urlscan.io logo urlscan.io
SecurityTrails logo

leaves.red Open in urlscan Pro
2a02:fe80:1010::2:6  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tracker.leaves.red/
Effective URL: https://leaves.red/login.php
Submission: On June 28 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 1 domains to perform 30 HTTP transactions. The main IP is 2a02:fe80:1010::2:6, located in United States and belongs to SUCURI-SEC, US. The main domain is leaves.red.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on June 28th 2023. Valid for: a year.
This is the only time leaves.red was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a02:fe80:101... 30148 (SUCURI-SEC)
24 2a02:fe80:101... 30148 (SUCURI-SEC)
2 185.250.38.130 141995 (CAPL-AS-A...)
1 2606:4700:e0:... 13335 (CLOUDFLAR...)
3 2606:4700:e0:... 13335 (CLOUDFLAR...)
30 4
1    2a02:fe80:1010::3:8 (United States)

ASN30148 (SUCURI-SEC, US)
tracker.leaves.red
24    2a02:fe80:1010::2:6 (United States)

ASN30148 (SUCURI-SEC, US)
leaves.red
2    185.250.38.130 (Singapore)

ASN141995 (CAPL-AS-AP Contabo Asia Private Limited, SG)
PTR: vmi1090854.contaboserver.net
stats.leaves.red
1    2606:4700:e0::ac40:6514 (United States)

ASN13335 (CLOUDFLARENET, US)
s3.leaves.red
3    2606:4700:e0::ac40:6414 (United States)

ASN13335 (CLOUDFLARENET, US)
acts.leaves.red
Apex Domain
Subdomains		 Transfer
31 leaves.red
tracker.leaves.red
leaves.red
stats.leaves.red
s3.leaves.red
acts.leaves.red
3 MB
30 1
Domain Requested by
24 leaves.red leaves.red
3 acts.leaves.red leaves.red
2 stats.leaves.red leaves.red
stats.leaves.red
1 s3.leaves.red leaves.red
1 tracker.leaves.red 1 redirects
30 5

This site contains no links.

Subject Issuer Validity Valid
leaves.red
Starfield Secure Certificate Authority - G2		 2023-06-28 -
2024-06-28		 a year crt.sh
stats.leaves.red
R3		 2023-04-04 -
2023-07-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://leaves.red/login.php
Frame ID: B04C49E8049FAAC43FCF257CE14D713C
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

红叶 :: 登录 - Red Leaves

Page URL History Show full URLs

  1. https://tracker.leaves.red/ HTTP 302
    https://leaves.red/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

100 %
HTTPS

80 %
IPv6

1
Domains

5
Subdomains

4
IPs

2
Countries

2587 kB
Transfer

4517 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tracker.leaves.red/ HTTP 302
    https://leaves.red/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
leaves.red/
Redirect Chain
  • https://tracker.leaves.red/
  • https://leaves.red/login.php
19 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
34bbf39a013ba1ddee36ad708a4b4b0047eb357e4a00ceb5555048f77c84ef0b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000 max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
upgrade-insecure-requests;
content-type
text/html; charset=utf-8; Cache-control:private
date
Wed, 28 Jun 2023 21:11:09 GMT
server
nginx
strict-transport-security
max-age=31536000 max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-sucuri-cache
BYPASS
x-sucuri-id
15002
x-xss-protection
1; mode=block

Redirect headers

content-security-policy
upgrade-insecure-requests;
content-type
text/html; charset=UTF-8
date
Wed, 28 Jun 2023 21:11:09 GMT
location
https://leaves.red/login.php
server
nginx
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-sucuri-cache
HIT
x-sucuri-id
15003
x-xss-protection
1; mode=block
mediumfont.css
leaves.red/styles/ 		836 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leaves.red/styles/mediumfont.css?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
c6ab7f6802625047397f8e0ecef3848b55913469d4f986843caf615a11b68b00
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
x-sucuri-cache
HIT
content-length
836
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
"64757c44-344"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15002
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
sprites.css
leaves.red/styles/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leaves.red/styles/sprites.css?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
955ea934893a34cda50518cc06c9d4497c3722426d396ac1bcc023998beaa238
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-1d06"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
forumsprites.css
leaves.red/pic/forum_pic/chs/ 		702 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leaves.red/pic/forum_pic/chs/forumsprites.css?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
db9b19e20def3661af1e5f66fabc9f7c2ec444533e9b656acfd91d15c16689d6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
x-sucuri-cache
HIT
content-length
702
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
"64757c44-2be"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15002
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
theme.css
leaves.red/styles/RedLeaves/ 		13 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leaves.red/styles/RedLeaves/theme.css?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
ac98fa267e9df7485974af1ce2ecbb54c29bf4d7e22e4127985627d472eb1a1c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-35d6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
DomTT.css
leaves.red/styles/RedLeaves/ 		1 KB
914 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leaves.red/styles/RedLeaves/DomTT.css?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
16ad5d4668299e82ad7d4394e73737114f67380a5939ee54110194bf4431fc8f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-552"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
curtain_imageresizer.css
leaves.red/styles/ 		345 B
735 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leaves.red/styles/curtain_imageresizer.css?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
06739aa96be5aa56c4fe8f54bfb7db0a8990d565d75a6c49af9ae8c583c1c145
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
x-sucuri-cache
HIT
content-length
345
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
"64757c44-159"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15002
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
nexus.css
leaves.red/styles/ 		29 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leaves.red/styles/nexus.css?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
ab7dcdd47967f676da7d4ea08d686c05311925fbe9031f0fe8ae29e73ae79338
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Sun, 04 Jun 2023 15:39:25 GMT
server
nginx
etag
W/"647cb02d-7287"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
leaves.css
leaves.red/styles/ 		14 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leaves.red/styles/leaves.css?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
fa18042255143442997ec657d1d7df1e9a41c33b382b5dc3b9a7f8ced0a937cf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-3833"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
curtain_imageresizer.js
leaves.red/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/js/curtain_imageresizer.js?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
45316a124ceec0ff49686d733e6c84accd151d83d05ee83171fe0d2d3e0958f2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-947"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
ajaxbasic.js
leaves.red/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/js/ajaxbasic.js?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
9a21caab36e322c7096cae1930ba9211a22be8ee676bdc38116d973f2692083b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-63f"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
common.js
leaves.red/js/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/js/common.js?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
796ca08375594e814b466f43108065f1d18f9e09cb0bd75047263a827ef7af42
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-2bcb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
domLib.js
leaves.red/js/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/js/domLib.js?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
ce1a8b626c5803e1d8b17a06fdfaf86f024aaec94e49784251fb1fb2fa1c0d67
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-41cb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
domTT.js
leaves.red/js/ 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/js/domTT.js?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
67766690d6f0c61a667e6b2bc484a5eb15e83a37afe83d6b6b7ea801fe4508d7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-7596"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
domTT_drag.js
leaves.red/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/js/domTT_drag.js?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
aefaddd09e17bbf0bb2b2ca2a2ee59d4e1229e59e4bd53c43377f2054ee096d3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-a1c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
fadomatic.js
leaves.red/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/js/fadomatic.js?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
48d265189e0940eb4e3057e41b20247f7a06df821c991d3d288da4387c919dc8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-11b8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-1.12.4.min.js
leaves.red/js/ 		95 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/js/jquery-1.12.4.min.js?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
4574aea110cdaa1cf0c27bc5d0d9364a3c18e7a33a185c87d581c6b159703e01
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-17b93"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
layer.js
leaves.red/vendor/layer-v3.5.1/layer/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/vendor/layer-v3.5.1/layer/layer.js?20230528
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
a97e4941ceb1a7df7bcf5e9631b8d9e8f7b47d7ccb59b5ed3968380465e0e824
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-58d2"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
logo23.svg
leaves.red/pic/ 		60 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://leaves.red/pic/logo23.svg
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
06288669cdfa88b62d9cb65c56ae6140b242d34cbf37f9ee3fd66187ca109928
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
x-sucuri-cache
HIT
content-length
61722
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
"64757c44-f11a"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=315360000
x-sucuri-id
15002
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
image.php
leaves.red/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://leaves.red/image.php?action=regimage&imagehash=59fe81fb66f46514aa800bf214a7d2c4&secret=
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
e6e8515713553103c49adf9dec1d3c4efc2a17fce779057a77535db5c5a69de1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/png
x-sucuri-cache
MISS
cache-control
max-age=315360000
x-sucuri-id
15002
x-xss-protection
1; mode=block
expires
Thu, 31 Dec 2037 23:55:55 GMT
nexus.js
leaves.red/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/js/nexus.js
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
40da66f738fb412b7c2bdbe097616c877f960192f7de8a63b6983047d0680fbf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-1817"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.goup.min.js
leaves.red/vendor/jquery-goup-1.1.3/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://leaves.red/vendor/jquery-goup-1.1.3/jquery.goup.min.js
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
779febb8bcc64bba46f6f3bb6354ce40c53538e0168cdcf783e4fecbb3ade60e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-ca2"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
layer.css
leaves.red/vendor/layer-v3.5.1/layer/theme/default/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://leaves.red/vendor/layer-v3.5.1/layer/theme/default/layer.css?v=3.5.1
Requested by
Host: leaves.red
URL: https://leaves.red/vendor/layer-v3.5.1/layer/layer.js?20230528
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
content-encoding
gzip
x-sucuri-cache
HIT
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
W/"64757c44-37bf"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15002
expires
Thu, 31 Dec 2037 23:55:55 GMT
o
stats.leaves.red/ 		64 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.leaves.red/o
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.250.38.130 , Singapore, ASN141995 (CAPL-AS-AP Contabo Asia Private Limited, SG),
Reverse DNS
vmi1090854.contaboserver.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:10 GMT
content-encoding
gzip
last-modified
Wed, 19 Apr 2023 19:18:09 GMT
server
Microsoft-IIS/10.0
etag
"af543fadf372d91:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
26880
2.png
leaves.red/pic/bg/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://leaves.red/pic/bg/2.png
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::2:6 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
744b9337d7285f8c00b579b89859772ffd9f228561355417eab03398c5136782
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:09 GMT
strict-transport-security
max-age=31536000, max-age=31536000
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests;
x-sucuri-cache
MISS
content-length
2410441
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 04:32:04 GMT
server
nginx
etag
"64757c44-24c7c9"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=315360000
x-sucuri-id
15002
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
64581d3b167b5.gif
s3.leaves.red/c33abb6ba76a441c9f0683b1723b90a7:red/2023/05/08/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.leaves.red/c33abb6ba76a441c9f0683b1723b90a7:red/2023/05/08/64581d3b167b5.gif
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3cea4a0d94aa99e3cf8ff13e660e36e0dcf86f16ffa137bf0e633e5fb4a1ca3
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://leaves.red/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 28 Jun 2023 21:11:10 GMT
ratelimit-reset
1
strict-transport-security
max-age=16000000; includeSubDomains; preload;
cf-cache-status
HIT
x-ratelimit-limit-second
250
x-amz-request-id
tx00000fd273f6142cb0c7d-0064910f0d-c387f1-default
x-ratelimit-remaining-second
249
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
ratelimit-limit
250
alt-svc
h3=":443"; ma=86400
content-length
33084
last-modified
Sun, 07 May 2023 21:50:51 GMT
server
cloudflare
etag
"eea5c2da0d18526b3429a3ecc5581ed0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uk1RyVj5iMgVxGGN2iouBe6lOey3ygMVLzSyPurwEzgpj4cFTFXfg09lM7HnQfUdy1plz2dHI3TGUQa4Jfjau%2BY6w1PjePWGKKR6NKF9Jc5jSzhV3qCSR22sXcj6zkifBeqeQ2QueQpM9DRP"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
x-rgw-object-type
Normal
cache-control
max-age=72000
accept-ranges
bytes
cf-ray
7de8ebb0cffe046a-FRA
ratelimit-remaining
249
x-proxy-cache
MISS
week5.mp4
acts.leaves.red/act/ 		195 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://acts.leaves.red/act/week5.mp4
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6414 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;

Request headers

Referer
https://leaves.red/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 28 Jun 2023 21:11:10 GMT
ratelimit-reset
1
strict-transport-security
max-age=16000000; includeSubDomains; preload;
cf-cache-status
HIT
x-ratelimit-limit-second
250
x-amz-request-id
tx00000fb53dc190fe23e28-006490844f-64f91-default
x-ratelimit-remaining-second
249
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range
bytes 0-2558605/2558606
ratelimit-limit
250
alt-svc
h3=":443"; ma=86400
Content-Length
2558606
last-modified
Mon, 19 Jun 2023 16:36:35 GMT
server
cloudflare
etag
"253617078d5afc7a1c3965c97b0b84c5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yRpJf2xiOPvu4vqNOIkoIQcvXP25RYUNl8n8%2B0JEYhFGVhmJZjBXog9kSD0Iz40%2BMjqbnjrDxZ1evB03sKX2rHHWUpTa8JdiWy4onan0ssdj5QfEm%2B0yqTyDwSKuYiewXfxkBjiFv4sbz9RagqY%3D"}],"group":"cf-nel","max_age":604800}
content-type
video/mp4
access-control-allow-origin
*
x-rgw-object-type
Normal
cf-ray
7de8ebb0db5e3a9a-FRA
ratelimit-remaining
249
x-proxy-cache
MISS
week5.mp4
acts.leaves.red/act/ 		1 MB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://acts.leaves.red/act/week5.mp4
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6414 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;

Request headers

Referer
https://leaves.red/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range
bytes=196608-

Response headers

date
Wed, 28 Jun 2023 21:11:10 GMT
ratelimit-reset
1
strict-transport-security
max-age=16000000; includeSubDomains; preload;
cf-cache-status
HIT
x-ratelimit-limit-second
250
x-amz-request-id
tx00000fb53dc190fe23e28-006490844f-64f91-default
age
0
x-ratelimit-remaining-second
249
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range
bytes 196608-2558605/2558606
ratelimit-limit
250
alt-svc
h3=":443"; ma=86400
Content-Length
2361998
last-modified
Mon, 19 Jun 2023 16:36:35 GMT
server
cloudflare
etag
"253617078d5afc7a1c3965c97b0b84c5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=973aZ%2FoflDhn95dveqntEe7KfInzmhGHsIoGPiH4OkE95%2BOQ90KnfO9%2FXmRe%2BR%2FSb0oqZ%2BOx5SZIWizL8NuM3PSCs8lDeqQPnnXCQVj6R8vB7sKtr96oNAmyXKQma5qU1eHjneK42VCssc95%2B0A%3D"}],"group":"cf-nel","max_age":604800}
content-type
video/mp4
access-control-allow-origin
*
x-rgw-object-type
Normal
cf-ray
7de8ebb4c8693a9a-FRA
ratelimit-remaining
249
x-proxy-cache
MISS
week5.mp4
acts.leaves.red/act/ 		260 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://acts.leaves.red/act/week5.mp4
Requested by
Host: leaves.red
URL: https://leaves.red/login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6414 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=16000000; includeSubDomains; preload;

Request headers

Referer
https://leaves.red/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range
bytes=1474560-

Response headers

date
Wed, 28 Jun 2023 21:11:10 GMT
ratelimit-reset
1
strict-transport-security
max-age=16000000; includeSubDomains; preload;
cf-cache-status
HIT
x-ratelimit-limit-second
250
x-amz-request-id
tx00000fb53dc190fe23e28-006490844f-64f91-default
age
0
x-ratelimit-remaining-second
249
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range
bytes 1474560-2558605/2558606
ratelimit-limit
250
alt-svc
h3=":443"; ma=86400
Content-Length
1084046
last-modified
Mon, 19 Jun 2023 16:36:35 GMT
server
cloudflare
etag
"253617078d5afc7a1c3965c97b0b84c5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQR0g4YYDRkEzbFhieDbyYJJ61H7qWvAteZx6%2BgFfRzXLhwM0zn3pN9Yv0DkjhPaPEX5s2duDxyYMlLblavRz1zciU4eAqMqeFfSiJj0OEMvPYnGW9gbMYqCwK5opheP%2FNQPjY1Fy1Aao%2BdauU4%3D"}],"group":"cf-nel","max_age":604800}
content-type
video/mp4
access-control-allow-origin
*
x-rgw-object-type
Normal
cf-ray
7de8ebb52ab11959-FRA
ratelimit-remaining
249
x-proxy-cache
MISS
m
stats.leaves.red/ 		0
119 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.leaves.red/m?action_name=%E7%BA%A2%E5%8F%B6%20%3A%3A%20%E7%99%BB%E5%BD%95%20-%20Red%20Leaves&idsite=1&rec=1&r=528100&h=21&m=11&s=11&url=https%3A%2F%2Fleaves.red%2Flogin.php&_id=4698716e4a7ec4d5&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=t7bmKO&pf_net=30&pf_srv=106&pf_tfr=0&pf_dm1=96&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D
Requested by
Host: stats.leaves.red
URL: https://stats.leaves.red/o
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.250.38.130 , Singapore, ASN141995 (CAPL-AS-AP Contabo Asia Private Limited, SG),
Reverse DNS
vmi1090854.contaboserver.net
Software
Microsoft-IIS/10.0 / PHP/8.1.16, ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://leaves.red/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin
https://leaves.red
date
Wed, 28 Jun 2023 21:11:11 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
PHP/8.1.16, ASP.NET
content-type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

163 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend string| userAgent boolean| is_ie function| $ function| Scale function| check_avatar function| Preview function| Previewurl function| findPosition function| Return function| collect object| ajax function| postvalid function| dropmenu function| confirm_delete function| viewfilelist function| showlist function| hidefilelist function| viewpeerlist function| hidepeerlist function| SmileIT function| saythanks function| preview function| unpreview function| saveMagicValue function| klappe function| klappe_news function| klappe_ext function| disableother function| disableother2 boolean| submitted function| ctrlenter function| gotothepage function| changepage function| bookmark function| bmicon string| checkflag function| check string| form function| SetChecked function| funvote function| voteaccept function| getname function| getusertorrentlistajax function| get_ext_info_ajax function| enabledel function| disabledel function| customgift function| NewRow function| DelRow string| domLib_userAgent boolean| domLib_isMac boolean| domLib_isWin boolean| domLib_isOpera object| domLib_isOpera7up boolean| domLib_isSafari boolean| domLib_isKonq boolean| domLib_isKHTML boolean| domLib_isIE boolean| domLib_isIE5up boolean| domLib_isIE50 boolean| domLib_isIE55 boolean| domLib_isIE5 boolean| domLib_isGecko boolean| domLib_isMacIE boolean| domLib_isIE55up boolean| domLib_isIE6up boolean| domLib_standardsMode boolean| domLib_useLibrary boolean| domLib_hasBrokenTimeout boolean| domLib_canFade boolean| domLib_canDrawOverSelect boolean| domLib_canDrawOverFlash string| domLib_eventTarget string| domLib_eventButton string| domLib_eventTo string| domLib_stylePointer string| domLib_styleNoMaxWidth string| domLib_hidePosition number| domLib_scrollbarWidth number| domLib_autoId number| domLib_zIndex undefined| domLib_collisionElements boolean| domLib_collisionsCached number| domLib_timeoutStateId object| domLib_timeoutStates function| domLib_clone function| Hash function| domLib_isDescendantOf function| domLib_detectCollisions function| domLib_getOffsets function| domLib_setTimeout function| domLib_clearTimeout function| domLib_getEventPosition function| domLib_cancelBubble function| domLib_getIFrameReference function| domLib_getElementsByClass function| domLib_getElementsByTagNames function| domLib_getComputedStyle function| makeTrue function| makeFalse number| domTT_offsetX number| domTT_offsetY string| domTT_direction number| domTT_mouseHeight string| domTT_closeLink string| domTT_closeAction number| domTT_activateDelay boolean| domTT_maxWidth string| domTT_styleClass string| domTT_fade number| domTT_lifetime number| domTT_grid number| domTT_trailDelay boolean| domTT_useGlobalMousePosition boolean| domTT_postponeActivation string| domTT_tooltipIdPrefix boolean| domTT_screenEdgeDetection number| domTT_screenEdgePadding boolean| domTT_oneOnly boolean| domTT_cloneNodes boolean| domTT_detectCollisions object| domTT_bannedTags boolean| domTT_draggable object| domTT_predefined object| domTT_tooltips number| domTT_lastOpened boolean| domTT_documentLoaded object| domTT_mousePosition function| domTT_activate function| domTT_create function| domTT_show function| domTT_close function| domTT_closeAll function| domTT_deactivate function| domTT_mouseout function| domTT_mousemove function| domTT_addPredefined function| domTT_correctEdgeBleed function| domTT_isActive function| domTT_runDeactivate function| domTT_runShow function| domTT_replaceTitles function| domTT_update boolean| domTT_dragEnabled undefined| domTT_currentDragTarget undefined| domTT_dragMouseDown undefined| domTT_dragOffsetLeft undefined| domTT_dragOffsetTop function| domTT_dragStart function| domTT_dragUpdate function| domTT_dragStop function| Fadomatic function| jQuery object| layer object| _paq object| jQuery1124000920157133193844 object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log

2 Cookies

Domain/Path Name / Value
leaves.red/ Name: _pk_id.1.0683
Value: 4698716e4a7ec4d5.1687986672.
leaves.red/ Name: _pk_ses.1.0683
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000 max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acts.leaves.red
leaves.red
s3.leaves.red
stats.leaves.red
tracker.leaves.red
185.250.38.130
2606:4700:e0::ac40:6414
2606:4700:e0::ac40:6514
2a02:fe80:1010::2:6
2a02:fe80:1010::3:8
06288669cdfa88b62d9cb65c56ae6140b242d34cbf37f9ee3fd66187ca109928
06739aa96be5aa56c4fe8f54bfb7db0a8990d565d75a6c49af9ae8c583c1c145
16ad5d4668299e82ad7d4394e73737114f67380a5939ee54110194bf4431fc8f
34bbf39a013ba1ddee36ad708a4b4b0047eb357e4a00ceb5555048f77c84ef0b
40da66f738fb412b7c2bdbe097616c877f960192f7de8a63b6983047d0680fbf
45316a124ceec0ff49686d733e6c84accd151d83d05ee83171fe0d2d3e0958f2
4574aea110cdaa1cf0c27bc5d0d9364a3c18e7a33a185c87d581c6b159703e01
48d265189e0940eb4e3057e41b20247f7a06df821c991d3d288da4387c919dc8
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540
67766690d6f0c61a667e6b2bc484a5eb15e83a37afe83d6b6b7ea801fe4508d7
744b9337d7285f8c00b579b89859772ffd9f228561355417eab03398c5136782
779febb8bcc64bba46f6f3bb6354ce40c53538e0168cdcf783e4fecbb3ade60e
796ca08375594e814b466f43108065f1d18f9e09cb0bd75047263a827ef7af42
955ea934893a34cda50518cc06c9d4497c3722426d396ac1bcc023998beaa238
9a21caab36e322c7096cae1930ba9211a22be8ee676bdc38116d973f2692083b
a97e4941ceb1a7df7bcf5e9631b8d9e8f7b47d7ccb59b5ed3968380465e0e824
ab7dcdd47967f676da7d4ea08d686c05311925fbe9031f0fe8ae29e73ae79338
ac98fa267e9df7485974af1ce2ecbb54c29bf4d7e22e4127985627d472eb1a1c
aefaddd09e17bbf0bb2b2ca2a2ee59d4e1229e59e4bd53c43377f2054ee096d3
c6ab7f6802625047397f8e0ecef3848b55913469d4f986843caf615a11b68b00
ce1a8b626c5803e1d8b17a06fdfaf86f024aaec94e49784251fb1fb2fa1c0d67
d3cea4a0d94aa99e3cf8ff13e660e36e0dcf86f16ffa137bf0e633e5fb4a1ca3
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693
db9b19e20def3661af1e5f66fabc9f7c2ec444533e9b656acfd91d15c16689d6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6e8515713553103c49adf9dec1d3c4efc2a17fce779057a77535db5c5a69de1
fa18042255143442997ec657d1d7df1e9a41c33b382b5dc3b9a7f8ced0a937cf