urlscan.io logo urlscan.io
SecurityTrails logo

dirtyvalentine1.com Open in urlscan Pro
2606:4700:3034::681b:a246  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/I2aK082Kez
Effective URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Submission: On April 25 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 5 countries across 13 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3034::681b:a246, located in United States and belongs to CLOUDFLARENET, US. The main domain is dirtyvalentine1.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 25th 2020. Valid for: 7 months.
This is the only time dirtyvalentine1.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.5 13414 (TWITTER)
1 3 2a05:d018:244... 16509 (AMAZON-02)
1 3 198.143.165.221 32475 (SINGLEHOP...)
1 1 212.32.250.31 60781 (LEASEWEB-...)
2 88.208.60.53 39572 (ADVANCEDH...)
1 2a02:b4a:1:7:... 39572 (ADVANCEDH...)
1 1 138.68.123.185 14061 (DIGITALOC...)
1 1 35.159.5.116 16509 (AMAZON-02)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
6 138.68.173.214 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
18 9
1    104.244.42.5 (United States)

ASN13414 (TWITTER, US)
t.co
3    2a05:d018:244:5200::ab (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
klm.tmediatower.com
go.vultow.icu
3    198.143.165.221 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
go.fastlanes.info
1    212.32.250.31 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
rdtrck2.com
2    88.208.60.53 (Heemstede, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
rpket.pro
1    2a02:b4a:1:7::9167:1 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
nativesp.pro
1    138.68.123.185 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
alktr.com
1    35.159.5.116 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-159-5-116.eu-central-1.compute.amazonaws.com
eardepth-prisists.com
2    2606:4700:3034::681b:a246 (United States)

ASN13335 (CLOUDFLARENET, US)
dirtyvalentine1.com
1    2a00:1450:4001:825::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
6    138.68.173.214 (London, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)
cadaner.com
1    2a00:1450:4001:815::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
6 cadaner.com dirtyvalentine1.com
3 go.fastlanes.info 1 redirects go.vultow.icu
go.fastlanes.info
2 dirtyvalentine1.com rpket.pro
dirtyvalentine1.com
2 rpket.pro go.fastlanes.info
rpket.pro
2 go.vultow.icu t.co
go.vultow.icu
1 fonts.gstatic.com dirtyvalentine1.com
1 fonts.googleapis.com dirtyvalentine1.com
1 eardepth-prisists.com 1 redirects
1 alktr.com 1 redirects
1 nativesp.pro rpket.pro
1 rdtrck2.com 1 redirects
1 klm.tmediatower.com 1 redirects
1 t.co
18 13

This site contains no links.

Subject Issuer Validity Valid
t.co
DigiCert SHA2 High Assurance Server CA		 2020-03-05 -
2021-03-02		 a year crt.sh
go.fastlanes.info
Let's Encrypt Authority X3		 2020-03-02 -
2020-05-31		 3 months crt.sh
rpket.pro
Let's Encrypt Authority X3		 2020-02-19 -
2020-05-19		 3 months crt.sh
nativesp.pro
Sectigo RSA Domain Validation Secure Server CA		 2019-07-17 -
2020-07-16		 a year crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-25 -
2020-10-09		 7 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
cadaner.com
Let's Encrypt Authority X3		 2020-04-19 -
2020-07-18		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Frame ID: 5AA77D9BF9F0936DEC2DD5DFBD3CB3D6
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://t.co/I2aK082Kez Page URL
  2. http://klm.tmediatower.com/c/07669ad54c7e3e1f?s=425&d= HTTP 302
    http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9n... Page URL
  3. http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9n... Page URL
  4. https://go.fastlanes.info/?utm_medium=012aa6dda241bb6d8b5964781ee787478e605709 Page URL
  5. https://go.fastlanes.info/?utm_term=6819741611728044229&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
  6. https://go.fastlanes.info/proc.php?56ef3e3c8bbe406e36fef79998ead658b5308b28 HTTP 302
    https://rdtrck2.com/5e67bcce0a918600016573d5?pid=5415-b7563a7z&partner_id=5415&txn_id=[[txn_id]]... HTTP 302
    https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&... Page URL
  7. https://alktr.com/tb?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&cl... HTTP 302
    https://eardepth-prisists.com/6340d1d7-0f9a-48a5-ac30-859e51d97270?PartnerID=1032494&externalid=kFzqKdtMEN... HTTP 302
    https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m Page URL

Page Statistics

18
Requests

89 %
HTTPS

42 %
IPv6

13
Domains

13
Subdomains

9
IPs

5
Countries

2776 kB
Transfer

2974 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/I2aK082Kez Page URL
  2. http://klm.tmediatower.com/c/07669ad54c7e3e1f?s=425&d= HTTP 302
    http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_tmp Page URL
  3. http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_final Page URL
  4. https://go.fastlanes.info/?utm_medium=012aa6dda241bb6d8b5964781ee787478e605709 Page URL
  5. https://go.fastlanes.info/?utm_term=6819741611728044229&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d Page URL
  6. https://go.fastlanes.info/proc.php?56ef3e3c8bbe406e36fef79998ead658b5308b28 HTTP 302
    https://rdtrck2.com/5e67bcce0a918600016573d5?pid=5415-b7563a7z&partner_id=5415&txn_id=[[txn_id]]&ref_id=6819741611728044229&af=NL HTTP 302
    https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb Page URL
  7. https://alktr.com/tb?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb HTTP 302
    https://eardepth-prisists.com/6340d1d7-0f9a-48a5-ac30-859e51d97270?PartnerID=1032494&externalid=kFzqKdtMENhjCLBf HTTP 302
    https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://klm.tmediatower.com/c/07669ad54c7e3e1f?s=425&d= HTTP 302
  • http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_tmp
Request Chain 5
  • https://go.fastlanes.info/proc.php?56ef3e3c8bbe406e36fef79998ead658b5308b28 HTTP 302
  • https://rdtrck2.com/5e67bcce0a918600016573d5?pid=5415-b7563a7z&partner_id=5415&txn_id=[[txn_id]]&ref_id=6819741611728044229&af=NL HTTP 302
  • https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
I2aK082Kez
t.co/ 		365 B
591 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/I2aK082Kez
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
91009566f8f813a17dc55a908491c5f3828d28cc4e0f70fd38766f0789a45892
Security Headers
Name Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

:method
GET
:authority
t.co
:scheme
https
:path
/I2aK082Kez
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
cache-control
private,max-age=300
content-encoding
gzip
content-length
230
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Sat, 25 Apr 2020 20:00:28 GMT
expires
Sat, 25 Apr 2020 20:05:28 GMT
referrer-policy
unsafe-url
server
tsa_o
set-cookie
muc=de81ce0e-7a08-4740-9335-14716640d814; Max-Age=63072000; Expires=Mon, 25 Apr 2022 20:00:28 GMT; Domain=t.co; Secure; SameSite=None
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
b50ace2b95a55f7ba1e12e6ea9c7fdf8
x-response-time
117
x-xss-protection
0
index
go.vultow.icu/redirect/
Redirect Chain
  • http://klm.tmediatower.com/c/07669ad54c7e3e1f?s=425&d=
  • http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&actio...
608 B
764 B 		Document
General
Check archive.org
Download Go to
Full URL
http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_tmp
Requested by
Host: t.co
URL: https://t.co/I2aK082Kez
Protocol
HTTP/1.1
Server
2a05:d018:244:5200::ab Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2c4a4f45ce9a0903d4f1ebe240a8d7a7f19753dcf54988cf3ea373ab1b4d8883

Request headers

Host
go.vultow.icu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
https://t.co/I2aK082Kez
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://t.co/I2aK082Kez

Response headers

Server
nginx
Date
Sat, 25 Apr 2020 20:00:29 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
608
Connection
keep-alive

Redirect headers

Server
nginx
Date
Sat, 25 Apr 2020 20:00:28 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
Location
http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_tmp
Set-Cookie
unique_2866376=unique_2866376; expires=Sun, 26-Apr-2020 20:00:28 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ea496dcaa950536951304; expires=Sun, 26-Apr-2020 20:00:28 GMT; Max-Age=86400; path=/; HttpOnly unique_2866376=unique_2866376; expires=Sun, 26-Apr-2020 20:00:28 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ea496dcaa950536951304; expires=Sun, 26-Apr-2020 20:00:28 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=518254; expires=Mon, 25-May-2020 20:00:28 GMT; Max-Age=2592000; path=/; HttpOnly unique_2866376=unique_2866376; expires=Sun, 26-Apr-2020 20:00:28 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5ea496dcaa950536951304; expires=Sun, 26-Apr-2020 20:00:28 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=518254; expires=Mon, 25-May-2020 20:00:28 GMT; Max-Age=2592000; path=/; HttpOnly tid=zrrpp5ea496dcaa94c377509556; path=/; HttpOnly
Status
302 Found
index
go.vultow.icu/redirect/ 		382 B
538 B 		Document
General
Check archive.org
Download Go to
Full URL
http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_final
Requested by
Host: go.vultow.icu
URL: http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_tmp
Protocol
HTTP/1.1
Server
2a05:d018:244:5200::ab Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
99722c8c5d74d7b071a12dccf9bf83b687bebf15359750ee8c0ea3b5b087ee9b

Request headers

Host
go.vultow.icu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_tmp
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_tmp

Response headers

Server
nginx
Date
Sat, 25 Apr 2020 20:00:29 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
382
Connection
keep-alive
/
go.fastlanes.info/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://go.fastlanes.info/?utm_medium=012aa6dda241bb6d8b5964781ee787478e605709
Requested by
Host: go.vultow.icu
URL: http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_final
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.221 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.3.4
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
go.fastlanes.info
:scheme
https
:path
/?utm_medium=012aa6dda241bb6d8b5964781ee787478e605709
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_final
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://go.vultow.icu/redirect/index?type=meta&to=aHR0cDovL2dvLnZ1bHRvdy5pY3U%3D&data=aHR0cHM6Ly9nby5mYXN0bGFuZXMuaW5mby8%2FdXRtX21lZGl1bT0wMTJhYTZkZGEyNDFiYjZkOGI1OTY0NzgxZWU3ODc0NzhlNjA1NzA5&action=action_final

Response headers

status
200
server
nginx
date
Sat, 25 Apr 2020 20:00:29 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=bb3e23e0c32fdd065f0b348a4a373db5; expires=Sun, 25-Apr-2021 20:00:29 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
/
go.fastlanes.info/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://go.fastlanes.info/?utm_term=6819741611728044229&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
Requested by
Host: go.fastlanes.info
URL: https://go.fastlanes.info/?utm_medium=012aa6dda241bb6d8b5964781ee787478e605709
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.221 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.3.4
Resource Hash
f3174f04e7373c653a3f863183a119c3a411c52d259f6f4c517cfb0594b42bde
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
go.fastlanes.info
:scheme
https
:path
/?utm_term=6819741611728044229&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://go.fastlanes.info/?utm_medium=012aa6dda241bb6d8b5964781ee787478e605709
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
u=bb3e23e0c32fdd065f0b348a4a373db5
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://go.fastlanes.info/?utm_medium=012aa6dda241bb6d8b5964781ee787478e605709

Response headers

status
200
server
nginx
date
Sat, 25 Apr 2020 20:00:30 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
play
rpket.pro/
Redirect Chain
  • https://go.fastlanes.info/proc.php?56ef3e3c8bbe406e36fef79998ead658b5308b28
  • https://rdtrck2.com/5e67bcce0a918600016573d5?pid=5415-b7563a7z&partner_id=5415&txn_id=[[txn_id]]&ref_id=6819741611728044229&af=NL
  • https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
19 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
Requested by
Host: go.fastlanes.info
URL: https://go.fastlanes.info/?utm_term=6819741611728044229&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.208.60.53 Heemstede, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.3 /
Resource Hash
6302c5663379d6d90ff6a15ae049ab6bd666be7717d87869a8f5bcad3c879c70

Request headers

:method
GET
:authority
rpket.pro
:scheme
https
:path
/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://go.fastlanes.info/?utm_term=6819741611728044229&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://go.fastlanes.info/?utm_term=6819741611728044229&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d#

Response headers

status
200
server
nginx/1.17.3
date
Sat, 25 Apr 2020 20:00:30 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
set-cookie
truniq=1; expires=Sun, 26-Apr-2020 20:00:30 GMT; Max-Age=86400; path=/; domain=rpket.pro
x-zone
eu3
content-encoding
gzip

Redirect headers

Server
nginx
Date
Sat, 25 Apr 2020 20:00:30 GMT
Content-Type
text/html; charset=utf-8
Content-Length
153
Connection
keep-alive
Location
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
Set-Cookie
redhash=NWVhNDk2ZGU5ODlmZDIwMDAxODBlNWZifDB8NWU2N2JjY2UwYTkxODYwMDAxNjU3M2Q1fHw2MmU0YmZkNC02Y2Q0LTRmZmEtODcxMy0xODJkZjJlMTllNzV8MTU4Nzg0NDgzMA==; Path=/; Domain=rdtrck2.com; Expires=Sun, 25 Apr 2021 20:00:30 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers
Content-Length,Content-Range
rpe
nativesp.pro/ 		0
72 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nativesp.pro/rpe?a=1&s=1&act=7&src=2&p=1032494&st=1037736&wd=72525&d=rpket.pro&tpl=6&rnd=0.33604572092754514&sbid=&sbid2=
Requested by
Host: rpket.pro
URL: https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a02:b4a:1:7::9167:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash

Request headers

Referer
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Sat, 25 Apr 2020 20:00:30 GMT
server
nginx/1.16.1
access-control-allow-origin
*
content-length
0
play.png
rpket.pro/images/play/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rpket.pro/images/play/play.png
Requested by
Host: rpket.pro
URL: https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.208.60.53 Heemstede, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.3 /
Resource Hash
b63e6e57adc4e0a10eee845d513258e424b27a7985c510bb252d75eac63af861

Request headers

Referer
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 20:00:30 GMT
last-modified
Tue, 31 Mar 2020 15:20:49 GMT
server
nginx/1.17.3
etag
"5e835fd1-2b07"
content-type
image/png
status
200
accept-ranges
bytes
x-zone
eu4
content-length
11015
Primary Request bazhnewbtqwzzcy
dirtyvalentine1.com/
Redirect Chain
  • https://alktr.com/tb?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
  • https://eardepth-prisists.com/6340d1d7-0f9a-48a5-ac30-859e51d97270?PartnerID=1032494&externalid=kFzqKdtMENhjCLBf
  • https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Requested by
Host: rpket.pro
URL: https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681b:a246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31a156c30246c6ee7cb648c201dbb545c84c6ee8b28c69b7df9e4451d4ead998
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
dirtyvalentine1.com
:scheme
https
:path
/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo3MjUyNSwic3JjIjoyfQ==eyJ&clickid=5ea496de989fd2000180e5fb

Response headers

status
200
date
Sat, 25 Apr 2020 20:00:32 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d3efb6e1afb23b1dc327f4b88cb161fb11587844832; expires=Mon, 25-May-20 20:00:32 GMT; path=/; domain=.dirtyvalentine1.com; HttpOnly; SameSite=Lax k=SFMyNTY.g3QAAAAIbQAAAARhdW5xdAAAAAFtAAAABTQxNTU3bQAAAApwZGFnSk12V3hSbQAAAANoaWRtAAAAJVF5VXpzeHhOTHVPd3FmV0JYdW1FYWJvZ1JyRVp5cUhiUmJTUHhtAAAAAmhsZAADbmlsbQAAAAJyZHQAAAAEZAAKX19zdHJ1Y3RfX2QAGEVsaXhpci5UZGV4LlJvdGF0aW9uRGF0YWQADmNsaWNrZWRfb2ZmZXJzdAAAAABkAAhsYW5kaW5nc2wAAAABYgAABntqZAALc2Vlbl9vZmZlcnNsAAAAAWIAAF_Cam0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8ybQAAABh3YnQyY3A0YnBjbzJic2p1aHVpNzQ3OW1tAAAAB3RyYWNrZXJtAAAABzEwMzI0OTRtAAAAA3VucW0AAAAMbUVoRFh5UWJncWNB.Rbo5gQOc52Tnqt3oqFnBv4qcOceXoZQ7JYIxjyF7U8g; path=/; expires=Sun, 25 Apr 2021 20:00:32 GMT; max-age=31536000 uord=7aede7d4888c5037855114e46c0b9807; path=/; expires=Mon, 25 Apr 2022 20:00:32 GMT; max-age=63072000; HttpOnly
vary
Accept-Encoding
cache-control
max-age=0, private, must-revalidate
cross-origin-window-policy
deny
x-content-type-options
nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
589aa69c7cb8176a-FRA
content-encoding
br
cf-request-id
02548675c60000176a9eb5a200000001

Redirect headers

Server
nginx
Date
Sat, 25 Apr 2020 20:00:32 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Pragma
no-cache
Set-Cookie
6340d1d7-0f9a-48a5-ac30-859e51d97270-v4=6340d1d7-0f9a-48a5-ac30-859e51d97270; Max-Age=86400; Expires=Sun, 26-Apr-2020 20:00:32 GMT; Domain=eardepth-prisists.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=v6yDAH2wQJR%2FIuguwHxQyHl47eNoL4bnDyed2PXcqR3HxmNy9QVB7sTX7JDSsRY9FhbfGRMVY8IrT9H6RfWi4an0q9v4vwly0Qr2bkrBw9LT3x4vJrfApQOehQNakcoJAov%2FTslD432usgS2AdL0Aw%3D%3D; Max-Age=31536000; Expires=Sun, 25-Apr-2021 20:00:32 GMT; Domain=eardepth-prisists.com; Path=/; Secure; HttpOnly;SameSite=None
css
fonts.googleapis.com/ 		767 B
490 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b4723b5b14abe7a2062b65bf79b4d5d1e575e786a439e61ff95a38e7e9e140e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 25 Apr 2020 20:00:32 GMT
server
ESF
date
Sat, 25 Apr 2020 20:00:32 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 25 Apr 2020 20:00:32 GMT
script.min.js
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/ 		259 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/script.min.js
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.68.173.214 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
118fdd4774ce29629b1db5e8663a55ed5744e3ecf349f07a41ab8d453b70b8f9

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 20:00:32 GMT
content-encoding
gzip
last-modified
Tue, 20 Aug 2019 12:59:34 GMT
status
200
etag
W/"5d5beeb6-40a35"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
p.js
dirtyvalentine1.com/ 		434 B
352 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dirtyvalentine1.com/p.js?a=581588&cr=22856&lid=12318&mh=UXlVenN4eE5MdU93cWZXQlh1bUVhYm9nUnJFWnlxSGJSYlNQeC0yMjIxMg%3D%3D&p=0&t=1032494
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681b:a246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e27d753c247fedd15e44b4bf27312f90eceb4c01f349e783d1fc3e3cf1ae47f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 20:00:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
cross-origin-window-policy
deny
status
200
vary
Accept-Encoding
cf-request-id
02548676a30000176a9eb72200000001
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options
noopen
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
private, max-age=14400, must-revalidate
cf-ray
589aa69dd84b176a-FRA
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato
Origin
https://dirtyvalentine1.com

Response headers

date
Sat, 04 Apr 2020 10:25:32 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:55 GMT
server
sffe
age
1848900
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14044
x-xss-protection
0
expires
Sun, 04 Apr 2021 10:25:32 GMT
g1.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		444 KB
444 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g1.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.68.173.214 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
23e2e71dc3ff4be3f6b84e2d6c99c340b3389bcf6dc69a3686a2d9912b1c7f4f

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 20:00:33 GMT
last-modified
Tue, 20 Aug 2019 12:59:33 GMT
etag
"5d5beeb5-6ee12"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
454162
g2.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		446 KB
447 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g2.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.68.173.214 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
21cd05e8ed2d65d0b3c31f2328d36e7cad4823b15e4c5360e8ec8fc2e1858d44

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 20:00:33 GMT
last-modified
Tue, 20 Aug 2019 12:59:33 GMT
etag
"5d5beeb5-6f7cc"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
456652
g3.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		557 KB
558 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g3.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.68.173.214 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
7abd03c51f2f09007461de5f76b702ae49cd396ac73360cd062615307b9c1c9c

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 20:00:33 GMT
last-modified
Tue, 20 Aug 2019 12:59:34 GMT
etag
"5d5beeb6-8b2bb"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
570043
g4.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		668 KB
669 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g4.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.68.173.214 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
d55db5a171619494aea7fc7cbdc40eb34cf248deff092ebde69c3865ac634430

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 20:00:33 GMT
last-modified
Tue, 20 Aug 2019 12:59:34 GMT
etag
"5d5beeb6-a6f27"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
683815
g5.jpg
cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/ 		532 KB
533 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cadaner.com/assets/b33b9d204c5a1be4a967f98782d908e0/images/g5.jpg
Requested by
Host: dirtyvalentine1.com
URL: https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.68.173.214 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
b99476c322d6a18f1c3d0ee3cd4343f922100090f6f8a24099f9f7e268601c89

Request headers

Referer
https://dirtyvalentine1.com/bazhnewbtqwzzcy?t=1032494&s2=wbt2cp4bpco2bsjuhui7479m
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 25 Apr 2020 20:00:33 GMT
last-modified
Tue, 20 Aug 2019 12:59:34 GMT
etag
"5d5beeb6-85140"
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
accept-ranges
bytes
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
545088

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery string| u

3 Cookies

Domain/Path Name / Value
dirtyvalentine1.com/ Name: uord
Value: 7aede7d4888c5037855114e46c0b9807
dirtyvalentine1.com/ Name: k
Value: SFMyNTY.g3QAAAAIbQAAAARhdW5xdAAAAAFtAAAABTQxNTU3bQAAAApwZGFnSk12V3hSbQAAAANoaWRtAAAAJVF5VXpzeHhOTHVPd3FmV0JYdW1FYWJvZ1JyRVp5cUhiUmJTUHhtAAAAAmhsZAADbmlsbQAAAAJyZHQAAAAEZAAKX19zdHJ1Y3RfX2QAGEVsaXhpci5UZGV4LlJvdGF0aW9uRGF0YWQADmNsaWNrZWRfb2ZmZXJzdAAAAABkAAhsYW5kaW5nc2wAAAABYgAABntqZAALc2Vlbl9vZmZlcnNsAAAAAWIAAF_Cam0AAAAFc3ViXzFkAANuaWxtAAAABXN1Yl8ybQAAABh3YnQyY3A0YnBjbzJic2p1aHVpNzQ3OW1tAAAAB3RyYWNrZXJtAAAABzEwMzI0OTRtAAAAA3VucW0AAAAMbUVoRFh5UWJncWNB.Rbo5gQOc52Tnqt3oqFnBv4qcOceXoZQ7JYIxjyF7U8g
.dirtyvalentine1.com/ Name: __cfduid
Value: d3efb6e1afb23b1dc327f4b88cb161fb11587844832

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alktr.com
cadaner.com
dirtyvalentine1.com
eardepth-prisists.com
fonts.googleapis.com
fonts.gstatic.com
go.fastlanes.info
go.vultow.icu
klm.tmediatower.com
nativesp.pro
rdtrck2.com
rpket.pro
t.co
104.244.42.5
138.68.123.185
138.68.173.214
198.143.165.221
212.32.250.31
2606:4700:3034::681b:a246
2a00:1450:4001:815::2003
2a00:1450:4001:825::200a
2a02:b4a:1:7::9167:1
2a05:d018:244:5200::ab
35.159.5.116
88.208.60.53
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
118fdd4774ce29629b1db5e8663a55ed5744e3ecf349f07a41ab8d453b70b8f9
21cd05e8ed2d65d0b3c31f2328d36e7cad4823b15e4c5360e8ec8fc2e1858d44
23e2e71dc3ff4be3f6b84e2d6c99c340b3389bcf6dc69a3686a2d9912b1c7f4f
2c4a4f45ce9a0903d4f1ebe240a8d7a7f19753dcf54988cf3ea373ab1b4d8883
31a156c30246c6ee7cb648c201dbb545c84c6ee8b28c69b7df9e4451d4ead998
6302c5663379d6d90ff6a15ae049ab6bd666be7717d87869a8f5bcad3c879c70
7abd03c51f2f09007461de5f76b702ae49cd396ac73360cd062615307b9c1c9c
91009566f8f813a17dc55a908491c5f3828d28cc4e0f70fd38766f0789a45892
99722c8c5d74d7b071a12dccf9bf83b687bebf15359750ee8c0ea3b5b087ee9b
b4723b5b14abe7a2062b65bf79b4d5d1e575e786a439e61ff95a38e7e9e140e9
b63e6e57adc4e0a10eee845d513258e424b27a7985c510bb252d75eac63af861
b99476c322d6a18f1c3d0ee3cd4343f922100090f6f8a24099f9f7e268601c89
d55db5a171619494aea7fc7cbdc40eb34cf248deff092ebde69c3865ac634430
e27d753c247fedd15e44b4bf27312f90eceb4c01f349e783d1fc3e3cf1ae47f7
f3174f04e7373c653a3f863183a119c3a411c52d259f6f4c517cfb0594b42bde