URL: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-os...
Submission: On March 06 via manual from ID — Scanned from DE

Summary

This website contacted 13 IPs in 4 countries across 14 domains to perform 23 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.planetlagun.site.
TLS certificate: Issued by E1 on February 16th 2022. Valid for: 3 months.
This is the only time www.planetlagun.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
3 ytmp3to.com
ytmp3to.com
7 KB
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 194
382 KB
2 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 635
137 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 96
16 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 14954
widgets.amung.us — Cisco Umbrella Rank: 15378
761 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 124
83 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 251
264 KB
2 planetlagun.site
www.planetlagun.site
8 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 10613
541 B
1 toglooman.com
toglooman.com — Cisco Umbrella Rank: 33207
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 54
36 KB
1 dacmaiss.com
dacmaiss.com — Cisco Umbrella Rank: 117139
24 KB
1 irousbisayan.com
irousbisayan.com — Cisco Umbrella Rank: 524254
1 KB
23 14
Domain Requested by
3 ytmp3to.com www.planetlagun.site
ytmp3to.com
3 cdnjs.cloudflare.com www.planetlagun.site
ytmp3to.com
2 static.xx.fbcdn.net www.facebook.com
2 www.facebook.com connect.facebook.net
2 connect.facebook.net www.planetlagun.site
connect.facebook.net
2 ajax.googleapis.com www.planetlagun.site
2 www.planetlagun.site www.planetlagun.site
1 www.google-analytics.com www.googletagmanager.com
1 my.rtmark.net dacmaiss.com
1 toglooman.com dacmaiss.com
1 www.googletagmanager.com ytmp3to.com
1 dacmaiss.com ytmp3to.com
1 widgets.amung.us www.planetlagun.site
1 whos.amung.us 1 redirects
1 irousbisayan.com www.planetlagun.site
23 15

This site contains links to these domains. Also see Links.

Domain
planetlagun.site
badsecs.com
whos.amung.us
Subject Issuer Validity Valid
*.planetlagun.site
E1
2022-02-16 -
2022-05-17
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-09-21 -
2022-09-20
a year crt.sh
irousbisayan.com
R3
2022-03-05 -
2022-06-03
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-12-13 -
2022-03-13
3 months crt.sh
dacmaiss.com
R3
2022-01-20 -
2022-04-20
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
toglooman.com
R3
2022-03-05 -
2022-06-03
3 months crt.sh
*.rtmark.net
Sectigo RSA Domain Validation Secure Server CA
2021-11-20 -
2022-11-26
a year crt.sh

This page contains 3 frames:

Primary Page: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Frame ID: 12FDDED84D2A8DBC9B61075E47E7858D
Requests: 9 HTTP requests in this frame

Frame: https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
Frame ID: 2CDB9E88D14F29920EB3536FFCF27EEC
Requests: 10 HTTP requests in this frame

Frame: https://www.facebook.com/v11.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b1fd8b49f0c34%26domain%3Dwww.planetlagun.site%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.planetlagun.site%252Ff3a3ae2d66a654%26relation%3Dparent.parent&container_width=860&href=https%3A%2F%2Fwww.facebook.com%2Fkatasurat&layout=standard&locale=id_ID&sdk=joey&share=false&size=small&width=
Frame ID: 7E3538399184C9F134DC0DB2FE2FCB8E
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Download - instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

23
Requests

96 %
HTTPS

64 %
IPv6

14
Domains

15
Subdomains

13
IPs

4
Countries

979 kB
Transfer

2644 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://whos.amung.us/swidget/9it949gbkq HTTP 307
  • https://widgets.amung.us/small/00/16.png

23 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request download-final.php
www.planetlagun.site/
6 KB
2 KB
Document
General
Full URL
https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d17de243921c49a5f07e9da3ba796ac8ab9d136a348e968c03ea75dad1406ff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Sun, 06 Mar 2022 12:04:00 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rv0qe%2B6dfuN%2BS9QvaBppRWcwqqdbuZgHwDowlC2OofqMWTXJ%2FBS0C8TlsftJFAsquMKkHKhFYRIAJ5XauiYq76s4zrQKeP251HeYPHXewHd03FWD2Do5F2RL2g4k4l1JIMwURAVxsZ55HVCj5E8BYCGfow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6e7af38c2a98915c-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/
85 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: www.planetlagun.site
URL: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.planetlagun.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 05 Mar 2022 15:28:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74125
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 05 Mar 2023 15:28:35 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/
82 KB
27 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Requested by
Host: www.planetlagun.site
URL: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.planetlagun.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
392497
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
26660
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-14983"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGEm2Amg6ws1Mkuk0HCp0rqJxMIEJgzeVGNNv%2FSVHPNGYGFzo9sfuZJbzWMne0d0N5djrvGC2mjLX4iHRLe8YJSog%2FuwDNR37%2FKjtscUYnq9dleSApwCus5Vp6LEndXiNEGgM1b6QEoPuu8568Km6pmw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6e7af38eaf338fe2-FRA
expires
Fri, 24 Feb 2023 12:04:00 GMT
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/
234 KB
234 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/jquery-ui.min.js
Requested by
Host: www.planetlagun.site
URL: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7ab17d7c830048456601619d3a6422eb5e419b1d0bfef58d8b1c533435d2e054
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.planetlagun.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 05 Mar 2022 23:39:30 GMT
x-content-type-options
nosniff
age
44670
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
239564
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 05 Mar 2023 23:39:30 GMT
41763
irousbisayan.com/rVVgWDUiL0T1N3RVC/
5 B
1 KB
Script
General
Full URL
https://irousbisayan.com/rVVgWDUiL0T1N3RVC/41763
Requested by
Host: www.planetlagun.site
URL: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
23.109.87.130 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.planetlagun.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sun, 06 Mar 2022 12:04:00 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=1
Server
nginx
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
https://www.planetlagun.site
Access-Control-Max-Age
600
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type, megageocheckolololo, x-forwarded-for
X-Content-Type-Options
nosniff
Keep-Alive
timeout=20
planetlagu.png
www.planetlagun.site/wp-content/uploads/2022/01/
5 KB
5 KB
Image
General
Full URL
https://www.planetlagun.site/wp-content/uploads/2022/01/planetlagu.png
Requested by
Host: www.planetlagun.site
URL: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1d8737df802752ebf74309528df47fa5239519074661e7a67df5f88481654e7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:00 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5030
last-modified
Mon, 24 Jan 2022 22:39:16 GMT
server
cloudflare
etag
"13a6-61ef2a94-13ec31;;;"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tR%2F7yaKXJYEIkQFpnlQbRBj2pPBolJAikJ8x6aTwzbvXzmOoVLbOHfbskSbCVO8KnWaqvKFShQGPaZgFw6taE7DH4ypq30cHAMZcYAwud%2BACLnzmO2FqbgjkKJTObyrvhPRPATQBso1A9EHq%2Bfry0kG94g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
6e7af38fbadb915c-FRA
expires
Wed, 09 Mar 2022 02:45:30 GMT
sdk.js
connect.facebook.net/id_ID/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/id_ID/sdk.js
Requested by
Host: www.planetlagun.site
URL: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
db2306606ab831a44a310062b675aa22accf03f317967f754241cccd08b6f815
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.planetlagun.site/
Origin
https://www.planetlagun.site
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
4fY+OKlqgx1YU0Ybm9GAhw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Sun, 06 Mar 2022 12:19:48 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1688
x-fb-rlafr
0
x-fb-debug
J8dD7WPlrtvtM4F2BSrQwJb+y+ekNOWPgfO8iXxVDqaBTU8+svDXNepD17ssnF05SjOd31WGSL70GsOR1wRHRg==
x-fb-trip-id
917726464
x-fb-content-md5
258d4fd07d74957c740da6cba9f70c15
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sun, 06 Mar 2022 12:04:00 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"76896380eab28e57d1ade076f52e6699"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
16.png
widgets.amung.us/small/00/
Redirect Chain
  • https://whos.amung.us/swidget/9it949gbkq
  • https://widgets.amung.us/small/00/16.png
320 B
611 B
Image
General
Full URL
https://widgets.amung.us/small/00/16.png
Requested by
Host: www.planetlagun.site
URL: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Protocol
H2
Server
2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96089f0c5d1376d2623c03c8ef5e5ebd477e90041820c01281a61c55b8925730

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.planetlagun.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
cf-cache-status
HIT
last-modified
Sun, 13 Jun 2010 09:48:29 GMT
server
cloudflare
age
158493
etag
"4c14a96d-140"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
6e7af3928b336951-FRA
content-length
320
expires
Sat, 05 Mar 2022 16:02:28 GMT

Redirect headers

location
https://widgets.amung.us/small/00/16.png
date
Sun, 06 Mar 2022 12:04:00 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
YlqCjUOlMVA
ytmp3to.com/api/button/mp3/ Frame 2CDB
3 KB
1 KB
Document
General
Full URL
https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
Requested by
Host: www.planetlagun.site
URL: https://www.planetlagun.site/download-final.php?id=YlqCjUOlMVA&name=instrumental-chanyeol-punch-stay-with-me-lyrics-goblin-ost-part-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:495b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99122d03711ee24ad24c285a2d8b9599018874d37c5d475f052f0790043f5f3b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.planetlagun.site/

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, private
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oNzB8lYcW%2BiACNYqZm4K2GhInAJMpC2bYGF6tFcWoghzEtt9ofH8PRTa9mzExNavoKXR7zafjHKDW0UfpC8UYIjlI%2FMoFN6isn%2B2jn7U72gwlKJPwJgyOZVmx5%2FTYkhbUbMr7FwTCy1z"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6e7af3908aaa9b33-FRA
content-encoding
br
sdk.js
connect.facebook.net/id_ID/
281 KB
80 KB
Script
General
Full URL
https://connect.facebook.net/id_ID/sdk.js?hash=32e5a4bfd376efb81257c58191ec4437
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/id_ID/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4c4cdaba64f6514cf9caea2b40b1f023de9b56a79942d986b22ce497f5e6f9f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.planetlagun.site/
Origin
https://www.planetlagun.site
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
iexiuIPeuwGhW3smVOiL0w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Mon, 06 Mar 2023 10:19:34 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
82170
x-fb-rlafr
0
x-fb-debug
oJCzABvUknQ1c0hMSFtiINuC2ss+p9MgZgSIZH75Tx+YdKGsUkDmX1aSj7spNF8mjFzaTZb/XHqDmx88oXmMlQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
273f284fa5a8b205e13ae13c5e71e6fd
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 06 Mar 2022 12:04:00 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"f5ae9f992900732db6c90e4edca0f603"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
style.min.css
ytmp3to.com/css/ Frame 2CDB
16 KB
4 KB
Stylesheet
General
Full URL
https://ytmp3to.com/css/style.min.css
Requested by
Host: ytmp3to.com
URL: https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:495b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
771b534418294b0f1825c8ce1be8121e5988ad1541a14ca0613f27c3931ca244

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 20 Aug 2021 05:25:40 GMT
server
cloudflare
age
276688
etag
W/"411c-5c9f6e5e9dd00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z271oY70qmoCjPDCvUvllKxFfNIm0AsVuXYO6i5M40c4ys5YIfM8xXm9i%2FMM5E9HIWU2UtcYAHUmPZ%2BOMODzRUOH1u%2Bl20KDAdNphafX99NOQvttXg%2BLPY5VFh%2FSxMK%2BPrGDFs4xae2w"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6e7af3938fe99b33-FRA
all.min.js
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/js/ Frame 2CDB
1 MB
350 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/js/all.min.js
Requested by
Host: ytmp3to.com
URL: https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8d6285de7d646abfe3ec205fce7e5366c2d28ce254ad9fdcabcf681597aca6a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ytmp3to.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
502512
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
357529
timing-allow-origin
*
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-120bd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iTHj7MV7Nc793SM8WjicBG4kROw46kk7d%2BdVFvJuHHYvREV%2BKZ8T3RHWPtUf1wMbfQssUT4YrocryKsqJwgFAVt8wvK%2FfQzBXv8eLYSZeM%2Bjdt3XSETHLUzs6DZycNloQFzirbzELff2nrsPA11KAQpj"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6e7af3939d45918f-FRA
expires
Fri, 24 Feb 2023 12:04:01 GMT
iframeResizer.contentWindow.min.js
cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/ Frame 2CDB
13 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.contentWindow.min.js
Requested by
Host: ytmp3to.com
URL: https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
adb0b68a61c32480585085ef7fe5e2618fb67179a24a572d947808fabadecd0a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ytmp3to.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
304776
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4475
timing-allow-origin
*
last-modified
Fri, 11 Jun 2021 08:45:03 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"60c3228f-117b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z4FSrn846LheIKjZsj1HqeK2P4GDBWp5OiffWWVh9mbLbh8Z%2BwQxa6pQ1KquCS3TalfCl2STMgQwX10B5WMM0IONE4PS9%2FDISo0ovjGdbuY3lLfYfBji4vsCKrvRtwTwApxeudVHJUZiXsDC0ZgLENpA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6e7af393bd95918f-FRA
expires
Fri, 24 Feb 2023 12:04:01 GMT
app.min.js
ytmp3to.com/js/ Frame 2CDB
971 B
732 B
Script
General
Full URL
https://ytmp3to.com/js/app.min.js
Requested by
Host: ytmp3to.com
URL: https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:495b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
229c22dacd43a9e49b9e880ddd617f2f78bf4ef3df42127b6a579a7f03baca6b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 22:00:04 GMT
server
cloudflare
age
277098
etag
W/"3cb-5c9c870a42100-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dhBGpsE5aAds4tgIhuUgg3PFXD0gPjR3Ura1IU5slRGTBA7PxK0ODW4i%2F5DVuxM%2Fw2gl0%2BDHubqtGBSqEpHJWBkqM4ifUdYcLqMsXZinvIo0gH5oCUlQUb%2F0kOcEkkyPK5k8JSZLEsNR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6e7af3938ff49b33-FRA
2678564
dacmaiss.com/5/ Frame 2CDB
61 KB
24 KB
Script
General
Full URL
https://dacmaiss.com/5/2678564
Requested by
Host: ytmp3to.com
URL: https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
1dfd60edc87dfe600e65e4d8953350e552860fff50605925a252c7becc5ee5fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ytmp3to.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-trace-id
0fc8b0c5c7432969f8f439b06ee4ed8c
pragma
no-cache, no-cache
date
Sun, 06 Mar 2022 12:04:01 GMT
content-encoding
gzip
server
nginx
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://e2ertt.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
expires
Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
js
www.googletagmanager.com/gtag/ Frame 2CDB
92 KB
36 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-83729541-1
Requested by
Host: ytmp3to.com
URL: https://ytmp3to.com/api/button/mp3/YlqCjUOlMVA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9f99803923ffe21491f7ce5a6d3665fd349de07e31a3c2021b20f218152d6726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ytmp3to.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36679
x-xss-protection
0
expires
Sun, 06 Mar 2022 12:04:01 GMT
1
toglooman.com/ Frame 2CDB
0
0
Script
General
Full URL
https://toglooman.com/1?z=2929160
Requested by
Host: dacmaiss.com
URL: https://dacmaiss.com/5/2678564
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ytmp3to.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-trace-id
d08297341178c06933d4621c979267f5
date
Sun, 06 Mar 2022 12:04:01 GMT
x-sc
4KdnrdofxFOHMlcU
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
text/plain; charset=utf-8
access-control-allow-origin
access-control-expose-headers
X-Sc
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length
7
gid.js
my.rtmark.net/ Frame 2CDB
65 B
541 B
XHR
General
Full URL
https://my.rtmark.net/gid.js?userId=f7b6e0003d274f39b73cc0dfc78bf8d7
Requested by
Host: dacmaiss.com
URL: https://dacmaiss.com/5/2678564
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
11e5ed71703d4adbca06ca9b9e11ee53b1a09bc6dcc811e514e2e65a80c394d1
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ytmp3to.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ytmp3to.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
like.php
www.facebook.com/v11.0/plugins/ Frame 7E35
36 KB
16 KB
Document
General
Full URL
https://www.facebook.com/v11.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b1fd8b49f0c34%26domain%3Dwww.planetlagun.site%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.planetlagun.site%252Ff3a3ae2d66a654%26relation%3Dparent.parent&container_width=860&href=https%3A%2F%2Fwww.facebook.com%2Fkatasurat&layout=standard&locale=id_ID&sdk=joey&share=false&size=small&width=
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/id_ID/sdk.js?hash=32e5a4bfd376efb81257c58191ec4437
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cd030fbe5446c9202c4fcdf48c219e2037c4847c082063629e9dbb04b7bddec0
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.planetlagun.site/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version
v11.0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
QbXOEZPYZe+MAMr1GxO9m/jMYYRHDY/ug+p15c77OOWzMXWUmfE8oy2xxHttRZnfMfIb/i2Xaae4njJhRZb96g==
date
Sun, 06 Mar 2022 12:04:01 GMT
priority
u=3,i
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
analytics.js
www.google-analytics.com/ Frame 2CDB
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-83729541-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ytmp3to.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
7149
date
Sun, 06 Mar 2022 10:04:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 06 Mar 2022 12:04:52 GMT
OqOE21UvWe3.png
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame 7E35
400 B
1004 B
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/OqOE21UvWe3.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v11.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b1fd8b49f0c34%26domain%3Dwww.planetlagun.site%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.planetlagun.site%252Ff3a3ae2d66a654%26relation%3Dparent.parent&container_width=860&href=https%3A%2F%2Fwww.facebook.com%2Fkatasurat&layout=standard&locale=id_ID&sdk=joey&share=false&size=small&width=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
x-content-type-options
nosniff
content-md5
uF0RL4E+h23ClLQmPOTTMw==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
400
x-fb-rlafr
0
x-fb-debug
cwHit1cPeyV8MPBiZqcbo4xzEWyt2qQa122x66mYN3++hGFDMiHZBUZZl7N4F35VZ6TS8L2jqcqfCOQl6Qey5A==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 01 Mar 2023 17:07:12 GMT
iZ7dclye650.js
static.xx.fbcdn.net/rsrc.php/v3iXZs4/yW/l/id_ID/ Frame 7E35
521 KB
136 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iXZs4/yW/l/id_ID/iZ7dclye650.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v11.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b1fd8b49f0c34%26domain%3Dwww.planetlagun.site%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.planetlagun.site%252Ff3a3ae2d66a654%26relation%3Dparent.parent&container_width=860&href=https%3A%2F%2Fwww.facebook.com%2Fkatasurat&layout=standard&locale=id_ID&sdk=joey&share=false&size=small&width=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
317bdeb7836d0c8f38f660cc40169d84e7a532efccc8cf2cd2eac838ee03cbc0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Mar 2022 12:04:01 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
Ql38pmbDUXoTO1Doqjnhlg==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
139162
x-fb-rlafr
0
x-fb-debug
ovBmtdVJiWhbudqFoe0J+Hf8D3QA8ryFhbl2iB0utTm9TDG6DtNHOn2s4KRtDZa9mNUWznvGaq2jwKXy59qpHQ==
x-fb-trip-id
917726464
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sat, 04 Mar 2023 20:07:27 GMT
cavalry_endpoint.php
www.facebook.com/common/ Frame 7E35
67 B
105 B
Image
General
Full URL
https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1646568241617&t_start=1646568241617&t_domcontent=1646568241621&t_layout=1646568241705&t_onload=1646568241705&t_paint=1646568241705&t_creport=1646568241705&t_tti=1646568241621&lid=7071956746514841803-0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/v11.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b1fd8b49f0c34%26domain%3Dwww.planetlagun.site%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.planetlagun.site%252Ff3a3ae2d66a654%26relation%3Dparent.parent&container_width=860&href=https%3A%2F%2Fwww.facebook.com%2Fkatasurat&layout=standard&locale=id_ID&sdk=joey&share=false&size=small&width=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
pragma
no-cache
x-fb-debug
IWHvlkm7PRM+88N3x425S8ZOsnExuiqsvGsZP4nq4X5heUWt7N9kEJtKgZfBfguHAtajTEq7XvcbGtQu8WY01g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sun, 06 Mar 2022 12:04:01 GMT
strict-transport-security
max-age=15552000; preload
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
image/png
vary
Accept-Encoding
cache-control
private, no-store, no-cache, must-revalidate
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery function| myFunction object| FB

6 Cookies

Domain/Path Name / Value
irousbisayan.com/ Name: GL_UI4
Value: eJw9jVtOhDAYhYFycTJCPAkLcAlFZJRH4yJ8JH9pYepAOyl1iLu3MdGn8%2BVccqIoSuoK8S1nYF%2FU4fEkeuK87dtJNCf%2BIjhJatruiU%2BvzTOJDge9DZ7EonyK%2B1kZ5fQ4jFaqEg8h%2BnMuxu4mRSYcGVkiW0NjKVEIZ%2FdNuZohNbQq5O9nZ4NmK31ah6TvA2oTMOZI7Faz6oDiQxsZdtURScOrMo9wvC7kJ%2BvWQcs8RjY7kgrxG%2B5G8mq27huFVNvF2ytgFzn8939v2d5w5FLd9Bi%2BrT8r9wMevUpU
irousbisayan.com/ Name: GL_GI10
Value: eJxljNFqwjAYhWs6O8uGcsAH6AtYyEq33Tqt82ZXe4AQ6l8Jo0n4E8Xu6XUKY7C7w3fOd5IkEfMphPGYyde6fJJVKeu6lM8V0j05iHWDx9YdbORBWd0T7t%2BJe20HZEx74yzEtsHDLavW7QjjdbP4w67WeEshEO5aEwdgw9p%2BdQeOhe6LD20s8p%2Fips8v%2Bv9BaoIHKilfquKT%2BGhaCsXyDbmlqIIn2iFfOfaOdSRMf%2Bn1M0sxMUF5dqchG2EWTU%2FfzpJyXRcoXtDomIkz4ldPyw%3D%3D
dacmaiss.com/ Name: OAID
Value: f7b6e0003d274f39b73cc0dfc78bf8d7
dacmaiss.com/ Name: oaidts
Value: 1646568241
my.rtmark.net/ Name: ID
Value: f7b6e0003d274f39b73cc0dfc78bf8d7
toglooman.com/ Name: scm
Value: 1

1 Console Messages

Source Level URL
Text
network error URL: https://toglooman.com/1?z=2929160
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
connect.facebook.net
dacmaiss.com
irousbisayan.com
my.rtmark.net
static.xx.fbcdn.net
toglooman.com
whos.amung.us
widgets.amung.us
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.planetlagun.site
ytmp3to.com
139.45.195.8
139.45.197.237
139.45.197.239
23.109.87.130
2606:4700:10::6816:4aab
2606:4700:20::ac43:495b
2606:4700::6810:135e
2a00:1450:4001:808::200e
2a00:1450:4001:80e::200a
2a00:1450:4001:82f::2008
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a06:98c1:3121::7
67.202.114.214
11e5ed71703d4adbca06ca9b9e11ee53b1a09bc6dcc811e514e2e65a80c394d1
1dfd60edc87dfe600e65e4d8953350e552860fff50605925a252c7becc5ee5fd
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
229c22dacd43a9e49b9e880ddd617f2f78bf4ef3df42127b6a579a7f03baca6b
317bdeb7836d0c8f38f660cc40169d84e7a532efccc8cf2cd2eac838ee03cbc0
4c4cdaba64f6514cf9caea2b40b1f023de9b56a79942d986b22ce497f5e6f9f6
771b534418294b0f1825c8ce1be8121e5988ad1541a14ca0613f27c3931ca244
7ab17d7c830048456601619d3a6422eb5e419b1d0bfef58d8b1c533435d2e054
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8d17de243921c49a5f07e9da3ba796ac8ab9d136a348e968c03ea75dad1406ff
96089f0c5d1376d2623c03c8ef5e5ebd477e90041820c01281a61c55b8925730
99122d03711ee24ad24c285a2d8b9599018874d37c5d475f052f0790043f5f3b
9f99803923ffe21491f7ce5a6d3665fd349de07e31a3c2021b20f218152d6726
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
adb0b68a61c32480585085ef7fe5e2618fb67179a24a572d947808fabadecd0a
b8d6285de7d646abfe3ec205fce7e5366c2d28ce254ad9fdcabcf681597aca6a
cd030fbe5446c9202c4fcdf48c219e2037c4847c082063629e9dbb04b7bddec0
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a
db2306606ab831a44a310062b675aa22accf03f317967f754241cccd08b6f815
e1d8737df802752ebf74309528df47fa5239519074661e7a67df5f88481654e7
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b