1-fo.net Open in urlscan Pro
2606:4700:3037::ac43:d6a9 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Submission: On November 07 via manual (November 7th 2021, 3:36:57 pm UTC) from CA — Scanned from CA

Summary HTTP 52 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 21 IPs in 1 countries across 16 domains to perform 52 HTTP transactions. The main IP is 2606:4700:3037::ac43:d6a9, located in United States and belongs to CLOUDFLARENET, US. The main domain is 1-fo.net.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 5th 2021. Valid for: a year.

This is the only time 1-fo.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	2606:4700:303... 2606:4700:3037::ac43:d6a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:816::200a	15169 (GOOGLE) (GOOGLE)
3	2600:9000:202... 2600:9000:202c:a00:14:72de:11c0:21	16509 (AMAZON-02) (AMAZON-02)
6	13.225.229.72 13.225.229.72	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2607:f8b0:400... 2607:f8b0:4006:816::200d	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3034::6815:366d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2607:f8b0:400... 2607:f8b0:4006:823::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::ac43:dadd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.216.131.51 52.216.131.51	16509 (AMAZON-02) (AMAZON-02)
3	2607:f8b0:400... 2607:f8b0:4006:823::2001	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3034::ac43:837d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4006:81c::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81d::2016	15169 (GOOGLE) (GOOGLE)
1	2600:9000:210... 2600:9000:210b:3e00:1f:315e:7fc0:21	16509 (AMAZON-02) (AMAZON-02)
1 2	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2006	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:816::2004	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80a::2003	15169 (GOOGLE) (GOOGLE)
52	21

8 2606:4700:3037::ac43:d6a9 (United States)

ASN13335 (CLOUDFLARENET, US)

1-fo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:202c:a00:14:72de:11c0:21 (United States)

ASN16509 (AMAZON-02, US)

d3ou4areduq72f.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.225.229.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-229-72.jfk51.r.cloudfront.net

rchamrevolu.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:816::200d (United States)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:366d (United States)

ASN13335 (CLOUDFLARENET, US)

awsimiledarent.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:823::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:dadd (United States)

ASN13335 (CLOUDFLARENET, US)

freychang.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.131.51 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

3313fd7a65d575eedefe43810da3efe25d3a8b905dcee8155eb19.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:823::2001 (United States)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::ac43:837d (United States)

ASN13335 (CLOUDFLARENET, US)

equirekeither.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::200e (United States) 1 redirects

ASN15169 (GOOGLE, US)

youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:81c::200e (United States)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81d::2016 (United States)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:210b:3e00:1f:315e:7fc0:21 (United States)

ASN16509 (AMAZON-02, US)

dufai4b1ap33z.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80b::2002 (United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2006 (United States)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80a::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	youtube.com 1 redirects youtube.com www.youtube.com	694 KB
8	1-fo.net 1-fo.net	259 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	108 KB
6	rchamrevolu.xyz rchamrevolu.xyz	5 KB
4	cloudfront.net d3ou4areduq72f.cloudfront.net d301cxwfymy227.cloudfront.net Failed dufai4b1ap33z.cloudfront.net	196 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net static.doubleclick.net	1 KB
3	ggpht.com yt3.ggpht.com	895 KB
3	google.com accounts.google.com www.google.com	14 KB
2	ytimg.com i.ytimg.com	93 KB
1	equirekeither.xyz equirekeither.xyz	851 B
1	amazonaws.com 3313fd7a65d575eedefe43810da3efe25d3a8b905dcee8155eb19.s3.amazonaws.com	18 KB
1	freychang.fun freychang.fun	719 B
1	awsimiledarent.xyz awsimiledarent.xyz	676 B
1	facebook.com www.facebook.com
1	googleapis.com fonts.googleapis.com	1 KB
1	cloudflare.com cdnjs.cloudflare.com	5 KB
52	16

	Domain	Requested by
8	www.youtube.com	1-fo.net www.youtube.com
8	1-fo.net	1-fo.net
6	rchamrevolu.xyz	d3ou4areduq72f.cloudfront.net dufai4b1ap33z.cloudfront.net
5	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
3	yt3.ggpht.com	1-fo.net www.youtube.com
3	d3ou4areduq72f.cloudfront.net	1-fo.net rchamrevolu.xyz
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	googleads.g.doubleclick.net	1 redirects www.youtube.com
2	i.ytimg.com	1-fo.net www.youtube.com
2	accounts.google.com	1-fo.net
1	www.google.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	dufai4b1ap33z.cloudfront.net	1-fo.net
1	youtube.com	1 redirects
1	equirekeither.xyz	1-fo.net
1	3313fd7a65d575eedefe43810da3efe25d3a8b905dcee8155eb19.s3.amazonaws.com	1-fo.net
1	freychang.fun	d3ou4areduq72f.cloudfront.net
1	awsimiledarent.xyz	1-fo.net
1	www.facebook.com	1-fo.net
1	fonts.googleapis.com	1-fo.net
1	cdnjs.cloudflare.com	1-fo.net
0	d301cxwfymy227.cloudfront.net Failed	1-fo.net
52	22

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
linkvertise.com
mboost.me
pastebin.com
up-to-down.net
linktr.ee

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-05` - `2022-08-04`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
rchamrevolu.xyz Amazon	`2021-10-19` - `2022-11-17`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-16` - `2021-11-14`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.awsimiledarent.xyz R3	`2021-10-30` - `2022-01-28`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-11` - `2022-02-11`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Frame ID: 107EDB643C41BAC62C72A00C9114CC68
Requests: 31 HTTP requests in this frame

Frame: https://rchamrevolu.xyz/T2xoU0MuDgs+fC5RCnU2PQBVdnEJSVoVJ3wDHWciPQkMJjJ4Xg59ICMDHTclPQMGJ20hCRx2cQkhPmIBBD8FY3MfFTkgFiYhXR8tKzkyFBF3CQQnOwAGAz8CNggcHxcgLQo0EjYoEgUoDgtQFAk4NQMxB3s0JWFyeQ4pFnEfBVlgEDUlTWEBBDQMMCAbKR0YBQ0GDDl3eS0CKzcEKB8wDQtYXxkkHhUnBDRqXi4XBCBVIgcCCiMSJDEtXVABGRg+XgAEGQsxOXMKIzwCLx8+XSoaIQMDFBsFBQ09NysJPxE1Kj9RKhohA1ERByMBDj56KiowBXcqBD47GQhBJiUbfQ8QHCkgLiU6IDknKQpmfS4iFHp7J1oZKSk7OjYaFzpcNigaVCcXdyEtMBkqDDtRNRk1GwIaEicVMT0sOy8sAnQFOyYaGRgtGBord1g4AHo5NBAVMyleOjcmGD5QNhUZWTILdjk0WjApBBUfHgkbAB42ADsFMWByJDQFFXEfXwt1KTwDBiN+KBwFahc3KTBgEQogIgI3
Frame ID: 92A065AFC5166E44ED71AEE3B241BC21
Requests: 2 HTTP requests in this frame

Frame: https://rchamrevolu.xyz/VnJmZG03EAUJUjdPBEIYJB5bQV8QV1QiCWUdE1AMJBcCERxhQABKDjodEwALJB0IEEM4FxJBXxA0PDEjERYIISoaMQE1OT43Fy0GIjswCglzQCQ1Bhg2LTA4DDoeMkhkMCUTVWQzAQcHFycFJyMSMDcmP24cA1Q3DjE1LQITJx4gJz8VMDArBB4sHCQCJS4AChcVIy8mHgEzJhUHFS0lDjI2JT0bAzM3IQs/ATwnGiEELQwJAyQRMhcBNyAlDg4oAyYKIQYvDAYRNAs+XQQaXjY3OCAhNSsABgIIIxU4VD5dBBU/KSEOMCUyKw8wP1Q/FDo+MhQOQzQ8Di9fBSMsBxkLKT8bJiINAi8nVikHMhwwJjVnKFc9XQQwMjcKIzMOEycMHDdVOxAWHC8FbhMnIzdmIA49LB8xVj46EzAeAAUDKCAdGiQ3VzY1FCpfIDVnJBIHBhQxPjNcLCMKNjU1CDM8KyEjHihcGDYvVzdnIzBdOjIlJyA5F1QMFwI4AlspFBEVIgEaYBUREg
Frame ID: F4405797D76D03A8221951B828B704A0
Requests: 2 HTTP requests in this frame

Frame: https://www.youtube.com/embed/MA3cLMEtEQ8
Frame ID: 871382C62FFEA6ECB1F0A7B16BE690BE
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

1-fo

Page Statistics

52
Requests

94 %
HTTPS

90 %
IPv6

16
Domains

22
Subdomains

21
IPs

1
Countries

2291 kB
Transfer

7937 kB
Size

2
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/channel/UCPnCsR8_hY_z7tceY5-0KSA?sub_confirmation=1
Title: SUBSCRIBE

Search URL Search Domain Scan URL

URL: https://linkvertise.com/82375/VegaExecutor?o=sharing
Title: DOWNLOAD VEGA-X

Search URL Search Domain Scan URL

URL: https://mboost.me/a/3Uy
Title: https://mboost.me/a/3Uy

Search URL Search Domain Scan URL

URL: https://pastebin.com/rURiLjmp
Title: https://pastebin.com/rURiLjmp

Search URL Search Domain Scan URL

URL: https://up-to-down.net/KryptHood
Title: https://up-to-down.net/KryptHood

Search URL Search Domain Scan URL

URL: https://up-to-down.net/ZordionHood
Title: https://up-to-down.net/ZordionHood

Search URL Search Domain Scan URL

URL: https://linktr.ee/1f0
Title: https://linktr.ee/1f0

Search URL Search Domain Scan URL

URL: https://up-to-down.net/82375/VegaExecutor
Title: https://up-to-down.net/82375/VegaExecutor

Search URL Search Domain Scan URL

URL: https://pastebin.com/gmWi3L4v
Title: https://pastebin.com/gmWi3L4v

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://youtube.com/embed/MA3cLMEtEQ8 HTTP 301
https://www.youtube.com/embed/MA3cLMEtEQ8

Request Chain 40

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

52 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request MA3cLMEtEQ8 Show response
1-fo.net/v/ 3 KB
2 KB 681ms
282ms Document
text/html 2606:4700:3037::ac43:d6a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d6a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b3cf60125ba47f04f6bd44e93cbdaddac51dd8ccec1e903b8d9422c39b2ea25

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Sun, 07 Nov 2021 15:36:50 GMT
content-type: text/html
access-control-allow-methods: GET, POST
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VnFyH2UoDv%2BdzZYCjw2kUNknzoA0Z0fHSeWWXj2M9VAQqiv3g%2Fs%2FZczPMs4sWV9tmc71%2FLY6JpCSq2BhGaN8j8jHp1JjomyiLiaJRKTqHcCFaXKWP9D%2FYcWuStk4fJ4aLawegkKtnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6aa7a3afe9387144-YUL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/ 70 KB
5 KB 441ms
152ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css

Requested by

Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2671269
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4216
timing-allow-origin: *
last-modified: Mon, 07 Sep 2020 12:33:38 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f5628a2-11846"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q2NzBGcBlzEPIhKudl%2F82k9Gw0nh3RxBTDz0mISMzGdoC%2FWqB%2B1kewxvMqRifgHnHx6JZAyZKKNvpnKDBM%2FkOAA%2Fiun7ITQ4suRWt5JsqTndmEZ13kkXTeUchkhzbNPqQazMvjUbTPEDexvS1kZV0BBV"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6aa7a3b3acf64bca-YUL
expires: Fri, 28 Oct 2022 15:36:50 GMT

GET
H2 200 css2
fonts.googleapis.com/ 8 KB
1 KB 891ms
296ms Stylesheet
text/css 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Nunito:wght@300;400;600;700;800&display=swap

Requested by

Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e5e8a081c33e64578de89d2fe9f37aeca106246d4fbd2c0b9ba2f2520cd0edb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 07 Nov 2021 15:14:15 GMT
server: ESF
date: Sun, 07 Nov 2021 15:36:50 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 07 Nov 2021 15:36:50 GMT

GET
H2 200 / Show response
d3ou4areduq72f.cloudfront.net/ 304 KB
97 KB 706ms
303ms Script
text/plain 2600:9000:202c:a00:14:72de:11c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3ou4areduq72f.cloudfront.net/?rauod=934606
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:202c:a00:14:72de:11c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b1d85fa924f6e5be3f26e20b22aa79f091154520e14ecd060b47b12c66578d7e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Nov 2021 15:36:50 GMT
content-encoding: gzip
x-amz-cf-pop: EWR52-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length: 99234
via: 1.1 7969ab02c38bf363682fddd4258a6d30.cloudfront.net (CloudFront)
x-amz-cf-id: ofqjgda-sCl2MdQFZWCjZhVV35u182-vhJgAwaNNMGRByRqq6glQPA==

GET
H2 200 ksdjgfks.js Show response
1-fo.net/ 48 KB
23 KB 207ms
206ms Script
application/javascript 2606:4700:3037::ac43:d6a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1-fo.net/ksdjgfks.js
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d6a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f20c07a06f9aa016398c19b4c11c5d55b8ce0ec4015f6f4aa3dd6a4c0f4fc101

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 858
access-control-allow-methods: GET, POST
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 07 Nov 2021 15:22:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rkeShFWOvDpKTuCAlMLxhsmyV%2Fw7KJl7%2FbuCms0qhEPae2nfs1K2rDxLsq%2BRxS77bKBN6ff6VpRchdaB8WEl%2F0tYtrK6WhI9GZd0C6Z7ZiMezzlW%2Biinfl6rgfN9V8ff57e6Y%2FK4FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 6aa7a3b1ec027144-YUL
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 main.51fbd1fd.chunk.css
1-fo.net/static/css/ 9 KB
2 KB 199ms
199ms Stylesheet
text/css 2606:4700:3037::ac43:d6a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1-fo.net/static/css/main.51fbd1fd.chunk.css
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d6a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d954b15641bc11114230f29bb75a5d1ea1b3ced70bf71461c50cd66fdee5293

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 858
access-control-allow-methods: GET, POST
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 07 Nov 2021 15:22:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkLVtyN0y9oUEqk30%2FfypLJR5BAgtKhLy7K52iwtz62mJySZH4bW9Kwa3pjBXjBQ2pGgPlPU0m%2FeXgKcSNiO2kcDqoTkN3RiMpS5OhGirQOnjjluOnuKzE9EodLPqFYlhM5yEWpxhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 6aa7a3b1ec037144-YUL
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 2.90f4e466.chunk.js Show response
1-fo.net/static/js/ 161 KB
53 KB 358ms
357ms Script
application/javascript 2606:4700:3037::ac43:d6a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1-fo.net/static/js/2.90f4e466.chunk.js
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d6a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a46c7331410d36531777358356fb4d81218fff0652d5f5d5892eaf40fda985c9

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 858
access-control-allow-methods: GET, POST
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 07 Nov 2021 15:22:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wmjZ3T8zqZuQAp9fMXB%2BgM9yw%2BdBsoQTdM4eiAZRtmJXsjQN7asZIizkaYUjpG0rRJdLwH%2Ff3biUPEhxtPNh%2BOVIh0rzAYXSda60HB0DFxvsi%2Fdvtf6jSs3iOMaW3S3Nr8y%2FnewEGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 6aa7a3b1ec047144-YUL
access-control-allow-headers: X-Requested-With, content-type

GET
H2 200 main.01bfbe4e.chunk.js Show response
1-fo.net/static/js/ 8 KB
3 KB 519ms
519ms Script
application/javascript 2606:4700:3037::ac43:d6a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1-fo.net/static/js/main.01bfbe4e.chunk.js
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d6a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 488beca9504bd3360bcfbd4043c644f0d2fe1fc76845977af884aefebdbaee8a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 858
access-control-allow-methods: GET, POST
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 07 Nov 2021 15:22:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=myVD%2BFTOD4H9nl34BBCBmV9GwSwutWyr5zLG0n%2FPYKX6LzGXu9pCiue%2FMkajdiPehmiosqEpcGCLiLDyT77SIefG1gTd3RHPQYVuBkbVu8na6mQ2B5GyzM5CI3OyyW9%2FV6R%2FxVQOJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 6aa7a3b1ec067144-YUL
access-control-allow-headers: X-Requested-With, content-type

GET
H2 204 utx Show response
rchamrevolu.xyz/ 0
411 B 724ms
312ms XHR
text/plain 13.225.229.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rchamrevolu.xyz/utx?cb=JXkRDkn093z3&top=1-fo.net&tid=934606
Requested by: Host: d3ou4areduq72f.cloudfront.net
URL: https://d3ou4areduq72f.cloudfront.net/?rauod=934606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.229.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-229-72.jfk51.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Nov 2021 15:36:51 GMT
via: 1.1 7a9ee72a0b48ca2cabd7b6a48922db46.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://1-fo.net
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: TWPKwK6B7_-WEWhOCD9ld2h9TLIFHFjJD_Lne5dIspQ_R7KwNln57Q==

GET
H2 204 utx Show response
rchamrevolu.xyz/ 0
411 B 614ms
212ms XHR
text/plain 13.225.229.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rchamrevolu.xyz/utx?cb=P1i0PlaNIROt&top=1-fo.net&tid=934842
Requested by: Host: d3ou4areduq72f.cloudfront.net
URL: https://d3ou4areduq72f.cloudfront.net/?rauod=934606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.229.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-229-72.jfk51.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Nov 2021 15:36:51 GMT
via: 1.1 7a9ee72a0b48ca2cabd7b6a48922db46.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://1-fo.net
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: ZVOeYNYUqJk_K0XPh7BOx2NtacxfU5VQLFEHrBQFILuvcsy7an4EPA==

GET
H2 200 login.php
www.facebook.com/ 0
0 952ms
363ms Image
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 ServiceLogin
accounts.google.com/ 0
0 645ms
233ms Image
text/html 2607:f8b0:4006:816::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:816::200d , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 ServiceLogin
accounts.google.com/ 0
0 1154ms
748ms Image
text/html 2607:f8b0:4006:816::200d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:816::200d , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 popunder.gif
awsimiledarent.xyz/ 35 B
676 B 479ms
177ms Image
image/gif 2606:4700:3034::6815:366d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://awsimiledarent.xyz/popunder.gif
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:366d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: public
date: Sun, 07 Nov 2021 15:36:51 GMT
cf-cache-status: HIT
last-modified: Sun, 07 Nov 2021 13:08:30 GMT
server: cloudflare
age: 8901
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0gd6BBc%2Fm2t4i3DuXIOjqHdvE9Jc4iG6mPzE7DXIv1myxjcMHlgFwOkKlJ8AgNnEsoadl63rp%2FNVs5sE8qC7VOgSS1HpdPolFJBcRhziAyikfsYD2W%2FTNhy7R30ShyWvIjJx1l%2FD%2ByOZ18gmpt9l1o%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6aa7a3baa878714e-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET /
d301cxwfymy227.cloudfront.net/ 0
0

GET
H2 200 T2xoU0MuDgs+fC5RCnU2PQBVdnEJSVoVJ3wDHWciPQkMJjJ4Xg59ICMDHTclPQMGJ20hCRx2cQkhPmIBBD8FY3MfFTkgFiYhXR8tKzkyFBF3CQQnOwAGAz8CNggcHxcgLQo0EjYoEgUoDgtQFAk4NQMxB3s0JWFyeQ4pFnEfBVlgEDUlTWEBBDQMMCAbKR0YBQ0GD... Show response
rchamrevolu.xyz/ Frame 92A0 3 KB
2 KB 586ms
214ms Document
text/html 13.225.229.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rchamrevolu.xyz/T2xoU0MuDgs+fC5RCnU2PQBVdnEJSVoVJ3wDHWciPQkMJjJ4Xg59ICMDHTclPQMGJ20hCRx2cQkhPmIBBD8FY3MfFTkgFiYhXR8tKzkyFBF3CQQnOwAGAz8CNggcHxcgLQo0EjYoEgUoDgtQFAk4NQMxB3s0JWFyeQ4pFnEfBVlgEDUlTWEBBDQMMCAbKR0YBQ0GDDl3eS0CKzcEKB8wDQtYXxkkHhUnBDRqXi4XBCBVIgcCCiMSJDEtXVABGRg+XgAEGQsxOXMKIzwCLx8+XSoaIQMDFBsFBQ09NysJPxE1Kj9RKhohA1ERByMBDj56KiowBXcqBD47GQhBJiUbfQ8QHCkgLiU6IDknKQpmfS4iFHp7J1oZKSk7OjYaFzpcNigaVCcXdyEtMBkqDDtRNRk1GwIaEicVMT0sOy8sAnQFOyYaGRgtGBord1g4AHo5NBAVMyleOjcmGD5QNhUZWTILdjk0WjApBBUfHgkbAB42ADsFMWByJDQFFXEfXwt1KTwDBiN+KBwFahc3KTBgEQogIgI3
Requested by: Host: d3ou4areduq72f.cloudfront.net
URL: https://d3ou4areduq72f.cloudfront.net/?rauod=934606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.229.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-229-72.jfk51.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: d5a3f6b00046a6351e5c4b018b577ff44b53b1c3ac21b5c207e3c26a8d3bfca5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/

Response headers

content-type: text/html
content-length: 1239
date: Sun, 07 Nov 2021 15:36:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 7a9ee72a0b48ca2cabd7b6a48922db46.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
x-amz-cf-id: wYQyZdY5D-o6gafX0NF4AGbY7rmNncFPm6D5l66VsKSIC2RM2TpxfQ==

GET
H2 200 FDo+MhQOQzQ8Di9fBSMsBxkLKT8bJiINAi8nVikHMhwwJjVnKFc9XQQwMjcKIzMOEycMHDdVOxAWHC8FbhMnIzdmIA49LB8xVj46EzAeAAUDKCAdGiQ3VzY1FCpfIDVnJBIHBhQxPjNcLCMKNjU1CDM8KyEjHihcGDYvVzdnIzBdOjIlJyA5F1QMFwI4AlspFBEVI... Show response
rchamrevolu.xyz/VnJmZG03EAUJUjdPBEIYJB5bQV8QV1QiCWUdE1AMJBcCERxhQABKDjodEwALJB0IEEM4FxJBXxA0PDEjERYIISoaMQE1OT43Fy0GIjswCglzQCQ1Bhg2LTA4DDoeMkhkMCUTVWQzAQcHFycFJyMSMDcmP24cA1Q3DjE1LQITJx4gJz8VMDArB... Frame F440 3 KB
2 KB 588ms
219ms Document
text/html 13.225.229.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rchamrevolu.xyz/VnJmZG03EAUJUjdPBEIYJB5bQV8QV1QiCWUdE1AMJBcCERxhQABKDjodEwALJB0IEEM4FxJBXxA0PDEjERYIISoaMQE1OT43Fy0GIjswCglzQCQ1Bhg2LTA4DDoeMkhkMCUTVWQzAQcHFycFJyMSMDcmP24cA1Q3DjE1LQITJx4gJz8VMDArBB4sHCQCJS4AChcVIy8mHgEzJhUHFS0lDjI2JT0bAzM3IQs/ATwnGiEELQwJAyQRMhcBNyAlDg4oAyYKIQYvDAYRNAs+XQQaXjY3OCAhNSsABgIIIxU4VD5dBBU/KSEOMCUyKw8wP1Q/FDo+MhQOQzQ8Di9fBSMsBxkLKT8bJiINAi8nVikHMhwwJjVnKFc9XQQwMjcKIzMOEycMHDdVOxAWHC8FbhMnIzdmIA49LB8xVj46EzAeAAUDKCAdGiQ3VzY1FCpfIDVnJBIHBhQxPjNcLCMKNjU1CDM8KyEjHihcGDYvVzdnIzBdOjIlJyA5F1QMFwI4AlspFBEVIgEaYBUREg
Requested by: Host: d3ou4areduq72f.cloudfront.net
URL: https://d3ou4areduq72f.cloudfront.net/?rauod=934606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.229.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-229-72.jfk51.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: 7f275657b32be893af3c14a3625e6d5489c4c36cb4d8f562eb682044e32cc9d3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/

Response headers

content-type: text/html
content-length: 1232
date: Sun, 07 Nov 2021 15:36:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 7a9ee72a0b48ca2cabd7b6a48922db46.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
x-amz-cf-id: vpDxKnpAe187qStvMmmW7m2cpFA4Wz98KZ_N3AoYkXWnWSn0zpw31Q==

GET
H2 200 undefined
1-fo.net/v/ 3 KB
3 KB 222ms
222ms Image
text/html 2606:4700:3037::ac43:d6a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1-fo.net/v/undefined
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d6a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:51 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: text/html
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qYxvBLz8cHhtzdTULnl3NNEoi9yMjO9rgB1dlmj3RsVeuyyvPJwhF3t8AHwKijeAUvAU0sy4I0r8i1UGDM33oc6YwYAdApfsshhoL9mhSyf4nr20sVTAJbOi9%2F6QVEIhnNsVpdN3A%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6aa7a3b8ccd37144-YUL
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v16/ 19 KB
19 KB 747ms
245ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v16/XRXV3I6Li01BKofINeaB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito:wght@300;400;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06f3af3fe52542d40ad9bc14ec03e04deaabd09ec369221cc8f536db1c72bf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1-fo.net
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 23:31:15 GMT
x-content-type-options: nosniff
age: 144336
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18972
x-xss-protection: 0
last-modified: Wed, 25 Nov 2020 02:44:35 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 05 Nov 2022 23:31:15 GMT

GET
H2 200 data.json Show response
1-fo.net/ 2 MB
86 KB 236ms
235ms Fetch
application/json 2606:4700:3037::ac43:d6a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1-fo.net/data.json?tid=934606
Requested by: Host: 1-fo.net
URL: https://1-fo.net/static/js/main.01bfbe4e.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d6a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ad86b16c727492466c0f18ffc7ee2a75e024b9ad833e8252d6b23d5ec4d9f37

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:51 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: application/json
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vCJFPk2ybtawM%2FTSL%2FlJhCZ4V1OzyISkh6evcfLKqg4IoCqE5M0P%2BbtDLb8Qvxvt%2FQpFV25DRowSx%2FiCk9sJeh6UlhohjVbND%2B4inCgKNHI%2FhvIz5XbVyYjEz%2BUoUH85diHKaCTMlg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6aa7a3b8ed0b7144-YUL
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 data.json Show response
1-fo.net/ 2 MB
87 KB 233ms
233ms Fetch
application/json 2606:4700:3037::ac43:d6a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1-fo.net/data.json?tid=934606
Requested by: Host: 1-fo.net
URL: https://1-fo.net/static/js/main.01bfbe4e.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:d6a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ad86b16c727492466c0f18ffc7ee2a75e024b9ad833e8252d6b23d5ec4d9f37

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:51 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET, POST
content-type: application/json
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQBbCnQyq4%2FWtfICz9ipr9v3Vto96KbmZNQF%2BZ9vegm7kslAq%2Fqutx32ok437g7maOg857S1sNjaQ88y8bLWLDCcefqLaBXgkgf98f4dJl%2Bd%2Fn22IBw8F34DtHcTcj0kP9Ahl3%2Ff3g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6aa7a3b8ed0d7144-YUL
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 / Show response
freychang.fun/ 15 B
719 B 520ms
203ms Fetch
text/plain 2606:4700:3030::ac43:dadd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://freychang.fun/?f=42a5f2350406b5b34afe49ff517ecb3b
Requested by: Host: d3ou4areduq72f.cloudfront.net
URL: https://d3ou4areduq72f.cloudfront.net/?rauod=934606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:dadd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0500a7b4acb9f4385f99bf65c0d280b9de00cf08c8c12cfe59fd30bcec227a9

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:51 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://1-fo.net
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Kt4y7QTpHelRAiD%2FWMb1ZsS8W05KXcb2bDWnbYqBPrhyK%2FKbOUvLGhcSauclEFWQTpEeYuER69YmIkAGR0B22za3ffr44Sx4hqHgopJx1%2B07wsTpCNTdUbsHBQmUMYEbHybQrMoeR7crktk"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 6aa7a3bbcc287151-YUL
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK 56a7df3133 Show response
3313fd7a65d575eedefe43810da3efe25d3a8b905dcee8155eb19.s3.amazonaws.com/ 17 KB
18 KB 675ms
164ms XHR
binary/octet-stream 52.216.131.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://3313fd7a65d575eedefe43810da3efe25d3a8b905dcee8155eb19.s3.amazonaws.com/56a7df3133
Requested by: Host: 1-fo.net
URL: https://1-fo.net/ksdjgfks.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.131.51 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: b30408db6a2bddf0861ecee45b5b3776794030ace18eb6bbc0069f5fbe87da89

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 07 Nov 2021 15:36:53 GMT
x-amz-meta-pragma: no-cache
x-amz-request-id: 545AFERABE31N4C6
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Content-Length: 17348
x-amz-id-2: Y8xp76GReEBlLiZMCPt3pg2XwBrLHXjhE7O0BSgcbtcA8N6TSG0mW0mSm9v8I/pE4cAzrVRIgmA=
Last-Modified: Sun, 07 Nov 2021 15:15:03 GMT
Server: AmazonS3
ETag: "de668bd908cbe0a001482bb3b979875a"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: binary/octet-stream
Access-Control-Allow-Origin: https://1-fo.net
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes

GET
H2 200 -Uu-3BOAdSFahFadhFvJJ47e1z4yQDQ5x3uo-oLaMYQgcQiOyzc5c1MBY4uCEEbGPQ1fGyYo=w1060-fcrop64=1
yt3.ggpht.com/ 855 KB
856 KB 806ms
354ms Image
image/png 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/-Uu-3BOAdSFahFadhFvJJ47e1z4yQDQ5x3uo-oLaMYQgcQiOyzc5c1MBY4uCEEbGPQ1fGyYo=w1060-fcrop64=1

Requested by

Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

050692167922136ceb425f4c425cd7c008526cefcef2aca8e3fdfdc4a827cd28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 12:07:57 GMT
x-content-type-options: nosniff
age: 12535
content-disposition: inline;filename="channels4_banner.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875734
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 23 Oct 2021 22:50:18 GMT

GET
H2 200 AKedOLR-W-LXiVmhly9KOj98ybW2WTh9udn9CagtSOYGRQ=s240-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ 34 KB
35 KB 629ms
177ms Image
image/jpeg 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLR-W-LXiVmhly9KOj98ybW2WTh9udn9CagtSOYGRQ=s240-c-k-c0x00ffffff-no-rj

Requested by

Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c2a8063bfa8cdefaf69156200d1402e17285f31fdfb61169231523c4f5c4b087

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 12:07:57 GMT
x-content-type-options: nosniff
age: 12535
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34928
x-xss-protection: 0
server: fife
etag: "v25e"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 24 Oct 2021 00:27:04 GMT

GET
H2 200 XRXW3I6Li01BKofA6sKUYevI.woff2
fonts.gstatic.com/s/nunito/v16/ 19 KB
19 KB 343ms
342ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v16/XRXW3I6Li01BKofA6sKUYevI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito:wght@300;400;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8a2fc19b3c25b470b6b7a2cb69be14e22328bc0bf9adfe709f0b1477fc61525

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1-fo.net
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 11:36:57 GMT
x-content-type-options: nosniff
age: 187194
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19248
x-xss-protection: 0
last-modified: Wed, 25 Nov 2020 02:44:29 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 05 Nov 2022 11:36:57 GMT

GET
H2 200 XRXW3I6Li01BKofAnsSUYevI.woff2
fonts.gstatic.com/s/nunito/v16/ 18 KB
18 KB 412ms
411ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v16/XRXW3I6Li01BKofAnsSUYevI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito:wght@300;400;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

041f60a715023fb438203d995ce5cb286f2daf7ab2f52f356ae85671250ddd28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1-fo.net
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 06 Nov 2021 03:01:59 GMT
x-content-type-options: nosniff
age: 131692
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18764
x-xss-protection: 0
last-modified: Wed, 25 Nov 2020 02:44:26 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 06 Nov 2022 03:01:59 GMT

GET
H2 200 / Show response
equirekeither.xyz/ 189 B
851 B 695ms
381ms Fetch 2606:4700:3034::ac43:837d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://equirekeither.xyz/?tid=938968&params_only=1
Requested by: Host: 1-fo.net
URL: https://1-fo.net/static/js/main.01bfbe4e.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:837d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60802851c140f78ebc04ddf9584237e5579461585f2e03f016a809bead26f542

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Nov 2021 15:36:52 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HLyb0CXrfcZ3dniiTi%2BLvJbGssp85%2FFVZi69jMFCKEq%2B1bsJj8mtK7P44XxSJSNOl43bZuiw3S74jS%2FYX596mx1QfmLo5gIA8mTg8eaOUg6GmW47wey3GU7FfR%2F0bgqWwyMcqA8C1db630S%2FYM00xQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://1-fo.net
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
access-control-allow-credentials: true
cf-ray: 6aa7a3be78657148-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 174

GET
H2

200

MA3cLMEtEQ8 Show response
www.youtube.com/embed/ Frame 8713
Redirect Chain

https://youtube.com/embed/MA3cLMEtEQ8
https://www.youtube.com/embed/MA3cLMEtEQ8

60 KB
26 KB

618ms
225ms

Document
text/html

2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/MA3cLMEtEQ8

Requested by

Host: 1-fo.net
URL: https://1-fo.net/static/js/2.90f4e466.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e4256e00bb223f751b14d7c35dd2413199a65489b2595b447a0c89ec7ac7185e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 07 Nov 2021 15:36:53 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

content-type: application/binary
x-content-type-options: nosniff
expires: Sun, 07 Nov 2021 15:36:52 GMT
date: Sun, 07 Nov 2021 15:36:52 GMT
cache-control: private, max-age=31536000
location: https://www.youtube.com/embed/MA3cLMEtEQ8
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
server: ESF
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/MA3cLMEtEQ8/ 46 KB
47 KB 657ms
194ms Image
image/jpeg 2607:f8b0:4006:81d::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/MA3cLMEtEQ8/hqdefault.jpg

Requested by

Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14eb94dc2cb5fd8f9066a6c4ef42fcfa0d71c4e10e948800b1e0bcc89b95df8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 14:32:31 GMT
x-content-type-options: nosniff
age: 3861
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47196
x-xss-protection: 0
server: sffe
etag: "1633744080"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 07 Nov 2021 16:32:31 GMT

GET
H2 200 XRXW3I6Li01BKofAjsOUYevI.woff2
fonts.gstatic.com/s/nunito/v16/ 19 KB
19 KB 432ms
432ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v16/XRXW3I6Li01BKofAjsOUYevI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito:wght@300;400;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

622b2acb1b2c8d4eba45b028583b297a195b839f4684fc02d6906c84779f763d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://1-fo.net
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 05 Nov 2021 19:39:48 GMT
x-content-type-options: nosniff
age: 158224
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19088
x-xss-protection: 0
last-modified: Wed, 25 Nov 2020 02:44:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 05 Nov 2022 19:39:48 GMT

GET
H2 200 DGo9JTAEOzwrb18RZWR6SGVgYj0EOTQlPR5yYnokGXJientdeWBveS9yYno9BDlmfm9eFXV4ehVhZG-NvX2cxOjoBMicvKAY+JG94K2JjfWReYXV4ekU8OD4nAXJiCW9fZzwjIQhyYnotCDQ7JWNIZWApIh84PS9vXxFpf2RdeWR8eVV5ZX5vX2cjKywMJTlveCti... Show response
d3ou4areduq72f.cloudfront.net/MV1BKSm00PyQsUiM5LndUZGR8eltxOjklAydtLToAbgQyDzVkAg8GJwYkbD4XM216bAE2Pi13SzI+KXdccTEuKFBjdj46AjxtKDwcND47JgQyOWw/ Frame 92A0 775 B
825 B 263ms
262ms Script
text/plain 2600:9000:202c:a00:14:72de:11c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3ou4areduq72f.cloudfront.net/MV1BKSm00PyQsUiM5LndUZGR8eltxOjklAydtLToAbgQyDzVkAg8GJwYkbD4XM216bAE2Pi13SzI+KXdccTEuKFBjdj46AjxtKDwcND47JgQyOWw/DGo9JTAEOzwrb18RZWR6SGVgYj0EOTQlPR5yYnokGXJientdeWBveS9yYno9BDlmfm9eFXV4ehVhZG-NvX2cxOjoBMicvKAY+JG94K2JjfWReYXV4ekU8OD4nAXJiCW9fZzwjIQhyYnotCDQ7JWNIZWApIh84PS9vXxFpf2RdeWR8eVV5ZX5vX2cjKywMJTlveCtiY31kXmF2P3c
Requested by: Host: rchamrevolu.xyz
URL: https://rchamrevolu.xyz/T2xoU0MuDgs+fC5RCnU2PQBVdnEJSVoVJ3wDHWciPQkMJjJ4Xg59ICMDHTclPQMGJ20hCRx2cQkhPmIBBD8FY3MfFTkgFiYhXR8tKzkyFBF3CQQnOwAGAz8CNggcHxcgLQo0EjYoEgUoDgtQFAk4NQMxB3s0JWFyeQ4pFnEfBVlgEDUlTWEBBDQMMCAbKR0YBQ0GDDl3eS0CKzcEKB8wDQtYXxkkHhUnBDRqXi4XBCBVIgcCCiMSJDEtXVABGRg+XgAEGQsxOXMKIzwCLx8+XSoaIQMDFBsFBQ09NysJPxE1Kj9RKhohA1ERByMBDj56KiowBXcqBD47GQhBJiUbfQ8QHCkgLiU6IDknKQpmfS4iFHp7J1oZKSk7OjYaFzpcNigaVCcXdyEtMBkqDDtRNRk1GwIaEicVMT0sOy8sAnQFOyYaGRgtGBord1g4AHo5NBAVMyleOjcmGD5QNhUZWTILdjk0WjApBBUfHgkbAB42ADsFMWByJDQFFXEfXwt1KTwDBiN+KBwFahc3KTBgEQogIgI3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:202c:a00:14:72de:11c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 9c08d321be6e3cf2e8beecba8d561887ebb3452c5f21d78105c30e4e9442c5ac

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://rchamrevolu.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:52 GMT
content-encoding: gzip
x-amz-cf-pop: EWR52-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 549
via: 1.1 7969ab02c38bf363682fddd4258a6d30.cloudfront.net (CloudFront)
x-amz-cf-id: ABrrQ82Vy-Soaf1wEnuWYCVilntTlZ2o0F55pQPNT6ARomL3SGq9fA==

GET
H2 200 FZUNGdnEGLCgQThEqIktIVnd+QkNDKTUZHxV+Cw82AgcjAUcCNDBQBR8ne0ZXCSIoEUxDJigVTFRlJxITWHdgAgEKKHsUBxQgKAcdDCYvUAQEfisZCwwvKhdUVwVzWEFAcXZeBgwtIhkGFmZ0Rh8RZnRGQFVtdlNCJ2Z0RgYMLXBCVFYBY0RBHXVyX1RXcy-cGAQk... Show response
d3ou4areduq72f.cloudfront.net/ Frame F440 767 B
820 B 261ms
260ms Script
text/plain 2600:9000:202c:a00:14:72de:11c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3ou4areduq72f.cloudfront.net/FZUNGdnEGLCgQThEqIktIVnd+QkNDKTUZHxV+Cw82AgcjAUcCNDBQBR8ne0ZXCSIoEUxDJigVTFRlJxITWHdgAgEKKHsUBxQgKAcdDCYvUAQEfisZCwwvKhdUVwVzWEFAcXZeBgwtIhkGFmZ0Rh8RZnRGQFVtdlNCJ2Z0RgYMLXBCVFYBY0RBHXVyX1RXcy-cGAQkmMRMTDioyU0MjdnVBX1Z1Y0RBTSguAhwJZnQ1VFdzKh8aAGZ0RhYAIC0ZWEBxdhUZFywrE1RXBX9DX1VtckBCXW1zQlRXczUXFwQxL1NDI3Z1QV9WdWADTA
Requested by: Host: rchamrevolu.xyz
URL: https://rchamrevolu.xyz/VnJmZG03EAUJUjdPBEIYJB5bQV8QV1QiCWUdE1AMJBcCERxhQABKDjodEwALJB0IEEM4FxJBXxA0PDEjERYIISoaMQE1OT43Fy0GIjswCglzQCQ1Bhg2LTA4DDoeMkhkMCUTVWQzAQcHFycFJyMSMDcmP24cA1Q3DjE1LQITJx4gJz8VMDArBB4sHCQCJS4AChcVIy8mHgEzJhUHFS0lDjI2JT0bAzM3IQs/ATwnGiEELQwJAyQRMhcBNyAlDg4oAyYKIQYvDAYRNAs+XQQaXjY3OCAhNSsABgIIIxU4VD5dBBU/KSEOMCUyKw8wP1Q/FDo+MhQOQzQ8Di9fBSMsBxkLKT8bJiINAi8nVikHMhwwJjVnKFc9XQQwMjcKIzMOEycMHDdVOxAWHC8FbhMnIzdmIA49LB8xVj46EzAeAAUDKCAdGiQ3VzY1FCpfIDVnJBIHBhQxPjNcLCMKNjU1CDM8KyEjHihcGDYvVzdnIzBdOjIlJyA5F1QMFwI4AlspFBEVIgEaYBUREg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:202c:a00:14:72de:11c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f9d9c3dede597121d133394cb53e1e53266f317ece5160091ae376c0c1abdc91

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://rchamrevolu.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:52 GMT
content-encoding: gzip
x-amz-cf-pop: EWR52-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 544
via: 1.1 7969ab02c38bf363682fddd4258a6d30.cloudfront.net (CloudFront)
x-amz-cf-id: a_zncnLu4M6JM0MnY9ntmTctM5dK2WxEAfq57ihj0WvFgRKeajEfXA==

GET
H2 200 OZWtYenBaHzEeTVxYbExAUw%3D%3D Show response
dufai4b1ap33z.cloudfront.net/ 304 KB
97 KB 770ms
303ms Script
text/plain 2600:9000:210b:3e00:1f:315e:7fc0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dufai4b1ap33z.cloudfront.net/OZWtYenBaHzEeTVxYbExAUw%3D%3D
Requested by: Host: 1-fo.net
URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:210b:3e00:1f:315e:7fc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f32d3fca9659654b94adbf1a901df3b3996bc18774ab23fe9ee1180a2775f9f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Nov 2021 15:36:53 GMT
content-encoding: gzip
x-amz-cf-pop: EWR53-C3
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length: 99235
via: 1.1 eeb9901be16f95d3dbfe25d7cb1e1efe.cloudfront.net (CloudFront)
x-amz-cf-id: AynRwAHiQATZ4jcCg0GW6sNjv_3rJ7luVp7U0AcCMXvFT8o9UdiKWw==

GET
H2 200 www-player-webp.css
www.youtube.com/s/player/8eb5bf0c/ Frame 8713 334 KB
46 KB 172ms
171ms Stylesheet
text/css 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8eb5bf0c/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/MA3cLMEtEQ8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1252449fb32f8262c1457b85876d7b838639d01c9edd3b190d54652114fa226

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/MA3cLMEtEQ8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 15:52:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 344676
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46960
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 00:18:20 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Nov 2022 15:52:17 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8713 15 KB
15 KB 231ms
231ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/MA3cLMEtEQ8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 06 Nov 2021 01:39:10 GMT
x-content-type-options: nosniff
age: 136663
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 06 Nov 2022 01:39:10 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/8eb5bf0c/www-embed-player.vflset/ Frame 8713 209 KB
68 KB 190ms
189ms Script
text/javascript 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8eb5bf0c/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/MA3cLMEtEQ8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63e136362820cdab64e50bd4d13cdecdc0ac621b980ff4249211a5942c546476

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/MA3cLMEtEQ8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 15:52:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 344668
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69827
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 00:18:20 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Nov 2022 15:52:25 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/ Frame 8713 2 MB
514 KB 319ms
319ms Script
text/javascript 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/MA3cLMEtEQ8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce135edb1796a81f053fe02189c2ca7d55a63b734c78b779d2afd5d1c54fda0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/MA3cLMEtEQ8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 15:52:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 344676
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 526247
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 00:18:20 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Nov 2022 15:52:17 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/8eb5bf0c/fetch-polyfill.vflset/ Frame 8713 8 KB
3 KB 379ms
378ms Script
text/javascript 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8eb5bf0c/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/MA3cLMEtEQ8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/MA3cLMEtEQ8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 15:52:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 344668
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 00:18:20 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Nov 2022 15:52:25 GMT

GET
H2 204 utx Show response
rchamrevolu.xyz/ 0
410 B 284ms
284ms XHR
text/plain 13.225.229.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rchamrevolu.xyz/utx?cb=l2gCOE3INXLL&top=1-fo.net&tid=934606
Requested by: Host: dufai4b1ap33z.cloudfront.net
URL: https://dufai4b1ap33z.cloudfront.net/OZWtYenBaHzEeTVxYbExAUw%3D%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.229.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-229-72.jfk51.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Nov 2021 15:36:53 GMT
via: 1.1 7a9ee72a0b48ca2cabd7b6a48922db46.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://1-fo.net
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: in-C19PkS8YLAlo-k66Uxi6PS588DTqhz0Ht9hSUQ-5gDsT8488UIg==

GET
H2 204 utx Show response
rchamrevolu.xyz/ 0
413 B 290ms
290ms XHR
text/plain 13.225.229.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rchamrevolu.xyz/utx?cb=QyM0AYJf7N4S&top=1-fo.net&tid=934842
Requested by: Host: dufai4b1ap33z.cloudfront.net
URL: https://dufai4b1ap33z.cloudfront.net/OZWtYenBaHzEeTVxYbExAUw%3D%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.229.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-229-72.jfk51.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://1-fo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 Nov 2021 15:36:53 GMT
via: 1.1 7a9ee72a0b48ca2cabd7b6a48922db46.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://1-fo.net
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: qkNKzyYOCJ9VOJA_JuPhJkcSU7PvUJ3TNIYY04eydfIYNtLEAM0BBQ==

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 8713
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
243 B

247ms
245ms

XHR
application/json

2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/MA3cLMEtEQ8

Protocol

Server

2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53c612c531910219093caa39aba37174c257d34c58742af3004e1877710f647b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 07 Nov 2021 15:36:54 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 8713 29 B
588 B 804ms
244ms Script
text/javascript 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8eb5bf0c/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:25:28 GMT
x-content-type-options: nosniff
age: 686
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Nov 2021 15:40:28 GMT

GET
H2 200 remote.js Show response
www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/ Frame 8713 93 KB
29 KB 195ms
195ms Script
text/javascript 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

100f2cf55b2aeb3acb3f46a99a06beecdccb46e354fbaa41694f919c9bc118e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/MA3cLMEtEQ8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 15:52:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 344676
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29625
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 00:18:20 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Nov 2022 15:52:18 GMT

GET
H2 200 tiXXNuxdxc-ij2hLW6IAKEKLnbZBeDFSWop-V38wx5U.js Show response
www.google.com/js/th/ Frame 8713 35 KB
14 KB 592ms
184ms Script
text/javascript 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/tiXXNuxdxc-ij2hLW6IAKEKLnbZBeDFSWop-V38wx5U.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b625d736ec5dc5cfa28f684b5ba20028428b9db6417831525a8a7e577f30c795

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 14:36:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3623
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13367
x-xss-protection: 0
last-modified: Fri, 29 Oct 2021 13:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 07 Nov 2022 14:36:31 GMT

GET
H2 200 embed.js Show response
www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/ Frame 8713 24 KB
7 KB 194ms
194ms Script
text/javascript 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39a28538d292b5765e38c9d8198562d8c21e6c081a301f8637d2ce43deb8306b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/MA3cLMEtEQ8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 03 Nov 2021 15:52:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 344666
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7310
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 00:18:20 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Nov 2022 15:52:28 GMT

GET
DATA 200
OK truncated
/ Frame 8713 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLR-W-LXiVmhly9KOj98ybW2WTh9udn9CagtSOYGRQ=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 8713 5 KB
5 KB 171ms
170ms Image
image/jpeg 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLR-W-LXiVmhly9KOj98ybW2WTh9udn9CagtSOYGRQ=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/MA3cLMEtEQ8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

77e9b740e850a76197e778053194bcdc98961dc5fd405c3110fb30bcab754f14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:14:38 GMT
x-content-type-options: nosniff
age: 1336
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5217
x-xss-protection: 0
server: fife
etag: "v25e"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 23 Oct 2021 19:03:09 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/MA3cLMEtEQ8/ Frame 8713 46 KB
46 KB 225ms
224ms Image
image/webp 2607:f8b0:4006:81d::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/MA3cLMEtEQ8/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/MA3cLMEtEQ8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bcb47e23b75f783b1671213ef4d705039ace3380c9ed23e30e2b7ccd676d6cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47070
x-xss-protection: 0
server: sffe
etag: "1633744080"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 07 Nov 2021 17:36:54 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 8713 4 KB
3 KB 531ms
185ms Script
text/javascript 2607:f8b0:4006:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/8eb5bf0c/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 07 Nov 2021 15:36:54 GMT

GET
H2 204 generate_204
www.youtube.com/ Frame 8713 0
40 B 190ms
187ms Image
text/plain 2607:f8b0:4006:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?baZnwg
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/MA3cLMEtEQ8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/MA3cLMEtEQ8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 15:36:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/95/ Frame 8713 52 KB
15 KB 162ms
161ms Script
text/javascript 2607:f8b0:4006:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/95/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9ca9fbe90c932d2954e1c8cb18dea47e37035aea6157e8e10a97e70f09402fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 07 Nov 2021 02:54:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15249
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 23:31:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Mon, 08 Nov 2021 02:54:02 GMT

POST log_event
www.youtube.com/youtubei/v1/ Frame 8713 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d301cxwfymy227.cloudfront.net
URL: https://d301cxwfymy227.cloudfront.net/

Domain: www.youtube.com
URL: https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: SpG3ioxRvBw
			.youtube.com/	1970-01-20 02:50:51	Name: VISITOR_INFO1_LIVE Value: TPZgbc_91ig

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://1-fo.net/v/MA3cLMEtEQ8?m=a/3Uy Message: Access to fetch at 'https://d301cxwfymy227.cloudfront.net/' from origin 'https://1-fo.net' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://soap2day.ac' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://d301cxwfymy227.cloudfront.net/ Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1-fo.net
3313fd7a65d575eedefe43810da3efe25d3a8b905dcee8155eb19.s3.amazonaws.com
accounts.google.com
awsimiledarent.xyz
cdnjs.cloudflare.com
d301cxwfymy227.cloudfront.net
d3ou4areduq72f.cloudfront.net
dufai4b1ap33z.cloudfront.net
equirekeither.xyz
fonts.googleapis.com
fonts.gstatic.com
freychang.fun
googleads.g.doubleclick.net
i.ytimg.com
rchamrevolu.xyz
static.doubleclick.net
www.facebook.com
www.google.com
www.gstatic.com
www.youtube.com
youtube.com
yt3.ggpht.com
d301cxwfymy227.cloudfront.net
www.youtube.com
13.225.229.72
2600:9000:202c:a00:14:72de:11c0:21
2600:9000:210b:3e00:1f:315e:7fc0:21
2606:4700:3030::ac43:dadd
2606:4700:3034::6815:366d
2606:4700:3034::ac43:837d
2606:4700:3037::ac43:d6a9
2606:4700::6810:125e
2607:f8b0:4006:80a::2003
2607:f8b0:4006:80b::2002
2607:f8b0:4006:816::2004
2607:f8b0:4006:816::200a
2607:f8b0:4006:816::200d
2607:f8b0:4006:817::200e
2607:f8b0:4006:81c::200e
2607:f8b0:4006:81d::2016
2607:f8b0:4006:81e::2006
2607:f8b0:4006:823::2001
2607:f8b0:4006:823::2003
2a03:2880:f112:83:face:b00c:0:25de
52.216.131.51
041f60a715023fb438203d995ce5cb286f2daf7ab2f52f356ae85671250ddd28
050692167922136ceb425f4c425cd7c008526cefcef2aca8e3fdfdc4a827cd28
06f3af3fe52542d40ad9bc14ec03e04deaabd09ec369221cc8f536db1c72bf55
100f2cf55b2aeb3acb3f46a99a06beecdccb46e354fbaa41694f919c9bc118e5
14eb94dc2cb5fd8f9066a6c4ef42fcfa0d71c4e10e948800b1e0bcc89b95df8e
1d954b15641bc11114230f29bb75a5d1ea1b3ced70bf71461c50cd66fdee5293
2f32d3fca9659654b94adbf1a901df3b3996bc18774ab23fe9ee1180a2775f9f
39a28538d292b5765e38c9d8198562d8c21e6c081a301f8637d2ce43deb8306b
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
488beca9504bd3360bcfbd4043c644f0d2fe1fc76845977af884aefebdbaee8a
53c612c531910219093caa39aba37174c257d34c58742af3004e1877710f647b
5b3cf60125ba47f04f6bd44e93cbdaddac51dd8ccec1e903b8d9422c39b2ea25
5bcb47e23b75f783b1671213ef4d705039ace3380c9ed23e30e2b7ccd676d6cd
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
60802851c140f78ebc04ddf9584237e5579461585f2e03f016a809bead26f542
622b2acb1b2c8d4eba45b028583b297a195b839f4684fc02d6906c84779f763d
63e136362820cdab64e50bd4d13cdecdc0ac621b980ff4249211a5942c546476
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
77e9b740e850a76197e778053194bcdc98961dc5fd405c3110fb30bcab754f14
7ad86b16c727492466c0f18ffc7ee2a75e024b9ad833e8252d6b23d5ec4d9f37
7f275657b32be893af3c14a3625e6d5489c4c36cb4d8f562eb682044e32cc9d3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9c08d321be6e3cf2e8beecba8d561887ebb3452c5f21d78105c30e4e9442c5ac
a1252449fb32f8262c1457b85876d7b838639d01c9edd3b190d54652114fa226
a46c7331410d36531777358356fb4d81218fff0652d5f5d5892eaf40fda985c9
b1d85fa924f6e5be3f26e20b22aa79f091154520e14ecd060b47b12c66578d7e
b30408db6a2bddf0861ecee45b5b3776794030ace18eb6bbc0069f5fbe87da89
b625d736ec5dc5cfa28f684b5ba20028428b9db6417831525a8a7e577f30c795
c2a8063bfa8cdefaf69156200d1402e17285f31fdfb61169231523c4f5c4b087
c9ca9fbe90c932d2954e1c8cb18dea47e37035aea6157e8e10a97e70f09402fe
ce135edb1796a81f053fe02189c2ca7d55a63b734c78b779d2afd5d1c54fda0b
d0500a7b4acb9f4385f99bf65c0d280b9de00cf08c8c12cfe59fd30bcec227a9
d5a3f6b00046a6351e5c4b018b577ff44b53b1c3ac21b5c207e3c26a8d3bfca5
d8a2fc19b3c25b470b6b7a2cb69be14e22328bc0bf9adfe709f0b1477fc61525
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4256e00bb223f751b14d7c35dd2413199a65489b2595b447a0c89ec7ac7185e
e5e8a081c33e64578de89d2fe9f37aeca106246d4fbd2c0b9ba2f2520cd0edb5
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f20c07a06f9aa016398c19b4c11c5d55b8ce0ec4015f6f4aa3dd6a4c0f4fc101
f9d9c3dede597121d133394cb53e1e53266f317ece5160091ae376c0c1abdc91

1-fo.net Open in urlscan Pro 2606:4700:3037::ac43:d6a9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

52 Requests

94 %HTTPS

90 %IPv6

16 Domains

22 Subdomains

21 IPs

1 Countries

2291 kBTransfer

7937 kBSize

2 Cookies

9 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

1-fo.net Open in urlscan Pro
2606:4700:3037::ac43:d6a9 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

94 %
HTTPS

90 %
IPv6

16
Domains

22
Subdomains

21
IPs

1
Countries

2291 kB
Transfer

7937 kB
Size

2
Cookies

52 HTTP transactions
1 data transactions