www.18plusstream.net Open in urlscan Pro
2a05:d018:244:5200::ab Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://megan.page.link/DbXe
Effective URL:
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=...
Submission: On August 20 via manual (August 20th 2020, 4:35:17 am UTC) from CA

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 6 countries across 10 domains to perform 23 HTTP transactions. The main IP is 2a05:d018:244:5200::ab, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.18plusstream.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 18th 2020. Valid for: 3 months.

This is the only time www.18plusstream.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Porn Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
1 1	185.198.167.85 185.198.167.85	21100 (ITLDC-NL) (ITLDC-NL)
2 3	172.255.248.108 172.255.248.108	7979 (SERVERS-COM) (SERVERS-COM)
1 2	2a05:d018:244... 2a05:d018:244:5200::ab	16509 (AMAZON-02) (AMAZON-02)
11	95.100.101.24 95.100.101.24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::2008	15169 (GOOGLE) (GOOGLE)
1 4	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
23	9

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

megan.page.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.198.167.85 (Dronten, Netherlands) 1 redirects

ASN21100 (ITLDC-NL, UA)
PTR: matro21193.vds

marruf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.255.248.108 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

go.cm-trk3.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:244:5200::ab (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

onxgoa.datetofcuk.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.18plusstream.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 95.100.101.24 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a95-100-101-24.deploy.static.akamaitechnologies.com

cdn-bimi.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6b8::1:119 (Moscow, Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	akamaized.net cdn-bimi.akamaized.net	2 MB
4	yandex.ru 1 redirects mc.yandex.ru	97 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	83 KB
3	cm-trk3.com 2 redirects go.cm-trk3.com	2 KB
2	page.link 1 redirects megan.page.link	12 KB
1	googletagmanager.com www.googletagmanager.com	26 KB
1	googleapis.com fonts.googleapis.com	475 B
1	18plusstream.net www.18plusstream.net	3 KB
1	datetofcuk.net 1 redirects onxgoa.datetofcuk.net	935 B
1	marruf.com 1 redirects marruf.com	802 B
23	10

	Domain	Requested by
11	cdn-bimi.akamaized.net	www.18plusstream.net cdn-bimi.akamaized.net
4	mc.yandex.ru	1 redirects megan.page.link
3	go.cm-trk3.com	2 redirects www.gstatic.com
3	www.gstatic.com	megan.page.link www.gstatic.com
2	megan.page.link	1 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	www.googletagmanager.com	www.18plusstream.net
1	fonts.googleapis.com	cdn-bimi.akamaized.net
1	www.18plusstream.net	go.cm-trk3.com
1	onxgoa.datetofcuk.net	1 redirects
1	marruf.com	1 redirects
23	11

This site contains no links.

Subject Issuer	Validity	Valid
*.page.link GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
track.cpamatica.com Let's Encrypt Authority X3	`2020-07-06` - `2020-10-04`	3 months	crt.sh
*.18plusstream.net Let's Encrypt Authority X3	`2020-08-18` - `2020-11-16`	3 months	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2019-09-23` - `2020-09-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Frame ID: DAE5FF81046617DEA0E334BA7D971A3B
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://megan.page.link/DbXe Page URL
https://megan.page.link/DbXe?_imcp=1 HTTP 302
https://marruf.com/?ggS3s0X HTTP 302
https://go.cm-trk3.com/aff_f?h=rQXL8n&click_id=25bq6hoboil HTTP 302
https://go.cm-trk3.com/aff_c?aff_id=22919&offer_id=4177&url_id=0&click_id=25bq6hoboil HTTP 302
https://go.cm-trk3.com/rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3... Page URL
https://onxgoa.datetofcuk.net/c/da57dc555e50572d?s1=22014&s2=1120016&s3=22919&s5=&click_id=42_22919_4177_4... HTTP 302
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016... Page URL

Page Statistics

23
Requests

100 %
HTTPS

70 %
IPv6

10
Domains

11
Subdomains

9
IPs

6
Countries

1952 kB
Transfer

2616 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://megan.page.link/DbXe Page URL
https://megan.page.link/DbXe?_imcp=1 HTTP 302
https://marruf.com/?ggS3s0X HTTP 302
https://go.cm-trk3.com/aff_f?h=rQXL8n&click_id=25bq6hoboil HTTP 302
https://go.cm-trk3.com/aff_c?aff_id=22919&offer_id=4177&url_id=0&click_id=25bq6hoboil HTTP 302
https://go.cm-trk3.com/rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3D22014%26s2%3D1120016%26s3%3D22919%26s5%3D%26click_id%3D42_22919_4177_4863df032088526ef306f3773ebc224d%26j1%3D1%26j3%3D1 Page URL
https://onxgoa.datetofcuk.net/c/da57dc555e50572d?s1=22014&s2=1120016&s3=22919&s5=&click_id=42_22919_4177_4863df032088526ef306f3773ebc224d&j1=1&j3=1 HTTP 302
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://megan.page.link/DbXe?_imcp=1 HTTP 302
https://marruf.com/?ggS3s0X HTTP 302
https://go.cm-trk3.com/aff_f?h=rQXL8n&click_id=25bq6hoboil HTTP 302
https://go.cm-trk3.com/aff_c?aff_id=22919&offer_id=4177&url_id=0&click_id=25bq6hoboil HTTP 302
https://go.cm-trk3.com/rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3D22014%26s2%3D1120016%26s3%3D22919%26s5%3D%26click_id%3D42_22919_4177_4863df032088526ef306f3773ebc224d%26j1%3D1%26j3%3D1

Request Chain 20

https://mc.yandex.ru/watch/65937478?wmode=7&page-ref=https%3A%2F%2Fgo.cm-trk3.com%2Frd.html%3Fgo%3Dhttps%253A%252F%252Fonxgoa.datetofcuk.net%252Fc%252Fda57dc555e50572d%253Fs1%253D22014%2526s2%253D1120016%2526s3%253D22919%2526s5%253D%2526click_id%253D42_22919_4177_4863df032088526ef306f3773ebc224d%2526j1%253D1%2526j3%253D1&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dldlmy5f3dfd7231b67110331501%26s1%3D22014%26s2%3D1120016%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&charset=utf-8&browser-info=ti%3A10%3Ans%3A1597898098045%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200820063458%3Aet%3A1597898099%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1027848711498%3Arqn%3A1%3Arn%3A997048938%3Ahid%3A886423722%3Ads%3A1%2C60%2C55%2C1%2C183%2C0%2C0%2C229%2C4%2C%2C%2C%2C537%3Afp%3A598%3Awn%3A52208%3Ahl%3A2%3Agdpr%3A14%3Av%3A1916%3Awv%3A2%3Arqnl%3A1%3Ast%3A1597898099%3Au%3A1597898099192440306 HTTP 302
https://mc.yandex.ru/watch/65937478/1?wmode=7&page-ref=https%3A%2F%2Fgo.cm-trk3.com%2Frd.html%3Fgo%3Dhttps%253A%252F%252Fonxgoa.datetofcuk.net%252Fc%252Fda57dc555e50572d%253Fs1%253D22014%2526s2%253D1120016%2526s3%253D22919%2526s5%253D%2526click_id%253D42_22919_4177_4863df032088526ef306f3773ebc224d%2526j1%253D1%2526j3%253D1&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dldlmy5f3dfd7231b67110331501%26s1%3D22014%26s2%3D1120016%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&charset=utf-8&browser-info=ti%3A10%3Ans%3A1597898098045%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200820063458%3Aet%3A1597898099%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1027848711498%3Arqn%3A1%3Arn%3A997048938%3Ahid%3A886423722%3Ads%3A1%2C60%2C55%2C1%2C183%2C0%2C0%2C229%2C4%2C%2C%2C%2C537%3Afp%3A598%3Awn%3A52208%3Ahl%3A2%3Agdpr%3A14%3Av%3A1916%3Awv%3A2%3Arqnl%3A1%3Ast%3A1597898099%3Au%3A1597898099192440306

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 DbXe Show response
megan.page.link/ 35 KB
11 KB 80ms
35ms Document
text/html 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://megan.page.link/DbXe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

18e0e35692503d854769a020e8bad43b7102370cad37876608e12d36b2bbcb6b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Z+TLRTm6OM40zHJPocn+VQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' script-src 'nonce-Z+TLRTm6OM40zHJPocn+VQ' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

:method: GET
:authority: megan.page.link
:scheme: https
:path: /DbXe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 20 Aug 2020 04:34:57 GMT
content-security-policy: script-src 'report-sample' 'nonce-Z+TLRTm6OM40zHJPocn+VQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' script-src 'nonce-Z+TLRTm6OM40zHJPocn+VQ' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/am=BA/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/ct=zgms/rs=ADpVLP4LrfPkpjoGSAiymb4OWHUmevip3Q/ 142 KB
50 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/am=BA/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/ct=zgms/rs=ADpVLP4LrfPkpjoGSAiymb4OWHUmevip3Q/m=_b,_tp

Requested by

Host: megan.page.link
URL: https://megan.page.link/DbXe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56011ffe063ec0272926bd3dd25c8a45cb4b88cc676e0418ac85e111dd359035

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://megan.page.link/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 18 Aug 2020 15:58:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 131816
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51258
x-xss-protection: 0
last-modified: Mon, 17 Aug 2020 23:36:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Aug 2021 15:58:01 GMT

GET
H/2+Q/46 200 m=wmwg8b Show response
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/ck=boq-devplatform.DurableDeepLinkUi.SLbU4VKkW_w.L.B1.O/am=BA/d=1/exm=_b,_tp/excm=_b,_tp,viewd... 34 KB
12 KB 29ms
14ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/ck=boq-devplatform.DurableDeepLinkUi.SLbU4VKkW_w.L.B1.O/am=BA/d=1/exm=_b,_tp/excm=_b,_tp,viewddl/ed=1/wt=2/ct=zgms/rs=ADpVLP52bkguKtfJ6pD-JeC_GBAgbRbwQA/m=wmwg8b

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/am=BA/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/ct=zgms/rs=ADpVLP4LrfPkpjoGSAiymb4OWHUmevip3Q/m=_b,_tp

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6960267ddc2f2fe78d666b70c2a3663c11b0dc49150af387c75e691b410f8568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://megan.page.link/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 18 Aug 2020 17:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127314
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12727
x-xss-protection: 0
last-modified: Mon, 17 Aug 2020 21:32:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Aug 2021 17:13:03 GMT

GET
H/2+Q/46 200 m=KjEEgd Show response
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/ck=boq-devplatform.DurableDeepLinkUi.SLbU4VKkW_w.L.B1.O/am=BA/d=1/exm=_b,_tp,wmwg8b/excm=_b,_t... 18 KB
7 KB 26ms
13ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/ck=boq-devplatform.DurableDeepLinkUi.SLbU4VKkW_w.L.B1.O/am=BA/d=1/exm=_b,_tp,wmwg8b/excm=_b,_tp,viewddl/ed=1/wt=2/ct=zgms/rs=ADpVLP52bkguKtfJ6pD-JeC_GBAgbRbwQA/m=KjEEgd

Requested by

Protocol

HTTP/2+QUIC/46

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd2b68f6a627ec5e152dcb2a02301220333b82231d0126fa1eb8630c9483f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://megan.page.link/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 18 Aug 2020 17:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127314
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6349
x-xss-protection: 0
last-modified: Mon, 17 Aug 2020 21:32:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Aug 2021 17:13:03 GMT

GET
H/1.1

200
OK

rd.html
go.cm-trk3.com/
Redirect Chain

https://megan.page.link/DbXe?_imcp=1
https://marruf.com/?ggS3s0X
https://go.cm-trk3.com/aff_f?h=rQXL8n&click_id=25bq6hoboil
https://go.cm-trk3.com/aff_c?aff_id=22919&offer_id=4177&url_id=0&click_id=25bq6hoboil
https://go.cm-trk3.com/rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3D22014%26s2%3D1120016%26s3%3D22919%26s5%3D%26click_id%3D42_22919_4177_4863df032088526ef306f3773ebc...

329 B
566 B

20ms
19ms

Document
text/html

172.255.248.108
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://go.cm-trk3.com/rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3D22014%26s2%3D1120016%26s3%3D22919%26s5%3D%26click_id%3D42_22919_4177_4863df032088526ef306f3773ebc224d%26j1%3D1%26j3%3D1
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/am=BA/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/ct=zgms/rs=ADpVLP4LrfPkpjoGSAiymb4OWHUmevip3Q/m=_b,_tp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.255.248.108 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Host: go.cm-trk3.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://megan.page.link/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 4177=42_22919_4177_4863df032088526ef306f3773ebc224d; op_4177=0; user_id=c25700d4-a7df-43c0-8701-3eb785b5de3a_d6ea8f41a467158732c54c8929cb9e3e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://megan.page.link/DbXe

Response headers

Server: nginx
Date: Thu, 20 Aug 2020 04:34:58 GMT
Content-Type: text/html
Last-Modified: Thu, 17 Oct 2019 13:08:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5da867b7-149"
Cache-Control: no-store, no-cache
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Thu, 20 Aug 2020 04:34:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 438
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT 4177=42_22919_4177_4863df032088526ef306f3773ebc224d; Domain=go.cm-trk3.com; Path=/; Expires=Sat, 19 Sep 2020 04:34:58 GMT op_4177=0; Domain=go.cm-trk3.com; Path=/; Expires=Sat, 19 Sep 2020 04:34:58 GMT user_id=c25700d4-a7df-43c0-8701-3eb785b5de3a_d6ea8f41a467158732c54c8929cb9e3e; Domain=go.cm-trk3.com; Path=/; Expires=Tue, 19 Aug 2025 04:34:58 GMT
Location: /rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3D22014%26s2%3D1120016%26s3%3D22919%26s5%3D%26click_id%3D42_22919_4177_4863df032088526ef306f3773ebc224d%26j1%3D1%26j3%3D1
Vary: Accept
Cache-Control: no-store, no-cache

GET
H2

200

Primary Request 4c8a669b83e6c2d3 Show response
www.18plusstream.net/c/
Redirect Chain

https://onxgoa.datetofcuk.net/c/da57dc555e50572d?s1=22014&s2=1120016&s3=22919&s5=&click_id=42_22919_4177_4863df032088526ef306f3773ebc224d&j1=1&j3=1
https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=

9 KB
3 KB

117ms
55ms

Document
text/html

2a05:d018:244:5200::ab
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Requested by: Host: go.cm-trk3.com
URL: https://go.cm-trk3.com/rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3D22014%26s2%3D1120016%26s3%3D22919%26s5%3D%26click_id%3D42_22919_4177_4863df032088526ef306f3773ebc224d%26j1%3D1%26j3%3D1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:244:5200::ab Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a4f3ee80dfa676f369f6bbb41caaa3139b2fda9191e904e5996b149f5153fd81

Request headers

:method: GET
:authority: www.18plusstream.net
:scheme: https
:path: /c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://go.cm-trk3.com/rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3D22014%26s2%3D1120016%26s3%3D22919%26s5%3D%26click_id%3D42_22919_4177_4863df032088526ef306f3773ebc224d%26j1%3D1%26j3%3D1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://go.cm-trk3.com/rd.html?go=https%3A%2F%2Fonxgoa.datetofcuk.net%2Fc%2Fda57dc555e50572d%3Fs1%3D22014%26s2%3D1120016%26s3%3D22919%26s5%3D%26click_id%3D42_22919_4177_4863df032088526ef306f3773ebc224d%26j1%3D1%26j3%3D1

Response headers

status: 200
server: nginx
date: Thu, 20 Aug 2020 04:34:58 GMT
content-type: text/html; charset=UTF-8
set-cookie: unique_3122229=unique_3122229; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly unique_3122229=unique_3122229; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=411736_22014_1120016; expires=Sat, 19-Sep-2020 04:34:58 GMT; Max-Age=2592000; path=/; HttpOnly unique_3122229=unique_3122229; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=411736_22014_1120016; expires=Sat, 19-Sep-2020 04:34:58 GMT; Max-Age=2592000; path=/; HttpOnly
content-encoding: gzip

Redirect headers

status: 302 302 Found
server: nginx
date: Thu, 20 Aug 2020 04:34:58 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
set-cookie: unique_3153771=unique_3153771; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly unique_3153771=unique_3153771; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=49415_22014_1120016; expires=Sat, 19-Sep-2020 04:34:58 GMT; Max-Age=2592000; path=/; HttpOnly unique_3153771=unique_3153771; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ed2298bac537218526104; expires=Fri, 21-Aug-2020 04:34:58 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=49415_22014_1120016; expires=Sat, 19-Sep-2020 04:34:58 GMT; Max-Age=2592000; path=/; HttpOnly tid=ldlmy5f3dfd7231b67110331501; path=/; HttpOnly

GET
H/1.1 200
OK main.css
cdn-bimi.akamaized.net/landings/194623/1595422478/css/ 17 KB
3 KB 158ms
41ms Stylesheet
text/css 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Requested by: Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 954e12847f46ed105bd1d56cff510d55a82cb14024bcbc629734650d8b57288a

Request headers

Referer: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 22 Jul 2020 12:54:41 GMT
Server: AmazonS3
x-amz-request-id: EM9H8YDT4R0NCTEG
ETag: "89e6bf4845f2b95fcbdbe1247b107675"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2968
x-amz-id-2: o+z01OTwzo2Seo80hGd32k01OC+7c95+pKShV8GlBwybaQONy2mewyz5R6fy76D5PLmbgoBZ8/4=

GET
H/1.1 200
OK script.min.js Show response
cdn-bimi.akamaized.net/landings/194623/1595422478/js/ 252 KB
75 KB 181ms
64ms Script
text/javascript 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/js/script.min.js?1595422478
Requested by: Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 322d600431f53fb186989dad7e4ed1365b0d3012a808cd114390855a0dce16a6

Request headers

Referer: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 22 Jul 2020 12:54:41 GMT
Server: AmazonS3
x-amz-request-id: 5A2DE4D005C11D40
ETag: "28c2e529f18ba1afa7f17dc8776448d0"
Vary: Accept-Encoding
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
x-amz-id-2: fZU2cakaA1Ac9knyuXTfTiYc+UCcZZ82mugH1FZGSMziXD69uWYpG2IqyOKD3ej9CAgsV3fBjjc=

GET
H/1.1 200
OK function.js Show response
cdn-bimi.akamaized.net/landings/194623/1595422478/js/ 768 B
1 KB 156ms
40ms Script
text/javascript 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/js/function.js?1595422478
Requested by: Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: c4e62e899d387cd5be4770f35d30a90a4a0b7690e5a70fe510d61192a55df2fb

Request headers

Referer: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Last-Modified: Wed, 22 Jul 2020 12:54:41 GMT
Server: AmazonS3
x-amz-request-id: 0B9D2BA316531F85
ETag: "26b0713adea8f1ba936e44ca1dde0b9c"
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 768
x-amz-id-2: 8aVdmra36rM1EetfJjcD3N4E2Ua5ba5v8ZiAqxzSK8xXNklFbNXtdhTP/a5LoZ/m0xWLlHsvIH0=

GET
H/1.1 200
OK translate.js Show response
cdn-bimi.akamaized.net/landings/194623/1595422478/js/ 20 KB
9 KB 157ms
41ms Script
text/javascript 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/js/translate.js?1595422478
Requested by: Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0aa575ab7a50d63721a0bdc438eb3b4e627e372256c9e7007ae2523f02d191e3

Request headers

Referer: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 22 Jul 2020 12:54:41 GMT
Server: AmazonS3
x-amz-request-id: 44F2D0424DD439C3
ETag: "cf2d0554e35d77b3b6c00a8d6e2ec90f"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9148
x-amz-id-2: MEj+nHFpcH5Rxz616LEdgw34pC2Su55uJhJ3lZHaJeo6lY19FqfMXNIaa/TLbC69Uht66sMyG6U=

GET
H2 200 css
fonts.googleapis.com/ 767 B
475 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&subset=latin-ext

Requested by

Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b4723b5b14abe7a2062b65bf79b4d5d1e575e786a439e61ff95a38e7e9e140e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Aug 2020 04:31:16 GMT
server: ESF
date: Thu, 20 Aug 2020 04:34:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Aug 2020 04:34:58 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 67 KB
26 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PPJGZHL

Requested by

Host: www.18plusstream.net
URL: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

13888d461889156b3256da7c850fb6e999cbb0db89078b25dd86fef1d0fe5692

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 04:34:58 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26758
x-xss-protection: 0
last-modified: Thu, 20 Aug 2020 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 20 Aug 2020 04:34:58 GMT

GET
H/1.1 200
OK no.png
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 3 KB
3 KB 43ms
39ms Image
image/png 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/no.png
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Last-Modified: Wed, 22 Jul 2020 12:54:40 GMT
Server: AmazonS3
x-amz-request-id: 8963C319EBABE75C
ETag: "e51438397f6333f22081857d4236efca"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3134
x-amz-id-2: NNRyJEAv/ona8PN8vmN+UMJoLe6VHqDJdWuLdlcfuPXnisHb4Me2k7350BkoXwAOTrcva1VZ03M=

GET
H/1.1 200
OK yes.png
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 3 KB
4 KB 43ms
40ms Image
image/png 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/yes.png
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Last-Modified: Wed, 22 Jul 2020 12:54:40 GMT
Server: AmazonS3
x-amz-request-id: A9441142044936B5
ETag: "3d0dab8337c085af1541ee5b7d63b53b"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3480
x-amz-id-2: DPQF0HlOP6mW+S+Tri7g7Zdl1pueL1KTZFUjzxn3M/1IHf+SrWi0fFDmsvNhiIh8UNiJHQfbnhU=

GET
H/1.1 200
OK 1.jpg
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 324 KB
324 KB 46ms
43ms Image
image/jpeg 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/1.jpg
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2fe7cbf09c6957a5c0c5f6a9a52bd1e61b3aead25847c722f868cac98e90ec14

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Last-Modified: Wed, 22 Jul 2020 12:54:40 GMT
Server: AmazonS3
x-amz-request-id: 950203A2594C7280
ETag: "a5e3d2d66bb3df71a19fe51d020c4c79"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 331464
x-amz-id-2: Nfyj7p31db49SSwevgt4DEs05iuVqGALul5Swmw4S+AxePf/eUkz1g6JGyRAX+AKFBt2ZqTFDaI=

GET
H/1.1 200
OK pattern.png
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 3 KB
3 KB 43ms
40ms Image
image/png 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/pattern.png
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Last-Modified: Wed, 22 Jul 2020 12:54:40 GMT
Server: AmazonS3
x-amz-request-id: 2A2FD9F803B0D261
ETag: "f06b5903c3ed5ef39db9b98b60deba70"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2801
x-amz-id-2: NbAvPpCCBgKpPhBYAbTzo9AjZnGFmn3AldjGvcCZYs7C68pkUf8i9BtLHi2KufFiWhimT/VFmjw=

GET
H/1.1 200
OK 2.jpg
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 489 KB
490 KB 86ms
42ms Image
image/jpeg 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/2.jpg
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9b5daf91bc0b4b1f63ec35edce8c797ee41fa07dd3619b46177f5ae9ef10d5ef

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Last-Modified: Wed, 22 Jul 2020 12:54:41 GMT
Server: AmazonS3
x-amz-request-id: 38B9926134E05D30
ETag: "a0e8cb9f3384d53d3dd7321a5f6c3edf"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 501082
x-amz-id-2: GlDvkXvpFjH+xc0oLNLnXf5jhTvKpd6GJgWpqbWxgUGVRj7kRVzxWTCo9snf+sEXUIvu6wUnv7w=

GET
H/1.1 200
OK 3.jpg
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 355 KB
356 KB 88ms
44ms Image
image/jpeg 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/3.jpg
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: bc6998d9501b76f353c2984a0a30bac78f7e2a543848796e738b9b82e3396bc0

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Last-Modified: Wed, 22 Jul 2020 12:54:41 GMT
Server: AmazonS3
x-amz-request-id: 6E4276B961D11AAD
ETag: "ac4d35b2de308f28ec0918b978ed47a4"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 363681
x-amz-id-2: GrIK9NTVt8rv+cpWSN9NpQZS7s32kyiS2Dh0CMcFt0VQVMIAFL0SAz+99spPDe41DWgnHkhFIXQ=

GET
H/1.1 200
OK 4.jpg
cdn-bimi.akamaized.net/landings/194623/1595422478/images/ 464 KB
465 KB 45ms
45ms Image
image/jpeg 95.100.101.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/images/4.jpg
Requested by: Host: cdn-bimi.akamaized.net
URL: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.100.101.24 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a95-100-101-24.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 66ef250a284f56f2ffe6fb74c4cf8009626266279d9d1d87f046d0eee0d53a42

Request headers

Referer: https://cdn-bimi.akamaized.net/landings/194623/1595422478/css/main.css?1595422478
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Last-Modified: Wed, 22 Jul 2020 12:54:41 GMT
Server: AmazonS3
x-amz-request-id: 2588AA990F2F72AC
ETag: "d90faf35ca8d01c48bd475f45859f821"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 475311
x-amz-id-2: DAfQiHmxmgFHTB7a4HRtD65Gni66+Uhr2IRG5zYtMGkUaA3jZScghoryUZ8RgxgZDjVAgkIxIGc=

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&subset=latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.18plusstream.net
Referer: https://fonts.googleapis.com/css?family=Lato&subset=latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 20:57:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:55 GMT
server: sffe
age: 632246
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14044
x-xss-protection: 0
expires: Thu, 12 Aug 2021 20:57:32 GMT

GET
H/1.1 200
OK tag.js Show response
mc.yandex.ru/metrika/ 365 KB
93 KB 174ms
85ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: megan.page.link
URL: https://megan.page.link/DbXe

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

b69418f0a804f48b7bac08bc2c6cb54de2921e382c0d280dda2c616dec3dbde5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:58 GMT
Content-Encoding: br
Last-Modified: Tue, 18 Aug 2020 11:06:25 GMT
Server: nginx/1.14.2
ETag: "5f27cdbf-1743e"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Content-Length: 95294
Expires: Thu, 20 Aug 2020 05:34:58 GMT

GET
H/1.1

200
OK

1 Show response
mc.yandex.ru/watch/65937478/
Redirect Chain

https://mc.yandex.ru/watch/65937478?wmode=7&page-ref=https%3A%2F%2Fgo.cm-trk3.com%2Frd.html%3Fgo%3Dhttps%253A%252F%252Fonxgoa.datetofcuk.net%252Fc%252Fda57dc555e50572d%253Fs1%253D22014%2526s2%253D1...
https://mc.yandex.ru/watch/65937478/1?wmode=7&page-ref=https%3A%2F%2Fgo.cm-trk3.com%2Frd.html%3Fgo%3Dhttps%253A%252F%252Fonxgoa.datetofcuk.net%252Fc%252Fda57dc555e50572d%253Fs1%253D22014%2526s2%253...

167 B
723 B

87ms
43ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/65937478/1?wmode=7&page-ref=https%3A%2F%2Fgo.cm-trk3.com%2Frd.html%3Fgo%3Dhttps%253A%252F%252Fonxgoa.datetofcuk.net%252Fc%252Fda57dc555e50572d%253Fs1%253D22014%2526s2%253D1120016%2526s3%253D22919%2526s5%253D%2526click_id%253D42_22919_4177_4863df032088526ef306f3773ebc224d%2526j1%253D1%2526j3%253D1&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dldlmy5f3dfd7231b67110331501%26s1%3D22014%26s2%3D1120016%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&charset=utf-8&browser-info=ti%3A10%3Ans%3A1597898098045%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200820063458%3Aet%3A1597898099%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1027848711498%3Arqn%3A1%3Arn%3A997048938%3Ahid%3A886423722%3Ads%3A1%2C60%2C55%2C1%2C183%2C0%2C0%2C229%2C4%2C%2C%2C%2C537%3Afp%3A598%3Awn%3A52208%3Ahl%3A2%3Agdpr%3A14%3Av%3A1916%3Awv%3A2%3Arqnl%3A1%3Ast%3A1597898099%3Au%3A1597898099192440306

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

85c9cb6588d8d8f3e8c30242deb6ef1e591bbf8f91e3b4cf6fb2d2d32b0404b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 Aug 2020 04:34:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20-Aug-2020 04:34:59 GMT
Server: nginx/1.14.2
Strict-Transport-Security: max-age=31536000
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.18plusstream.net
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 167
X-XSS-Protection: 1; mode=block
Expires: Thu, 20-Aug-2020 04:34:59 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 20 Aug 2020 04:34:59 GMT
Last-Modified: Thu, 20-Aug-2020 04:34:59 GMT
Server: nginx/1.14.2
Access-Control-Allow-Origin: https://www.18plusstream.net
Strict-Transport-Security: max-age=31536000
Location: /watch/65937478/1?wmode=7&page-ref=https%3A%2F%2Fgo.cm-trk3.com%2Frd.html%3Fgo%3Dhttps%253A%252F%252Fonxgoa.datetofcuk.net%252Fc%252Fda57dc555e50572d%253Fs1%253D22014%2526s2%253D1120016%2526s3%253D22919%2526s5%253D%2526click_id%253D42_22919_4177_4863df032088526ef306f3773ebc224d%2526j1%253D1%2526j3%253D1&page-url=https%3A%2F%2Fwww.18plusstream.net%2Fc%2F4c8a669b83e6c2d3%3F%26click_id%3Dldlmy5f3dfd7231b67110331501%26s1%3D22014%26s2%3D1120016%26s3%3Dbackuser%26s5%3D%26lp%3DMJ%26j1%3D1%26j2%3D%26j3%3D1%26j4%3D%26j5%3D%26j6%3D&charset=utf-8&browser-info=ti%3A10%3Ans%3A1597898098045%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A120%3Ai%3A20200820063458%3Aet%3A1597898099%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1027848711498%3Arqn%3A1%3Arn%3A997048938%3Ahid%3A886423722%3Ads%3A1%2C60%2C55%2C1%2C183%2C0%2C0%2C229%2C4%2C%2C%2C%2C537%3Afp%3A598%3Awn%3A52208%3Ahl%3A2%3Agdpr%3A14%3Av%3A1916%3Awv%3A2%3Arqnl%3A1%3Ast%3A1597898099%3Au%3A1597898099192440306
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Thu, 20-Aug-2020 04:34:59 GMT

GET
H/1.1 200
OK advert.gif
mc.yandex.ru/metrika/ 43 B
425 B 84ms
43ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.18plusstream.net/c/4c8a669b83e6c2d3?&click_id=ldlmy5f3dfd7231b67110331501&s1=22014&s2=1120016&s3=backuser&s5=&lp=MJ&j1=1&j2=&j3=1&j4=&j5=&j6=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 20 Aug 2020 04:34:59 GMT
Last-Modified: Mon, 06 Jul 2020 15:32:05 GMT
Server: nginx/1.14.2
ETag: "5f0343f5-2b"
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Thu, 20 Aug 2020 05:34:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Porn Scam (Online)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.18plusstream.net/	1970-01-19 20:37:14	Name: _ym_uid Value: 1597898099192440306
www.18plusstream.net/	1970-01-19 11:53:04	Name: unique_id Value: 5ed2298bac537218526104
.18plusstream.net/	1970-01-19 20:37:14	Name: _ym_d Value: 1597898099
www.18plusstream.net/	1970-01-19 12:34:50	Name: scriptHash Value: 411736_22014_1120016
www.18plusstream.net/	1970-01-19 11:53:04	Name: unique_3122229 Value: unique_3122229

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/am=BA/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/ct=zgms/rs=ADpVLP4LrfPkpjoGSAiymb4OWHUmevip3Q/m=_b,_tp(Line 406) Message: %c%s color: red; background: yellow; font-size: 24px; WARNING!
console-api	log	URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.tBqYhZ_z9NQ.es5.O/am=BA/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/ct=zgms/rs=ADpVLP4LrfPkpjoGSAiymb4OWHUmevip3Q/m=_b,_tp(Line 406) Message: %c%s font-size: 18px; Using this console may allow attackers to impersonate you and steal your information using an attack called Self-XSS. Do not enter or paste code that you do not understand.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Z+TLRTm6OM40zHJPocn+VQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' script-src 'nonce-Z+TLRTm6OM40zHJPocn+VQ' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-bimi.akamaized.net
fonts.googleapis.com
fonts.gstatic.com
go.cm-trk3.com
marruf.com
mc.yandex.ru
megan.page.link
onxgoa.datetofcuk.net
www.18plusstream.net
www.googletagmanager.com
www.gstatic.com
172.255.248.108
185.198.167.85
2a00:1450:4001:806::200a
2a00:1450:4001:817::200e
2a00:1450:4001:81c::2003
2a00:1450:4001:81d::2003
2a00:1450:4001:820::2008
2a02:6b8::1:119
2a05:d018:244:5200::ab
95.100.101.24
0aa575ab7a50d63721a0bdc438eb3b4e627e372256c9e7007ae2523f02d191e3
13888d461889156b3256da7c850fb6e999cbb0db89078b25dd86fef1d0fe5692
18e0e35692503d854769a020e8bad43b7102370cad37876608e12d36b2bbcb6b
2fe7cbf09c6957a5c0c5f6a9a52bd1e61b3aead25847c722f868cac98e90ec14
322d600431f53fb186989dad7e4ed1365b0d3012a808cd114390855a0dce16a6
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
56011ffe063ec0272926bd3dd25c8a45cb4b88cc676e0418ac85e111dd359035
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
66ef250a284f56f2ffe6fb74c4cf8009626266279d9d1d87f046d0eee0d53a42
6960267ddc2f2fe78d666b70c2a3663c11b0dc49150af387c75e691b410f8568
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
85c9cb6588d8d8f3e8c30242deb6ef1e591bbf8f91e3b4cf6fb2d2d32b0404b8
954e12847f46ed105bd1d56cff510d55a82cb14024bcbc629734650d8b57288a
9b5daf91bc0b4b1f63ec35edce8c797ee41fa07dd3619b46177f5ae9ef10d5ef
a4f3ee80dfa676f369f6bbb41caaa3139b2fda9191e904e5996b149f5153fd81
b4723b5b14abe7a2062b65bf79b4d5d1e575e786a439e61ff95a38e7e9e140e9
b69418f0a804f48b7bac08bc2c6cb54de2921e382c0d280dda2c616dec3dbde5
bc6998d9501b76f353c2984a0a30bac78f7e2a543848796e738b9b82e3396bc0
c4e62e899d387cd5be4770f35d30a90a4a0b7690e5a70fe510d61192a55df2fb
cd2b68f6a627ec5e152dcb2a02301220333b82231d0126fa1eb8630c9483f650
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1

www.18plusstream.net Open in urlscan Pro 2a05:d018:244:5200::ab Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

23 Requests

100 %HTTPS

70 %IPv6

10 Domains

11 Subdomains

9 IPs

6 Countries

1952 kBTransfer

2616 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

5 Cookies

2 Console Messages

Security Headers

Indicators

www.18plusstream.net Open in urlscan Pro
2a05:d018:244:5200::ab Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

70 %
IPv6

10
Domains

11
Subdomains

9
IPs

6
Countries

1952 kB
Transfer

2616 kB
Size

5
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!