urlscan.io logo urlscan.io
SecurityTrails logo

lan05.biz Open in urlscan Pro
185.177.94.42  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://rafadigital.com/
Effective URL: https://lan05.biz/?p=ge2wgzrrgi5gi3bphe3dioi
Submission: On May 10 via manual from LT — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 12 domains to perform 35 HTTP transactions. The main IP is 185.177.94.42, located in and belongs to . The main domain is lan05.biz.
TLS certificate: Issued by R3 on May 1st 2024. Valid for: 3 months.
This is the only time lan05.biz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
rafadigital.com
1    2606:4700:10::6816:1e8 (United States)

ASN13335 (CLOUDFLARENET, US)
cutt.ly
5    144.76.106.61 (Hamm, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.61.106.76.144.clients.your-server.de
news-lefojo.com
61d1f86e45.news-jisoje.com
4    23.158.56.201 (Frankfurt am Main, Germany)

ASN63023 (AS-GLOBALTELEHOST, US)
PTR: 201-56-158-23.clients.gthost.com
048214f2d0.news-rolehi.com
3    2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
12    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    65.109.24.247 (None, )

ASN- ()
c72fe1b167.news-wisato.com
2    185.177.94.152 (None, )

ASN- ()
linksforyou2d.com
0.linksforyou2d.com
3    2606:4700:10::6816:458f (None, )

ASN- ()
report1.biz
2    185.177.94.42 (None, )

ASN- ()
lan05.biz
Apex Domain
Subdomains		 Transfer
12 gstatic.com
fonts.gstatic.com
152 KB
5 news-wisato.com
c72fe1b167.news-wisato.com
16 KB
4 news-jisoje.com
61d1f86e45.news-jisoje.com
16 KB
4 news-rolehi.com
048214f2d0.news-rolehi.com
15 KB
3 report1.biz
report1.biz
1 MB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
3 KB
2 lan05.biz
lan05.biz
65 KB
2 linksforyou2d.com
linksforyou2d.com
0.linksforyou2d.com
48 KB
1 news-lefojo.com
news-lefojo.com
122 B
1 cutt.ly
cutt.ly — Cisco Umbrella Rank: 52019
402 B
1 rafadigital.com
rafadigital.com
482 B
0 b2ztrk.com Failed
www.b2ztrk.com Failed
35 12
Domain Requested by
12 fonts.gstatic.com fonts.googleapis.com
5 c72fe1b167.news-wisato.com 1 redirects 61d1f86e45.news-jisoje.com
c72fe1b167.news-wisato.com
4 61d1f86e45.news-jisoje.com 048214f2d0.news-rolehi.com
61d1f86e45.news-jisoje.com
4 048214f2d0.news-rolehi.com 048214f2d0.news-rolehi.com
3 report1.biz linksforyou2d.com
3 fonts.googleapis.com 048214f2d0.news-rolehi.com
61d1f86e45.news-jisoje.com
c72fe1b167.news-wisato.com
2 lan05.biz 048214f2d0.news-rolehi.com
1 0.linksforyou2d.com 048214f2d0.news-rolehi.com
1 linksforyou2d.com c72fe1b167.news-wisato.com
1 news-lefojo.com 1 redirects
1 cutt.ly 1 redirects
1 rafadigital.com 1 redirects
0 www.b2ztrk.com Failed 048214f2d0.news-rolehi.com
35 13

This site contains no links.

Subject Issuer Validity Valid
*.news-rolehi.com
R3		 2024-05-01 -
2024-07-30		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.news-jisoje.com
R3		 2024-04-30 -
2024-07-29		 3 months crt.sh
*.news-wisato.com
R3		 2024-04-30 -
2024-07-29		 3 months crt.sh
5.videoforyou2d.com
R3		 2024-05-01 -
2024-07-30		 3 months crt.sh
report1.biz
E1		 2024-03-19 -
2024-06-17		 3 months crt.sh
0.lan05.biz
R3		 2024-05-01 -
2024-07-30		 3 months crt.sh

This page contains 1 frames:

Frame: https://www.b2ztrk.com/6FJ6LF/745CNS8/?source_id=32375&sub1=Unknown&sub5=4476bb7uoqegxvrd92&uid=268
Frame ID: E947AAE0AC1C6E2999C2283C83023C6C
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Загрузка

Page URL History Show full URLs

  1. http://rafadigital.com/ HTTP 307
    https://rafadigital.com/ HTTP 301
    https://cutt.ly/kw4oaA3s HTTP 301
    https://news-lefojo.com/tds?id=1219252064 HTTP 302
    https://048214f2d0.news-rolehi.com/?id=1219252064 Page URL
  2. https://61d1f86e45.news-jisoje.com/?i=1&id=1219252064 Page URL
  3. https://c72fe1b167.news-wisato.com/?i=2&id=1219252064 Page URL
  4. https://c72fe1b167.news-wisato.com/tb?id=1219252064&land=34&monetization=user&p1=&p2=&p3=&p4=&type=reject HTTP 302
    https://linksforyou2d.com/go/gy2dezbzgy5dcnrygmzq Page URL
  5. https://0.linksforyou2d.com/index.php?p=gy2dezbzgy5dcnrygmzq Page URL
  6. https://lan05.biz/?p=ge2wgzrrgi5gi3bphe3dioi Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div [^>]*id="__nuxt"
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

35
Requests

97 %
HTTPS

40 %
IPv6

12
Domains

13
Subdomains

9
IPs

3
Countries

1611 kB
Transfer

1772 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://rafadigital.com/ HTTP 307
    https://rafadigital.com/ HTTP 301
    https://cutt.ly/kw4oaA3s HTTP 301
    https://news-lefojo.com/tds?id=1219252064 HTTP 302
    https://048214f2d0.news-rolehi.com/?id=1219252064 Page URL
  2. https://61d1f86e45.news-jisoje.com/?i=1&id=1219252064 Page URL
  3. https://c72fe1b167.news-wisato.com/?i=2&id=1219252064 Page URL
  4. https://c72fe1b167.news-wisato.com/tb?id=1219252064&land=34&monetization=user&p1=&p2=&p3=&p4=&type=reject HTTP 302
    https://linksforyou2d.com/go/gy2dezbzgy5dcnrygmzq Page URL
  5. https://0.linksforyou2d.com/index.php?p=gy2dezbzgy5dcnrygmzq Page URL
  6. https://lan05.biz/?p=ge2wgzrrgi5gi3bphe3dioi Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://rafadigital.com/ HTTP 307
  • https://rafadigital.com/ HTTP 301
  • https://cutt.ly/kw4oaA3s HTTP 301
  • https://news-lefojo.com/tds?id=1219252064 HTTP 302
  • https://048214f2d0.news-rolehi.com/?id=1219252064
Request Chain 30
  • https://c72fe1b167.news-wisato.com/tb?id=1219252064&land=34&monetization=user&p1=&p2=&p3=&p4=&type=reject HTTP 302
  • https://linksforyou2d.com/go/gy2dezbzgy5dcnrygmzq
Request Chain 37
  • https://t.afdgo.pro/click?pid=32375&offer_id=25 HTTP 302
  • https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=663dcb02e125040001c6cc8f&affpid=32375&action_id=NLdesktop&referrer=https%3A%2F%2Flan05.biz%2F&sub1=&sub2=&sub3=&sub4=&sub5=&sub6= HTTP 302
  • https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=663dcb02e125040001c6cc8f&affpid=32375&action_id=NLdesktop&referrer=https%3A%2F%2Flan05.biz%2F&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&redichua=1 HTTP 302
  • https://www.101trck.com/6FJ6LF/745CNS8/?uid=268&source_id=32375&sub1=Unknown&sub5=4476bb7uoqegxvrd92 HTTP 307
  • https://www.b2ztrk.com/6FJ6LF/745CNS8/?source_id=32375&sub1=Unknown&sub5=4476bb7uoqegxvrd92&uid=268

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
048214f2d0.news-rolehi.com/
Redirect Chain
  • http://rafadigital.com/
  • https://rafadigital.com/
  • https://cutt.ly/kw4oaA3s
  • https://news-lefojo.com/tds?id=1219252064
  • https://048214f2d0.news-rolehi.com/?id=1219252064
7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://048214f2d0.news-rolehi.com/?id=1219252064
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash
9d81aa7b5c53e0a896b503192f335b01c3f995ba651b37d4ce979c79303fd4e8
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Fri, 10 May 2024 07:21:24 GMT
server
nginx
vary
Origin
x-frame-options
DENY

Redirect headers

content-length
0
date
Fri, 10 May 2024 07:21:23 GMT
location
https://048214f2d0.news-rolehi.com/?id=1219252064
server
nginx
vary
Origin
x-frame-options
DENY
revopush.js
048214f2d0.news-rolehi.com/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://048214f2d0.news-rolehi.com/revopush.js
Requested by
Host: 048214f2d0.news-rolehi.com
URL: https://048214f2d0.news-rolehi.com/?id=1219252064
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash
b75cba17751a5e6c0e183475d1074739a876aa2cf4841e760692e573822db343

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://048214f2d0.news-rolehi.com/?id=1219252064
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:24 GMT
content-encoding
gzip
last-modified
Thu, 02 May 2024 14:58:42 GMT
server
nginx
etag
"6633aa22-1fae"
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
content-length
8110
css
fonts.googleapis.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Requested by
Host: 048214f2d0.news-rolehi.com
URL: https://048214f2d0.news-rolehi.com/?id=1219252064
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aaf2f58682f990cd6895432eeb0e77ef17a2a17c797d38838520c9d87a220b66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://048214f2d0.news-rolehi.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 10 May 2024 07:21:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 10 May 2024 06:58:32 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 10 May 2024 07:21:24 GMT
truncated
/ 		294 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
547153997ee0b73d2bfc2cee5cf26596431cd81770924dad7e91085e5962aff2

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://048214f2d0.news-rolehi.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 02:26:41 GMT
x-content-type-options
nosniff
age
17683
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9644
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 10 May 2025 02:26:41 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://048214f2d0.news-rolehi.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 09 May 2024 06:13:41 GMT
x-content-type-options
nosniff
age
90463
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9628
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 09 May 2025 06:13:41 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://048214f2d0.news-rolehi.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 07 May 2024 13:27:43 GMT
x-content-type-options
nosniff
age
237221
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 May 2025 13:27:43 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://048214f2d0.news-rolehi.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 00:45:23 GMT
x-content-type-options
nosniff
age
542161
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 May 2025 00:45:23 GMT
favicon.ico
048214f2d0.news-rolehi.com/ 		548 B
622 B 		Other
General
Check archive.org
Download Go to
Full URL
https://048214f2d0.news-rolehi.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://048214f2d0.news-rolehi.com/?id=1219252064
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:24 GMT
server
nginx
content-length
548
content-type
text/html; charset=utf-8
reject
048214f2d0.news-rolehi.com/ 		5 B
117 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://048214f2d0.news-rolehi.com/reject
Requested by
Host: 048214f2d0.news-rolehi.com
URL: https://048214f2d0.news-rolehi.com/revopush.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.158.56.201 Frankfurt am Main, Germany, ASN63023 (AS-GLOBALTELEHOST, US),
Reverse DNS
201-56-158-23.clients.gthost.com
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://048214f2d0.news-rolehi.com/?id=1219252064
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Fri, 10 May 2024 07:21:26 GMT
server
nginx
content-length
5
vary
Origin
content-type
application/json; charset=UTF-8
/
61d1f86e45.news-jisoje.com/ 		7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://61d1f86e45.news-jisoje.com/?i=1&id=1219252064
Requested by
Host: 048214f2d0.news-rolehi.com
URL: https://048214f2d0.news-rolehi.com/revopush.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
144.76.106.61 Hamm, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.61.106.76.144.clients.your-server.de
Software
nginx /
Resource Hash
72474fe20dc061b7457218791466b3adbf584035608000c124b2a7290c2542da
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
https://048214f2d0.news-rolehi.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/html; charset=UTF-8
date
Fri, 10 May 2024 07:21:27 GMT
server
nginx
vary
Origin
x-frame-options
DENY
revopush.js
61d1f86e45.news-jisoje.com/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://61d1f86e45.news-jisoje.com/revopush.js
Requested by
Host: 61d1f86e45.news-jisoje.com
URL: https://61d1f86e45.news-jisoje.com/?i=1&id=1219252064
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
144.76.106.61 Hamm, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.61.106.76.144.clients.your-server.de
Software
nginx /
Resource Hash
b75cba17751a5e6c0e183475d1074739a876aa2cf4841e760692e573822db343

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://61d1f86e45.news-jisoje.com/?i=1&id=1219252064
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:28 GMT
content-encoding
gzip
last-modified
Thu, 02 May 2024 14:58:42 GMT
server
nginx
etag
"6633aa22-1fae"
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
content-length
8110
css
fonts.googleapis.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Requested by
Host: 61d1f86e45.news-jisoje.com
URL: https://61d1f86e45.news-jisoje.com/?i=1&id=1219252064
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aaf2f58682f990cd6895432eeb0e77ef17a2a17c797d38838520c9d87a220b66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://61d1f86e45.news-jisoje.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 10 May 2024 07:21:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 10 May 2024 06:25:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 10 May 2024 07:21:28 GMT
truncated
/ 		294 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
547153997ee0b73d2bfc2cee5cf26596431cd81770924dad7e91085e5962aff2

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://61d1f86e45.news-jisoje.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 02:26:41 GMT
x-content-type-options
nosniff
age
17687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9644
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 10 May 2025 02:26:41 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://61d1f86e45.news-jisoje.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 09 May 2024 06:13:41 GMT
x-content-type-options
nosniff
age
90467
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9628
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 09 May 2025 06:13:41 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://61d1f86e45.news-jisoje.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 07 May 2024 13:27:43 GMT
x-content-type-options
nosniff
age
237225
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 May 2025 13:27:43 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://61d1f86e45.news-jisoje.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 00:45:23 GMT
x-content-type-options
nosniff
age
542165
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 May 2025 00:45:23 GMT
favicon.ico
61d1f86e45.news-jisoje.com/ 		548 B
622 B 		Other
General
Check archive.org
Download Go to
Full URL
https://61d1f86e45.news-jisoje.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
144.76.106.61 Hamm, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.61.106.76.144.clients.your-server.de
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://61d1f86e45.news-jisoje.com/?i=1&id=1219252064
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:28 GMT
server
nginx
content-length
548
content-type
text/html; charset=utf-8
reject
61d1f86e45.news-jisoje.com/ 		5 B
117 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://61d1f86e45.news-jisoje.com/reject
Requested by
Host: 61d1f86e45.news-jisoje.com
URL: https://61d1f86e45.news-jisoje.com/revopush.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
144.76.106.61 Hamm, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.61.106.76.144.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://61d1f86e45.news-jisoje.com/?i=1&id=1219252064
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Fri, 10 May 2024 07:21:29 GMT
server
nginx
content-length
5
vary
Origin
content-type
application/json; charset=UTF-8
/
c72fe1b167.news-wisato.com/ 		7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c72fe1b167.news-wisato.com/?i=2&id=1219252064
Requested by
Host: 61d1f86e45.news-jisoje.com
URL: https://61d1f86e45.news-jisoje.com/revopush.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.109.24.247 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
09d2cd2abf7cb30e3e19c08b52066a07acc5e1f535b2497f23197eb1926b24e2
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
https://61d1f86e45.news-jisoje.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/html; charset=UTF-8
date
Fri, 10 May 2024 07:21:29 GMT
server
nginx
vary
Origin
x-frame-options
DENY
revopush.js
c72fe1b167.news-wisato.com/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c72fe1b167.news-wisato.com/revopush.js
Requested by
Host: c72fe1b167.news-wisato.com
URL: https://c72fe1b167.news-wisato.com/?i=2&id=1219252064
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.109.24.247 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b75cba17751a5e6c0e183475d1074739a876aa2cf4841e760692e573822db343

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://c72fe1b167.news-wisato.com/?i=2&id=1219252064
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:30 GMT
content-encoding
gzip
last-modified
Thu, 02 May 2024 14:58:42 GMT
server
nginx
etag
"6633aa22-1fae"
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
content-length
8110
css
fonts.googleapis.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Requested by
Host: c72fe1b167.news-wisato.com
URL: https://c72fe1b167.news-wisato.com/?i=2&id=1219252064
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aaf2f58682f990cd6895432eeb0e77ef17a2a17c797d38838520c9d87a220b66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://c72fe1b167.news-wisato.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 10 May 2024 07:21:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 10 May 2024 06:37:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 10 May 2024 07:21:30 GMT
truncated
/ 		294 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
547153997ee0b73d2bfc2cee5cf26596431cd81770924dad7e91085e5962aff2

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://c72fe1b167.news-wisato.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 02:26:41 GMT
x-content-type-options
nosniff
age
17689
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9644
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 10 May 2025 02:26:41 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://c72fe1b167.news-wisato.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 09 May 2024 06:13:41 GMT
x-content-type-options
nosniff
age
90469
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9628
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 09 May 2025 06:13:41 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://c72fe1b167.news-wisato.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 07 May 2024 13:27:43 GMT
x-content-type-options
nosniff
age
237227
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 May 2025 13:27:43 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://c72fe1b167.news-wisato.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 00:45:23 GMT
x-content-type-options
nosniff
age
542167
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 May 2025 00:45:23 GMT
favicon.ico
c72fe1b167.news-wisato.com/ 		548 B
622 B 		Other
General
Check archive.org
Download Go to
Full URL
https://c72fe1b167.news-wisato.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.109.24.247 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://c72fe1b167.news-wisato.com/?i=2&id=1219252064
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:30 GMT
server
nginx
content-length
548
content-type
text/html; charset=utf-8
reject
c72fe1b167.news-wisato.com/ 		5 B
117 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://c72fe1b167.news-wisato.com/reject
Requested by
Host: c72fe1b167.news-wisato.com
URL: https://c72fe1b167.news-wisato.com/revopush.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.109.24.247 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://c72fe1b167.news-wisato.com/?i=2&id=1219252064
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Fri, 10 May 2024 07:21:32 GMT
server
nginx
content-length
5
vary
Origin
content-type
application/json; charset=UTF-8
gy2dezbzgy5dcnrygmzq
linksforyou2d.com/go/
Redirect Chain
  • https://c72fe1b167.news-wisato.com/tb?id=1219252064&land=34&monetization=user&p1=&p2=&p3=&p4=&type=reject
  • https://linksforyou2d.com/go/gy2dezbzgy5dcnrygmzq
23 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://linksforyou2d.com/go/gy2dezbzgy5dcnrygmzq
Requested by
Host: c72fe1b167.news-wisato.com
URL: https://c72fe1b167.news-wisato.com/revopush.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.152 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
50a736911fe6808b08482aeecc83d7b3c6f57f0ddf1790b6e9f19fbc6445b833
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
https://c72fe1b167.news-wisato.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Fri, 10 May 2024 07:21:32 GMT
server
nginx
strict-transport-security
max-age=31536000

Redirect headers

content-length
0
date
Fri, 10 May 2024 07:21:32 GMT
location
https://linksforyou2d.com/go/gy2dezbzgy5dcnrygmzq
server
nginx
vary
Origin
vi.mp4
report1.biz/img/ 		58 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://report1.biz/img/vi.mp4
Requested by
Host: linksforyou2d.com
URL: https://linksforyou2d.com/go/gy2dezbzgy5dcnrygmzq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:458f -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer
https://linksforyou2d.com/
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:32 GMT
cf-cache-status
HIT
last-modified
Thu, 12 Mar 2020 14:24:15 GMT
server
cloudflare
age
6874
etag
"5e6a460f-15270d"
vary
Accept-Encoding
content-type
video/mp4
Content-Range
bytes 0-1386252/1386253
cache-control
max-age=31536000
cf-ray
88182c4ac8b3667c-AMS
Content-Length
1386253
vi.mp4
report1.biz/img/ 		10 KB
10 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://report1.biz/img/vi.mp4
Requested by
Host: linksforyou2d.com
URL: https://linksforyou2d.com/go/gy2dezbzgy5dcnrygmzq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:458f -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
8e827df513173d24540f58fb190ad38a591f188e3a816eb1211c042240ff9d5e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer
https://linksforyou2d.com/
Range
bytes=1376256-
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:32 GMT
cf-cache-status
HIT
last-modified
Thu, 12 Mar 2020 14:24:15 GMT
server
cloudflare
age
6874
etag
"5e6a460f-15270d"
vary
Accept-Encoding
content-type
video/mp4
Content-Range
bytes 1376256-1386252/1386253
cache-control
max-age=31536000
cf-ray
88182c4b08e8667c-AMS
Content-Length
9997
vi.mp4
report1.biz/img/ 		1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://report1.biz/img/vi.mp4
Requested by
Host: linksforyou2d.com
URL: https://linksforyou2d.com/go/gy2dezbzgy5dcnrygmzq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:458f -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
681b893500e84a100e446f60b7891ca4524a43bc8a0681436e47ee0a76b35305

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer
https://linksforyou2d.com/
Range
bytes=32768-
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:32 GMT
cf-cache-status
HIT
last-modified
Thu, 12 Mar 2020 14:24:15 GMT
server
cloudflare
age
6874
etag
"5e6a460f-15270d"
vary
Accept-Encoding
content-type
video/mp4
Content-Range
bytes 32768-1386252/1386253
cache-control
max-age=31536000
cf-ray
88182c4b08e8667c-AMS
Content-Length
1353485
index.php
0.linksforyou2d.com/ 		23 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://0.linksforyou2d.com/index.php?p=gy2dezbzgy5dcnrygmzq
Requested by
Host: 048214f2d0.news-rolehi.com
URL: https://048214f2d0.news-rolehi.com/?id=1219252064
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.152 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
c5664b2e7293beb020d0fdda952914736000c2e048f9f5f0619068f3b4fe0464
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
https://linksforyou2d.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Fri, 10 May 2024 07:21:34 GMT
server
nginx
strict-transport-security
max-age=31536000
Primary Request /
lan05.biz/ 		64 KB
65 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lan05.biz/?p=ge2wgzrrgi5gi3bphe3dioi
Requested by
Host: 048214f2d0.news-rolehi.com
URL: https://048214f2d0.news-rolehi.com/?id=1219252064
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b9677f8664373af2ec23a3ad5d35996080201ead737d59a590f08a6a97c1430b
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
https://0.linksforyou2d.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Fri, 10 May 2024 07:21:36 GMT
server
nginx
strict-transport-security
max-age=31536000
truncated
/ 		20 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
favicon.ico
lan05.biz/ 		0
125 B 		Other
General
Check archive.org
Download Go to
Full URL
https://lan05.biz/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.42 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lan05.biz/?p=ge2wgzrrgi5gi3bphe3dioi
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 10 May 2024 07:21:36 GMT
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
server
nginx
/
www.b2ztrk.com/6FJ6LF/745CNS8/
Redirect Chain
  • https://t.afdgo.pro/click?pid=32375&offer_id=25
  • https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=663dcb02e125040001c6cc8f&affpid=32375&action_id=NLdesktop&referrer=https%3A%2F%2Flan05.biz%2F&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=
  • https://sma.binoego.pro/c.php?k=63r1l5p2seqav3mqsdvc&clickid=663dcb02e125040001c6cc8f&affpid=32375&action_id=NLdesktop&referrer=https%3A%2F%2Flan05.biz%2F&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&redich...
  • https://www.101trck.com/6FJ6LF/745CNS8/?uid=268&source_id=32375&sub1=Unknown&sub5=4476bb7uoqegxvrd92
  • https://www.b2ztrk.com/6FJ6LF/745CNS8/?source_id=32375&sub1=Unknown&sub5=4476bb7uoqegxvrd92&uid=268
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.b2ztrk.com
URL
https://www.b2ztrk.com/6FJ6LF/745CNS8/?source_id=32375&sub1=Unknown&sub5=4476bb7uoqegxvrd92&uid=268

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _GLOBALS function| a0_0x51f5 function| a0_0x3281 object| Sentry

1 Cookies

Domain/Path Name / Value
cutt.ly/ Name: PHPSESSID
Value: f14754h48b4ei86b4cfv6oe26u

6 Console Messages

Source Level URL
Text
network error URL: https://048214f2d0.news-rolehi.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
other error URL: https://048214f2d0.news-rolehi.com/?id=1219252064
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network error URL: https://61d1f86e45.news-jisoje.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
other error URL: https://61d1f86e45.news-jisoje.com/?i=1&id=1219252064
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network error URL: https://c72fe1b167.news-wisato.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
other error URL: https://c72fe1b167.news-wisato.com/?i=2&id=1219252064
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.linksforyou2d.com
048214f2d0.news-rolehi.com
61d1f86e45.news-jisoje.com
c72fe1b167.news-wisato.com
cutt.ly
fonts.googleapis.com
fonts.gstatic.com
lan05.biz
linksforyou2d.com
news-lefojo.com
rafadigital.com
report1.biz
www.b2ztrk.com
www.b2ztrk.com
144.76.106.61
185.177.94.152
185.177.94.42
188.114.96.3
23.158.56.201
2606:4700:10::6816:1e8
2606:4700:10::6816:458f
2a00:1450:4001:80b::200a
2a00:1450:4001:813::2003
65.109.24.247
09d2cd2abf7cb30e3e19c08b52066a07acc5e1f535b2497f23197eb1926b24e2
349f4bc944f444e656ac165e19aa5c1920416170f0b24f75b02766a363888e93
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
50a736911fe6808b08482aeecc83d7b3c6f57f0ddf1790b6e9f19fbc6445b833
547153997ee0b73d2bfc2cee5cf26596431cd81770924dad7e91085e5962aff2
681b893500e84a100e446f60b7891ca4524a43bc8a0681436e47ee0a76b35305
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
72474fe20dc061b7457218791466b3adbf584035608000c124b2a7290c2542da
8e827df513173d24540f58fb190ad38a591f188e3a816eb1211c042240ff9d5e
9d81aa7b5c53e0a896b503192f335b01c3f995ba651b37d4ce979c79303fd4e8
aaf2f58682f990cd6895432eeb0e77ef17a2a17c797d38838520c9d87a220b66
b75cba17751a5e6c0e183475d1074739a876aa2cf4841e760692e573822db343
b9677f8664373af2ec23a3ad5d35996080201ead737d59a590f08a6a97c1430b
c5664b2e7293beb020d0fdda952914736000c2e048f9f5f0619068f3b4fe0464
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615