5eb8b322494a98677a062c9e3175c254280b72a0133a567943

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 08 Nov 2020 02:08:48 GMT
Content-Encoding
gzip
Server
Apache/2.4.10 (Debian)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection
keep-alive
Content-Length
1561
Cookie set ifp.php
ads.adextrem.com/push/ Frame E4A4
0
0
Document
General
Full URL
https://ads.adextrem.com/push/ifp.php?slot=4
Requested by
Host: ads.adextrem.com
URL: https://ads.adextrem.com/push/loader.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.192.7.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-7-22.eu-central-1.compute.amazonaws.com
Software
Apache/2.4.10 (Debian) /
Resource Hash

Request headers

Host
ads.adextrem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
AWSELBCORS=671BC5111EC8C439EC6ECDAADF42C2FCC39A19517227BECBED123D3D2F3DC41482870D4994F5F60AFCADD93926CF44860692B62F1CE49ABF5299BEB168B08C74D5E171E7F2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 08 Nov 2020 02:08:49 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
Apache/2.4.10 (Debian)
Set-Cookie
PHPSESSID=h4s44sa3dmar8ifnp4rkqrksc5; path=/
Vary
Accept-Encoding
Content-Length
1727
Connection
keep-alive
girl.mp4
baise-une-coquine.com/fr/azlmkdciuvgfd/
28 KB
29 KB
Media
General
Full URL
https://baise-une-coquine.com/fr/azlmkdciuvgfd/girl.mp4
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:bd5f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a76a34e9b83c244d7c791385c08d3140399370e34f95dd816a01b436ac5c9780

Request headers

Referer
http://speedflow.io/adult/a=rr
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range
bytes=688128-

Response headers

date
Sun, 08 Nov 2020 02:08:48 GMT
cf-cache-status
DYNAMIC
last-modified
Tue, 16 Apr 2019 08:02:04 GMT
server
cloudflare
status
206
etag
"af078-586a12f4cba05"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RPlO5OZxtRhneiSA9iCSLwz%2B8D3Jf8ZYs2mgmoNmKzVCIbEQP6imzrVTBUS8VQuHNXj6%2F2IvmmlpQOsjnLCiAP3kOl0Yu0o0g4CF8p%2FwxJhSQVmuwcLlXrO2s9wxObdwnqM%3D"}],"group":"cf-nel","max_age":604800}
content-type
video/mp4
Content-Range
bytes 688128-716919/716920
accept-ranges
bytes
cf-ray
5eebbf903b8f2c3a-FRA
Content-Length
28792
cf-request-id
0647360e2500002c3ac2a8d000000001
girl.mp4
baise-une-coquine.com/fr/azlmkdciuvgfd/
668 KB
669 KB
Media
General
Full URL
https://baise-une-coquine.com/fr/azlmkdciuvgfd/girl.mp4
Requested by
Host: baise-une-coquine.com
URL: https://baise-une-coquine.com/fr/azlmkdciuvgfd/index.html?cpid=707fc582-e801-4927-b201-912f81fb1085&domain=vasy.clickmoileclito.com&cep=D3Kz2zAi6iEgVRgu_u1qCwGFgb6sRwHR4Zp3WIl35oJLrTAGHSUOPQjHspcGaf5TX4O9JC19m5LaAKOfJvhR76S9iUcvF5yfoWMvYgGNcwcAbTb64F0ssArqhk0ZT1wNOT5LkKbPpqSyECAJFD1GuVnpdiGomZpT8LfLKYk1O8WhmiZIpkxVwknOaXpE1YiBCjmQbFpJet5LycCaeeW_eHpoIKJA6VxYOiPYZ0IfEhokbElx6wKIfzJHjYUS1JnOU46--kBKobaSJivPx_Bb5PCv1XA5j6DamQ1Gdq9OjHau9FeiGPo9SOuZnDdc46JCccc1OGFZ97rZT_nNacNhcTTu2dOV5x3lr7Q1GAyNZHqIOH3gwAt9lsI38ppB8D8usaTYYluKHZ8snWa4tEdL_WgDV0fa5ymZ3t_6SXImdPZDTGgNLEUJnAVaa7q8al6NSYAf_PIkAmxRhYlRGVBKYtPeM_zxx3WCCjOangcvGBA&lptoken=16a804f1801a313a2839&transaction_id=10298da078fe6e22b6abdfd3b415cf&afid=1001&source=8297&offerid=889&mail=&aff_sub2=wqrsjg2n1pv9g273ii9qpn7k
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:bd5f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e86e41ad9190fcda90bce30555eaf44adf830420bd260010c0c201de87afe9ce

Request headers

Referer
http://speedflow.io/adult/a=rr
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range
bytes=32768-

Response headers

date
Sun, 08 Nov 2020 02:08:48 GMT
cf-cache-status
DYNAMIC
last-modified
Tue, 16 Apr 2019 08:02:04 GMT
server
cloudflare
status
206
etag
"af078-586a12f4cba05"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=w502ziD1HKBdKj%2FQAl7mknlZ34Ghugz6I0EHZjm7FVDfU70rJNZsUtlMSpCDiwtqZtIuuFx34EtumQ4m05yJqpQ5gwPmmaA%2FydEhQh3MJ1ZB37dy2ic1lc%2Bc766h7ScJs4g%3D"}],"group":"cf-nel","max_age":604800}
content-type
video/mp4
Content-Range
bytes 32768-716919/716920
accept-ranges
bytes
cf-ray
5eebbf90ac432c3a-FRA
Content-Length
684152
cf-request-id
0647360e6d00002c3ae52cf000000001

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| $ function| jQuery number| __ADX_adextrem_regular function| getURLParameter function| gopop number| __ADX_isAdBlockUser object| AdExtremPush object| AdExtremPushObj function| ini_push object| o

1 Cookies

Domain/Path Name / Value
.baise-une-coquine.com/ Name: __cfduid
Value: d2f5a3fc700b83c7cdee7b648f9a259991604801328

1 Console Messages

Source Level URL
Text
console-api warning URL: https://ads.adextrem.com/push/loader.php(Line 17)
Message:
Push notifications are not supported by this browser

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.realsrv.com
ads.adextrem.com
baise-une-coquine.com
c.securepaths.com
cdn.jsdelivr.net
da.off3riz.com
fonts.gstatic.com
manyhit.com
speedflow.io
syndication.realsrv.com
traffdaq.com
vasy.clickmoileclito.com
107.170.39.103
162.213.255.36
18.192.7.22
18.195.149.11
198.54.116.135
2001:4de0:ac19::1:b:2a
2606:4700:3036::681b:bd5f
2a00:1450:4001:817::2003
2a04:4e42:1b::621
34.248.244.161
35.190.72.161
95.211.229.246
1fab08ee7301c1c5676fa683c923e47681d2b1ec4fd396045937e8fb6befa7c8
22808aba11378e6f7e4675bbe15129a56e77d41fa5431bcef1293b2853b995ca
3464d03ddc780f46403d055e8055075d664053e955c891262327419a58c6d7c8
4ef071f26a6a95d20498fa67e78856aebf65e9e06d46046604acac1ac3e87033
67e228f50a90c3fc7e9d44ceb82e118a37b4588849bcaefe9be29fa6bba6f440
6ab2b9bf505bf16efda449af810081478279b4b4151996c66cfccdbc8cd33175
8b9ea8752caa6b5eb8b322494a98677a062c9e3175c254280b72a0133a567943
96f3d7aaa76926dc90b8d6fed452bfaef5b6dda123c9add711d3365b5857a4c4
97d2cbbe88ac9677ae8316771e5d14a0326ae9e8c737d3265081307ecf1c3901
a76a34e9b83c244d7c791385c08d3140399370e34f95dd816a01b436ac5c9780
ad609376e5ceadbeffe0feeade48d8a4f228b711b5e59367703b61c84992b7f9
d3f814d49049b29143de2fccdbd97d0a1f0739e2554c482684c7c906b535ea43
dc4d37779a8cefd1f2d83c5becf8ad92d594f012ae84ab9b16cc80d0000aa687
e0d50a953bd3c48526558226079057f369e6dc8bb4ef54a72b87af89b4e9a6d0
e445fb75780fb47c738378e1191d9267b8d4fd99419c5aa102e8ddb81e4e4d7d
e86e41ad9190fcda90bce30555eaf44adf830420bd260010c0c201de87afe9ce
ebd22861ba47b1f1ebcfd5fac2b09f3d29e4502f30c6705d8d5df1768b1e4509
f34918c65d1d92fe8daaf8b5c3516403699c6572410baf5e734f10593e4b5a94