URL: http://mpshark.com/
Submission: On December 03 via manual from UA — Scanned from DE

Summary

This website contacted 13 IPs in 6 countries across 23 domains to perform 55 HTTP transactions. The main IP is 2606:4700:3031::6815:e2b, located in United States and belongs to CLOUDFLARENET, US. The main domain is mpshark.com. The Cisco Umbrella rank of the primary domain is 443625.
This is the only time mpshark.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 2606:4700:303... 13335 (CLOUDFLAR...)
6 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
6 6 2606:4700:303... 13335 (CLOUDFLAR...)
4 4 104.21.82.27 13335 (CLOUDFLAR...)
2 34.195.224.242 14618 (AMAZON-AES)
2 54.225.185.110 14618 (AMAZON-AES)
4 4 2606:4700:303... 13335 (CLOUDFLAR...)
4 12 2a06:98c1:312... 13335 (CLOUDFLAR...)
4 17 2a06:98c1:312... 13335 (CLOUDFLAR...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
4 4 51.161.115.163 16276 (OVH)
1 1 2604:9e00:1:1... 27257 (WEBAIR-IN...)
2 2 216.18.168.29 29789 (REFLECTED)
1 1 216.18.168.28 29789 (REFLECTED)
1 95.211.229.248 60781 (LEASEWEB-...)
4 4 51.83.143.92 16276 (OVH)
1 1 5.161.78.177 213230 (HETZNER-C...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 35.170.104.65 14618 (AMAZON-AES)
2 116.202.16.124 24940 (HETZNER-AS)
55 13
Apex Domain
Subdomains
Transfer
16 ueive.com
my.ueive.com — Cisco Umbrella Rank: 514799
25 KB
12 zzzperform.com
trk25.zzzperform.com
56 KB
10 mpshark.com
mpshark.com — Cisco Umbrella Rank: 443625
4 MB
6 zap.buzz
zap.buzz — Cisco Umbrella Rank: 242529
2 KB
6 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
4 KB
4 hightid.com
t3.hightid.com — Cisco Umbrella Rank: 520034
1 KB
4 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 572174
3 KB
4 misctraff.com
misctraff.com — Cisco Umbrella Rank: 440443
1 KB
4 ncelewasgildeda.net
wxasm.ncelewasgildeda.net
fsrqt.ncelewasgildeda.net
64 KB
4 egazedatthe.xyz
egazedatthe.xyz — Cisco Umbrella Rank: 796045
3 KB
3 lowtid.com
t10.lowtid.com — Cisco Umbrella Rank: 265923
855 B
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204
48 KB
2 myfontastic.com
file.myfontastic.com — Cisco Umbrella Rank: 322277
1 KB
2 popcash.net
popcash.net — Cisco Umbrella Rank: 80934
ps.popcash.net — Cisco Umbrella Rank: 249521
888 B
2 tfosrv.com
tfosrv.com — Cisco Umbrella Rank: 105717
1 KB
2 gstatic.com
fonts.gstatic.com
70 KB
1 popmyads.com
popmyads.com — Cisco Umbrella Rank: 229575
1 twtch.co
cher.twtch.co — Cisco Umbrella Rank: 759307
1 trffclb.com
gummy.trffclb.com — Cisco Umbrella Rank: 446597
338 B
1 lowsea.fun
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun — Cisco Umbrella Rank: 340228
287 B
1 pemsrv.com
s.pemsrv.com — Cisco Umbrella Rank: 29691
457 B
1 trafforsrv.com
trafforsrv.com — Cisco Umbrella Rank: 118886
417 B
1 savethereef.xyz
go.savethereef.xyz — Cisco Umbrella Rank: 308810
224 B
55 23
Domain Requested by
16 my.ueive.com 4 redirects trk25.zzzperform.com
mpshark.com
my.ueive.com
12 trk25.zzzperform.com 4 redirects mpshark.com
10 mpshark.com mpshark.com
6 zap.buzz 6 redirects
6 fonts.googleapis.com mpshark.com
fsrqt.ncelewasgildeda.net
wxasm.ncelewasgildeda.net
4 t3.hightid.com 4 redirects
4 cdn.addlnk.com my.ueive.com
4 misctraff.com 4 redirects
4 egazedatthe.xyz 4 redirects
3 t10.lowtid.com 3 redirects
3 cdnjs.cloudflare.com mpshark.com
2 file.myfontastic.com fsrqt.ncelewasgildeda.net
wxasm.ncelewasgildeda.net
2 tfosrv.com 2 redirects
2 fsrqt.ncelewasgildeda.net mpshark.com
fsrqt.ncelewasgildeda.net
2 wxasm.ncelewasgildeda.net mpshark.com
wxasm.ncelewasgildeda.net
2 fonts.gstatic.com fonts.googleapis.com
1 popmyads.com my.ueive.com
1 ps.popcash.net my.ueive.com
1 popcash.net 1 redirects
1 cher.twtch.co my.ueive.com
1 gummy.trffclb.com 1 redirects
1 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun 1 redirects
1 s.pemsrv.com my.ueive.com
1 trafforsrv.com 1 redirects
1 go.savethereef.xyz 1 redirects
55 25

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
*.gstatic.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
ncelewasgildeda.net
R3
2023-11-13 -
2024-02-11
3 months crt.sh
zzzperform.com
GTS CA 1P5
2023-11-19 -
2024-02-17
3 months crt.sh
ueive.com
GTS CA 1P5
2023-11-14 -
2024-02-12
3 months crt.sh
addlnk.com
GTS CA 1P5
2023-10-09 -
2024-01-07
3 months crt.sh
pemsrv.com
R3
2023-10-05 -
2024-01-03
3 months crt.sh
twtch.co
GTS CA 1P5
2023-11-20 -
2024-02-18
3 months crt.sh
popmyads.com
GTS CA 1P5
2023-10-27 -
2024-01-25
3 months crt.sh
file.myfontastic.com
Sectigo RSA Domain Validation Secure Server CA
2022-11-02 -
2023-12-03
a year crt.sh

This page contains 11 frames:

Primary Page: http://mpshark.com/
Frame ID: 12B0EF7FAAD989523E4DFF07BD3E38CD
Requests: 19 HTTP requests in this frame

Frame: https://wxasm.ncelewasgildeda.net/XRJLWZ?tag_id=989716&sub_id1=&sub_id2=7358909880525658277&cookie_id=99eb8b95-dc7f-45c6-9125-53966f5e138a&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Frame ID: 500EF8D89A3CC9E624E6D58078C0B974
Requests: 4 HTTP requests in this frame

Frame: https://fsrqt.ncelewasgildeda.net/BMOU?tag_id=989716&sub_id1=&sub_id2=346767376558478178&cookie_id=ce1160dd-bdab-4e26-b9e8-bf3fce9f244b&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Frame ID: AC13F24CB600D8C13DC03CCC2B600044
Requests: 4 HTTP requests in this frame

Frame: https://cher.twtch.co/l.php?p=c:9qopki6xwqp07eckv&d=642a92571348034a06139c58&s=lone.cf.888.koala.3k4fcald.de.&pid=656ccd3583d74755fb7277db
Frame ID: 0441886CEB912E40EDB77F79F7DF9564
Requests: 5 HTTP requests in this frame

Frame: https://s.pemsrv.com/splash.php?idzone=5040978&type=8
Frame ID: 92C0037A2ADDE492221AE7A4CFCAD222
Requests: 5 HTTP requests in this frame

Frame: https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=
Frame ID: BA96831F0DE55C0ACB2D129AE14BC7AE
Requests: 5 HTTP requests in this frame

Frame: http://ps.popcash.net/go/134600/317194
Frame ID: F1FC795A662B4B81A4EFC069A0B7E370
Requests: 5 HTTP requests in this frame

Frame: https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: 557B29BEC69C58CF3B9D80E807C436B6
Requests: 2 HTTP requests in this frame

Frame: https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: 745878CD7C5862CEC8FEDD152584EA55
Requests: 2 HTTP requests in this frame

Frame: https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: 19A89DFA27E75BB57E36F2A2AF5091C0
Requests: 2 HTTP requests in this frame

Frame: https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: 696573919D7D8925FD0BF893B25B78E4
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Best YouTube to MP3 Converter - MPShark

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
  • /popper\.js/([0-9.]+)

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

55
Requests

73 %
HTTPS

52 %
IPv6

23
Domains

25
Subdomains

13
IPs

6
Countries

4510 kB
Transfer

5065 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://zap.buzz/6YYQQG5 HTTP 302
  • http://egazedatthe.xyz/redirect?tid=989716 HTTP 301
  • https://egazedatthe.xyz/redirect?tid=989716 HTTP 302
  • https://wxasm.ncelewasgildeda.net/XRJLWZ?tag_id=989716&sub_id1=&sub_id2=7358909880525658277&cookie_id=99eb8b95-dc7f-45c6-9125-53966f5e138a&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Request Chain 19
  • https://zap.buzz/6YYQQG5 HTTP 302
  • http://egazedatthe.xyz/redirect?tid=989716 HTTP 301
  • https://egazedatthe.xyz/redirect?tid=989716 HTTP 302
  • https://fsrqt.ncelewasgildeda.net/BMOU?tag_id=989716&sub_id1=&sub_id2=346767376558478178&cookie_id=ce1160dd-bdab-4e26-b9e8-bf3fce9f244b&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Request Chain 20
  • https://zap.buzz/zEMyeOO HTTP 302
  • https://misctraff.com/l/27041636549f701de242?sub={yourClickId}&source={yourSubPublisherId} HTTP 302
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Request Chain 21
  • https://zap.buzz/zEMyeOO HTTP 302
  • https://misctraff.com/l/27041636549f701de242?sub={yourClickId}&source={yourSubPublisherId} HTTP 302
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Request Chain 22
  • https://zap.buzz/zEMyeOO HTTP 302
  • https://misctraff.com/l/27041636549f701de242?sub={yourClickId}&source={yourSubPublisherId} HTTP 302
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Request Chain 23
  • https://zap.buzz/zEMyeOO HTTP 302
  • https://misctraff.com/l/27041636549f701de242?sub={yourClickId}&source={yourSubPublisherId} HTTP 302
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Request Chain 24
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}&code=2dY3VvBDU8Njg.O0M9P0NCP0kRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVbjQ0A3hobggIcoEMPA13dxFBEnSLFkdNSEkafIQeT1FQUSKXniZTXVgpjKCVZAICZm9qBzgIbHVuDT0OfoJ-hhQUi4R7GWCJioOJgz9pj4VRJI2ZjYsqkIyYc2YCaXZyB3t6fm8LgW4PXH.Le3.AdkVMRkk6Q3OGjIOPmJVDcnlGWFhXWmZMV2pwOThAJn8.PTMrTX1.e3Vod3VffopGTUxRSU9TPkdraXZwcFFGk5GUj0tzZWRtci0lSW96eHdwOz4-SD5BQElESUtFSVJTO29.hICSilFYV1xUWl4pi6EtOAFmcAU1Bmg8PAs7PD4.P0ARc0dIFkZHGIyAHExNTlAgh4gkVVZWJ4uRjixdAGdueQVrZ3N7bgpudHoPP0FCEn.CfBdISElKG4.RkIYhUlNUVVZXVyiYnY6cdQICc3ZpeXxqCjw7PEA.QEBIEniKgYQYS0wajYGDH4eUlZJdU1STl5uRi52XLmRxcDMFeGlrbAs8PD9DQEFGRRN3g4qHGRmRiYkeHpaHjZgkbZOajJRJc5mPLgFlZ2sGNzg4OTo7PD0.P0BCQ0NERkZISUpLTE1OTlBRUlJUVFZWWFlaWlxdMTIzNDU1Nzg5Ojs8PT4-QEFCQ0RFRkdHSBl9hJEeT1BRUVNUVVZXWFlaW1xdMTEzMzU2Nzg5CYGAgA6FPUBMiUFtS2xtU5BIjVCLjI2OXJlRkFmUlZaXZaJadDd3PnszS1J1QWALd3l8dhF2gEBpaFF8hhmMj5AeTh.MgpEkjJmal2JYWZicc2ljdW8zaXZ1CXJ3fw4.D36FE0RFRUZISElKTByUgiBRUlKFViWJmaAqbZOeb25nI1RJTCdYdX9ydXuKeH6Fd4WCdoJEiH2ASJKGg5aFk11mjJeVlI1Jem9yIFdraHtqeIN1cXRxbnpydnN3fHV2hXd8h4OJgYuFjYSGiIuIjI.HkGN3i5.VdmYiRnBua3V8hXN5gHKAfXF9P4F1eIJEiIWPgoWLHpKDhSNVWCWZl4wqXF8sZHF0BDUFdGpsCkM5QA17g4ASQ0g_&_tdf=36 HTTP 302
  • https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221&hash=27041636549f701de242&ete=true
Request Chain 25
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}&code=36Y3VvBDU8Njg.O0M9P0NCQEgRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1aXgDMwRubgg4CWuCDT5EP0ARc3sVRkhHSBmOlR1KVE8gg5eMiCYmipOOK1wskJmSMWEyoqajdAICeXJpB053eHF3cS1XfXM-EnuHe3kYfnqGjoEdhJGNIpaVmYomnIkqd5qmlpqbkWBnYWRVKFhrcWh0fXooV14rPT08P0sxaXyCS0pSOJFQT0U9X4.QjYd6iYdxkJxYX15jW2FlUFl9e4iCTC0ib21waydPbm12ezYuUniDgYB5REdIUUdKSVJNUlROUltcRHiHjYmbk1phYGVdY2cylKo2OAFmcAU1Bmg8PAs7PD4.P0ARc0dIFkZHGIyAHExNTlAgh4gkVVZWJ4uRjixdLZSbpjKYlKCoZQFla3EGNjg5CXZ5cw4-P0BBEoaIh30YSUpLTE1OTh.PlIWTmSYml5qNnaCOLmBfYGRiZGRsAGZ4b3IGOToIe29xDXWCg4BLQUKBhYl-eYuFSX.Mi04gk4SGhyZXV1peW1xhYC6SnqWiNDSsbm4DA3tscn0JUnh-cXkuWH50QBN3eX0YSUpKS0xNTk9QUVJUVVVWWFhaW1xdXl9gYGJjZGRmMDIyNDU2Njg5Ojs8PT4.QEFCQ0RFRkdISUpLTE1OT1BQUSKGjZonWFlaWlxdXl9gYWJjZGVmMTEzMzU2Nzg5CYGAgA6FPUBMiUFtS2xtU5BIjVCLjI2OXJlRkFmUlZaXZaJaoWSka6hgeH.iOFcCbnBzbQhtdzdgX0hzfRCDhocVRRaDeYgbg5CRjllPUI.Tl42HmZNXjZqZLZabozJiM6KpATIzMzQ2Njc4OgqCcA4-QEBzRBN3h44YW4GMiomCPm9kZ0JzkJqNkJalk5mgkqCdkZ1fo5ibLXdraHtqeEJLcXx6eXIuX1RXMml9eo18ipWHg4aDgIyEiIWJjoeIl4mOmZWbk52Xn5aYmp2aaGtjbD9TZ3txf28rT3l3dH6FjnyCiXuJhnqGSIp.gYtNkY6Yi46UJ5uMjixeYS6ioJUzZWg1ZHF0BDUFdGpsCkM5QA17g4ASQ0g_&_tdf=36 HTTP 302
  • https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901&hash=27041636549f701de242&ete=true
Request Chain 26
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}&code=3cY3VvBDU8Njg.O0M9P0NCQUURhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645aTqkaAIyA2V8Bzg.OToLbXUPQEJBQhOIjxdETkkafZGGgiAghI2IJVYmipOMK1ssnKCdpDIyqaKZN36nqKGnZSFLcWczBm97b20Mcm56gnUReIWBFoqJjX4akH0ea46aio6PhVRbVVhJUoKVm5Kep6RSgYhVZ2dmaXVbV2pwOThAJn8.PTMrTX1.e3Vod3VffopGTUxRSU9TPkdraXZwcFFGk5GUj0tzkpGan1pSdpynpaSdaGtsOS8yMTo1Ojw2OkNELGBvdXGDe0JJSE1FS08afJIeVh.EjiNTJIZaWilZWlxcXV4vkWVmNGRlNqqeOmprMDICaWoGNzg4CW1zcA4-D3Z9iBR6doKKfRl9g4keTlBRIY6RiyZXV1hZKp6gn5UwYWJjZGVmZjenrJ2rdQICc3ZpeXxqCjw7PEA.QEBIEniKgYQYS0wajYGDH4eUlZJdU1STl5uRi52XW5GenWAypZaYmThpaWxwMTI3NgRodHt4CgqCenoPD4d4fokVXoSLfYU6ZIqATB.DhYkkVVZWV1hZWltcXV5gYWFiZGRmZ2hpamtsMDIzNDQ2Njg4Ojs8PD4-QEFCQ0RERkdISUpLTE1OT1BRUlNUVVZWVyiMk6AtXl9gYGJjZGVmZ2hpamtsMTEzMzU2Nzg5CYGAgA6FPUBMiUFtS2xtU5BIjVCLjI2OXJlRkFmUlZaXZaJaoWSka6hgeH.ibo04pKapZwJncTFaWUJtdwp9gIEPPxB9c4IVfYqLiFNJSomNkYeBk41Rh5STJ5CVnSxcLZyjMWJjY2RmZmdoajqyZAIzNDRnOAdre4IMT3WAfn12MmNYWzZnhI6BhIqZh42UhpSRhZFTl4yPV6GVkqWUomx1m6ako5xYiX6BIFdraHtqeIN1cXRxbnpydnN3fHV2hXd8h4OJgYuFjYSGiIuIjI.HkGN3i5.Vo5NPc52bmKKpsqCmrZ.tbmJuMHJmaXM1eXaAc3Z8D4N0dhRGSRaKiH0bTVAdgo.SIlMjkoiKKGFXXiuZoZ4wYWY_&_tdf=36 HTTP 302
  • https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035&hash=27041636549f701de242&ete=true
Request Chain 27
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}&code=21Y3VvBDU8Njg.O0M9P0NCQkERhYV3Fn.GGI9-jR1PVB.JZGIDNDUFdnN8CmF0ekBAD4R0ehQUfo0YSBmDgx1NHoCXATI4MzQFZ28JOjw7PA2CiRE.SEMUd4uAfBoafoeCH1AgY2xlBDQFdXl2fQsLgntyEFeAgXqAejZghnxIG4SQhIIhZmJudmkFbHl1Cn59gXIOhHESX4KOfoKDeUhPSUw9RnaJbmVxenclVFsoOjo5PEguZnl-SEdPNY5NTEI6XIyNioR3ZWNNbHg0Ozo-Nz1BLDVZV2ReXj80gX.CfTlhgH.IjUhAQ2l0cnFqNTg5Qjg7OkM.Q0U-Q0xNNWl4fnqMhEtSUVZOMzcCZHoGPgdsdgs7DG5CQhFBQkRERUYXeU1OHExNHpKGATEyMzUFbG0JOjs7DHB2cxFCEnmAixd9eYWNgByAhowhMDIzA3BzbQg5OTo7DICCgXcSQ0RFRkdISBmJjn.NkyAgcHNmdnlnBzk4OT07PT1FD3WHfoEVSEkXin6AHISRko9aLzBvc3dtZ3lzN216eTwOgXJ0dRRFRUhMSUpPThyAjJOQAQF5cXEGBn5vdYAMVXuCdHwxW4F3QxZ6fIAbTE1NTk9QMDEyMzQ2Nzc4Ojo8PT4-QEFCQkRFRkZISEpKTE1OTlBRMTIzNDU1Nzg5Ojs8PT4-QEFCQ0RFRkdHSBl9hJEeT1BRMDIzNDU2Nzg5Ojs8PT0-P0FCQ0RFFY2MjBqRSUxYlU15NldYPnszeDt2d3h5R4Q8e0R-gIGCUI1FjE.PVpNLY2qNOFcCbnBzbQhtdzdgX0hzfRCDhocVRRaDeYgbg5CRjllPL25ydmxmeHI2bHl4DHV6ghFBEoGIFkdISElLS0xNTx.XZAIzNDRnOAdre4IMT3WAfn12MmNYWzZnhI6BhIqZh42UZXNwZHAydmtuNoB0cYRzgUtUeoWDgns3aF1gO3KGg5aFcn1va25raHRscG1xdm9wf3F2gX2De4V-h36AgoWChomBaTxQZHhufGwoTHZ0cXuCi3l-hniGg3eDRYd7fohKjouVZ2pwA3doagg6PQp.fHEPQUQRdoOGFkcXhnx.HFVLUh.NdHEDNDk_&_tdf=103 HTTP 302
  • https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16&hash=27041636549f701de242&ete=true
Request Chain 36
  • https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Request Chain 37
  • https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Request Chain 40
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pubdb13a0fadde449aaa79c18ac353f49ba&s=3k4fcald HTTP 302
  • https://go.savethereef.xyz/redirect?feed=557030&url=t3.hightid.com&subid=3k4fcald&query=&pub_clickid=656ccd35675a13280839344a&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP 302
  • https://tfosrv.com/show_std.php?id_site=13101&id_channel=60771&uf=true HTTP 302
  • https://tfosrv.com/impression.php?channel_id=60771&id=8e07a6f4-d9d6-44f4-a1ca-136670d39814%3Ac2e7522c-d366-4f5c-948b-0ea25093e409&site_id=13101&uuid=e861ce3c-2313-4aaa-97b9-39661d3fb637 HTTP 302
  • https://trafforsrv.com/click.php?id=8e07a6f4-d9d6-44f4-a1ca-136670d39814%3Ac2e7522c-d366-4f5c-948b-0ea25093e409 HTTP 302
  • https://s.pemsrv.com/splash.php?idzone=5040978&type=8
Request Chain 41
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub2f419ecaf28e4661bab49c68af8dbf1f&s=3k4fcald HTTP 302
  • https://t10.lowtid.com/s.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=koala.3k4fcald HTTP 302
  • https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.koala.3k4fcald.de.&k=bfb&url=&xrw=&lid=656ccd3532aa6a6f01012ab0&fid=888 HTTP 307
  • https://gummy.trffclb.com/l.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=656ccd3532aa6a6f01012ab0&source=888.koala.3k4fcald.de. HTTP 302
  • https://cher.twtch.co/l.php?p=c:9qopki6xwqp07eckv&d=642a92571348034a06139c58&s=lone.cf.888.koala.3k4fcald.de.&pid=656ccd3583d74755fb7277db
Request Chain 44
  • https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Request Chain 45
  • https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Request Chain 48
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=puba60bde68c14f45c18e3de8ce84b8ecb3&s=3k4fcald HTTP 302
  • https://t10.lowtid.com/s.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=koala.3k4fcald HTTP 302
  • https://popcash.net/world/go/134600/317194 HTTP 301
  • http://ps.popcash.net/go/134600/317194
Request Chain 49
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub2f419ecaf28e4661bab49c68af8dbf1f&s=3k4fcald HTTP 302
  • https://t10.lowtid.com/s.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=koala.3k4fcald HTTP 302
  • https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=

55 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
mpshark.com/
24 KB
5 KB
Document
General
Full URL
http://mpshark.com/
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ae5c59810a0de5f5dc0700f0be225e650fc4de4fbc137f97f4ff6b925c4a2c4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
82fdfa2408061ca1-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Sun, 03 Dec 2023 18:47:15 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FuUqQkhvy8jpJUeCXMsdj0FghCIRU%2FiFvhQA3X%2FdhxwHV%2BHhNrfdVpknjcCA3YmDv9B7JqN7BGkIAklG8wgaJzgK3DbuHOl6%2FLrxzLqFl1ZPFCkZ%2FBkIoiEvbJ1rjK4Mbc5KuCSj%2B84c8w%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Cookie
alt-svc
h3=":443"; ma=86400
bootstrap.min.css
mpshark.com/static/vendor/bootstrap/css/
157 KB
24 KB
Stylesheet
General
Full URL
http://mpshark.com/static/vendor/bootstrap/css/bootstrap.min.css
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:15 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Mon, 13 Jul 2020 20:51:47 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"5f0cc963-27293"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Ci7OtTPaamEBSVAius0c1TKbTAe2F%2BDuVmjuZIJAoeYI%2FQD9HQHSCaFxymj6sglz6m7p%2FV6NHJB7DR5LihmejS0zsia8DV%2B851BRv0iZMIfc4mXAcpQN%2BQM75dHa%2BbfxAdbjijeEe%2BHYA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
82fdfa24585c1ca1-FRA
alt-svc
h3=":443"; ma=86400
all.min.css
mpshark.com/static/vendor/fontawesome-free/css/
58 KB
13 KB
Stylesheet
General
Full URL
http://mpshark.com/static/vendor/fontawesome-free/css/all.min.css
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9716994f96b14296dd1b21d3e0a73f07ee88e7935d07ebdc51a9df7eb934a10

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:15 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Mon, 13 Jul 2020 20:51:47 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"5f0cc963-e637"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZNPFORW1v4HkIqrR%2BzfFQLDFG5ppeodjNnPaK33WYYkfHOV%2F%2BHYV7QjBL9RruKUSlkPaV738Cv1CKlPgkc9FwzJjlh1d%2BrdF4wcXvVv6eUZKf2MXGMozXGhsbehOkgWqkWODitwyihRKLw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
82fdfa246f6a085d-FRA
alt-svc
h3=":443"; ma=86400
simple-line-icons.css
mpshark.com/static/vendor/simple-line-icons/css/
13 KB
3 KB
Stylesheet
General
Full URL
http://mpshark.com/static/vendor/simple-line-icons/css/simple-line-icons.css
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab9f855e542893de23c7b7e4897eb91066c9dbbfeaa1b1fa73a826867833b4b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:15 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Mon, 13 Jul 2020 20:51:47 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"5f0cc963-329e"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=acHfHbIke%2B3qo549jhpd01A5hlLQULP0IDLKaalNZuA5sWgEZH1EAD2hODstfWaGGGs89zNKbSSoNuqdnjhXeqMi%2BpJMLjNw4Palpx38OgVNTKgjrggb1hf1y1JyVD5kG9NR0kwU4uM0ew%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
82fdfa246fa9bb62-FRA
alt-svc
h3=":443"; ma=86400
css
fonts.googleapis.com/
4 KB
585 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6b9f1135ba160e5dc694ad7977f6bf73d40d3c15742b14ca8910ea23bb3e6e79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 03 Dec 2023 18:47:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 03 Dec 2023 17:28:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 03 Dec 2023 18:47:15 GMT
css2
fonts.googleapis.com/
7 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700&display=swap&family=Kanit:wght@200&display=swap
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bd50ac935fb5fcda8978d189be4245514e60231a47bd466707ee354eb7b2478c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 03 Dec 2023 18:47:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 03 Dec 2023 17:32:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 03 Dec 2023 18:47:15 GMT
css2
fonts.googleapis.com/
1 KB
555 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Itim&display=swap
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
155cb29f145297cd77a3c8b113ec50839dcc6ae74f67efd1859157706ed83f65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 03 Dec 2023 18:47:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 03 Dec 2023 18:13:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 03 Dec 2023 18:47:15 GMT
css
fonts.googleapis.com/
9 KB
839 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 03 Dec 2023 18:47:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 03 Dec 2023 18:31:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 03 Dec 2023 18:47:15 GMT
landing-page.min.css
mpshark.com/static/css/
2 KB
1 KB
Stylesheet
General
Full URL
http://mpshark.com/static/css/landing-page.min.css
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1f74804c9159254155f0227b54030743c99f9d6c77b4704e9bb39a1a4044c79

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:15 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Last-Modified
Mon, 13 Jul 2020 20:51:47 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"5f0cc963-7d4"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vrkujis5pegSMHqNzhYP4hG5SfyImjrW%2BRLmfysvPQmnXdeVGhNRDXDZzLy04RZHyOKS799OVe3Kj0ZV1brESoNOvRH5InXYMwQ%2F1zifmfuOvcK%2B4amn1hjV0ZuR2wxjxCNEw0SlUtfZWA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
82fdfa246e0d3a44-FRA
alt-svc
h3=":443"; ma=86400
nice-select.css
mpshark.com/static/css/
4 KB
2 KB
Stylesheet
General
Full URL
http://mpshark.com/static/css/nice-select.css
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c13280e79f74109c5e3854822c0f0c972d0a57245c95b0b3762f9788bd918f8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:15 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Mon, 13 Jul 2020 20:51:47 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"5f0cc963-fa7"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cs%2BQv1zQ8nzh9blCLQWiPX5N9%2BDP3%2BGaKrH%2FdvDsbpzrRhXFy44hWt663DEjNZEp7jh1OuMWIzfr4sVRHl0UAJZ4Y6%2B5GOQfVayP9ozYjT9A7VJILwGcupQUD9KuTR13%2FE%2BZqxoR6vKEwg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
82fdfa2489e7f0a7-CDG
alt-svc
h3=":443"; ma=86400
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/
86 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
233199
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27748
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-15851"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9BRvT6%2F54pphY9e8KGPnzYgsPbREMqEoQUiRgmXsv0jhvhMEIoIlAi3Y8%2BjmW6mwA7o8lpRjaZEn722gSdx9OrHULDTCJhMxQrFSnzI1ONgWLjfyS7khdcb5nQdB1dT8ygvp16kZb2ZqFC3xX%2FNG1%2Ffe"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82fdfa248d6abb79-FRA
expires
Fri, 22 Nov 2024 18:47:15 GMT
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.4/umd/
20 KB
7 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.4/umd/popper.min.js
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
106b3d4f5c4c1ddbccd6078cf233e9a28f04675575551b26709cfc381c8434b0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
474243
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
6507
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-5038"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y286RpAwGBkqwWWo9g3QjOke7eJrwPqeL%2FgPXqhDfgzZ5Nre3Q6hFYRLIM87OcUB93NXKHC7sEJXD4%2BjBedaYNMWHSZtgjBqu%2FAQR7QJPtHL1%2FU14ceFgUCFKi%2BWqi4I8d7hg%2BV2Eu61L%2FbrLYZNtXOO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82fdfa248d61bb79-FRA
expires
Fri, 22 Nov 2024 18:47:15 GMT
bootstrap.min.js
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.4.1/js/
59 KB
14 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.4.1/js/bootstrap.min.js
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1032008
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13947
last-modified
Mon, 04 May 2020 16:17:20 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04010-ea6a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uIlnBk9Fp%2FzEdO2YJT53EK56zklhgY48UIxMFls8WyOdPiZphp%2FZHm%2FOHSNhlngECd3UYL51p8qOGQC96QcL9T9WXsCUeyhILBs%2F2jbigXMTNEJx9M6olW1MLJnK8vDF2nSsEarNPadu7qhnVN9AeQhs"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82fdfa248d66bb79-FRA
expires
Fri, 22 Nov 2024 18:47:15 GMT
jquery.nice-select.min.js
mpshark.com/static/js/
5 KB
2 KB
Script
General
Full URL
http://mpshark.com/static/js/jquery.nice-select.min.js
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98c790ddb1f2f5b03f594f16c507038d3a569f514bdb5a4a65e5f2a2ab031d16

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:15 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
Last-Modified
Mon, 13 Jul 2020 20:51:47 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
W/"5f0cc963-1491"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rfvrgNfXxPQFuraELi6m4jAsiwQkodli%2FUQDsL1ynpugV379mz%2F1IVWRuME8N0r%2Baf3ta4ojpYCkjG5qTB1IVamSNfQPGl6xNYnC8e%2F6sPOTZxk0qo%2BJc8Xcx3NDptG6EnCzsIkg%2FTsb1g%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Vary
Accept-Encoding
Cache-Control
max-age=14400
Connection
keep-alive
CF-RAY
82fdfa248f3d3cb7-CDG
alt-svc
h3=":443"; ma=86400
logo.png
mpshark.com/static/images/
552 KB
553 KB
Image
General
Full URL
http://mpshark.com/static/images/logo.png
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
230e8424c9c7539874de39b69c00edf8fee65613dbc32b4d999f0dd73adf9307

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:15 GMT
CF-Cache-Status
MISS
Last-Modified
Wed, 15 Jul 2020 22:21:08 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
"5f0f8154-8a068"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2BGlHsMjwMQUWnXM58q6Y7ozb4NIbAiS7Fb7TJ72DPzrTsPNjEGCG%2F1dyHGJ%2B7VSCXdevCfa8aeqXDOAdd1njCSKVD%2Fod1PxarEUiucY6CMp2XvLCJaTcAzkCxZNP32cb8I582Ub%2BJy4aA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
82fdfa249e4c3a44-FRA
alt-svc
h3=":443"; ma=86400
Content-Length
565352
bg-masthead.jpg
mpshark.com/static/images/
3 MB
3 MB
Image
General
Full URL
http://mpshark.com/static/images/bg-masthead.jpg
Requested by
Host: mpshark.com
URL: http://mpshark.com/static/css/landing-page.min.css
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac0007423ab131a26c3ff023d2046eea25bccaab1ae3420817b30c57ffe1f779

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://mpshark.com/static/css/landing-page.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:16 GMT
CF-Cache-Status
MISS
Last-Modified
Mon, 13 Jul 2020 20:51:47 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
"5f0cc963-37a7bf"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CNLsnl1UfaVdrm3JChEmwzuFuMhRreUOQ1Hay4zYUjgKMcQvO%2FTsj5nDvQn8aLb7cosQ9BU5nCgU9K%2FbSg4d5Zz1LbaU0S%2Fl2C7FWdsDelWYJzng8QpBhJJ4qf%2FNC0g1TZ5MX2gl9POp5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
image/jpeg
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
82fdfa251ad9f0a7-CDG
alt-svc
h3=":443"; ma=86400
Content-Length
3647423
fa-brands-400.woff2
mpshark.com/static/vendor/fontawesome-free/webfonts/
76 KB
76 KB
Font
General
Full URL
http://mpshark.com/static/vendor/fontawesome-free/webfonts/fa-brands-400.woff2
Requested by
Host: mpshark.com
URL: http://mpshark.com/static/vendor/fontawesome-free/css/all.min.css
Protocol
HTTP/1.1
Server
2606:4700:3031::6815:e2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e98ae3ff936b4723cd8a2377d2c549a667ce87e81201ec4995cc01bd374c1288

Request headers

Referer
http://mpshark.com/static/vendor/fontawesome-free/css/all.min.css
Origin
http://mpshark.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:16 GMT
CF-Cache-Status
MISS
Last-Modified
Mon, 13 Jul 2020 20:51:47 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
ETag
"5f0cc963-12e84"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qa4CisA8%2BYMHxUUnMWKxbEHuYbZGFqbqsyTX8%2FCaL3km5wHylhkyEbXo%2Ff7%2B9WWOGjiLvp7t3d5NroFd%2FRcxHtAQwpkCM4b5%2BX2P9UqyHlHoMWP0x60DumMar4Ph8QHeOL0CDPVDuYa85g%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
application/octet-stream
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
82fdfa25183a3cb7-CDG
alt-svc
h3=":443"; ma=86400
Content-Length
77444
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/
23 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://mpshark.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Thu, 30 Nov 2023 11:54:38 GMT
x-content-type-options
nosniff
age
283958
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23040
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:07:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 29 Nov 2024 11:54:38 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/
47 KB
48 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700&display=swap&family=Kanit:wght@200&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://mpshark.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 14:29:28 GMT
x-content-type-options
nosniff
age
188268
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48432
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:40:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Nov 2024 14:29:28 GMT
XRJLWZ
wxasm.ncelewasgildeda.net/ Frame 500E
Redirect Chain
  • https://zap.buzz/6YYQQG5
  • http://egazedatthe.xyz/redirect?tid=989716
  • https://egazedatthe.xyz/redirect?tid=989716
  • https://wxasm.ncelewasgildeda.net/XRJLWZ?tag_id=989716&sub_id1=&sub_id2=7358909880525658277&cookie_id=99eb8b95-dc7f-45c6-9125-53966f5e138a&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redi...
13 KB
5 KB
Document
General
Full URL
https://wxasm.ncelewasgildeda.net/XRJLWZ?tag_id=989716&sub_id1=&sub_id2=7358909880525658277&cookie_id=99eb8b95-dc7f-45c6-9125-53966f5e138a&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.195.224.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-195-224-242.compute-1.amazonaws.com
Software
/ Express
Resource Hash
0afb5412783ebcb8e5b04b68919cc4bd0f1b47aa8dd23b8167949e8728807b9d

Request headers

Referer
http://mpshark.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
X-Requested-With,content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html; charset=utf-8
etag
W/"3209-SKm1mlQpX48Kazf5HXliTdf1Z3s"
vary
Accept-Encoding
x-powered-by
Express

Redirect headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, no-transform
cf-cache-status
DYNAMIC
cf-ray
82fdfa27080e0a73-AMS
content-length
0
content-type
text/plain
date
Sun, 03 Dec 2023 18:47:16 GMT
location
https://wxasm.ncelewasgildeda.net/XRJLWZ?tag_id=989716&sub_id1=&sub_id2=7358909880525658277&cookie_id=99eb8b95-dc7f-45c6-9125-53966f5e138a&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="NID DSP ALL COR"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=StsRCuCRm9VIWRbBuzDk80IhZnlTs4Ab5lnr8AsjKt9b85osp7UWiUmG6Pt8qE7hJ9f2i978eMy6Ff5vYsF6oApz7mhfAncSFoT4ix%2FiGU439Ed6ftQwPgFeQk15TPCw%2FXw%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
BMOU
fsrqt.ncelewasgildeda.net/ Frame AC13
Redirect Chain
  • https://zap.buzz/6YYQQG5
  • http://egazedatthe.xyz/redirect?tid=989716
  • https://egazedatthe.xyz/redirect?tid=989716
  • https://fsrqt.ncelewasgildeda.net/BMOU?tag_id=989716&sub_id1=&sub_id2=346767376558478178&cookie_id=ce1160dd-bdab-4e26-b9e8-bf3fce9f244b&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirec...
13 KB
5 KB
Document
General
Full URL
https://fsrqt.ncelewasgildeda.net/BMOU?tag_id=989716&sub_id1=&sub_id2=346767376558478178&cookie_id=ce1160dd-bdab-4e26-b9e8-bf3fce9f244b&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.225.185.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-225-185-110.compute-1.amazonaws.com
Software
/ Express
Resource Hash
7e9d73bb0820b819162c4cbb90c1f95485b37fee16e622b25cbd20164c986526

Request headers

Referer
http://mpshark.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
X-Requested-With,content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html; charset=utf-8
etag
W/"3207-tKJXW6z/aPVCbyhOMeH7xBxmngA"
vary
Accept-Encoding
x-powered-by
Express

Redirect headers

accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, no-transform
cf-cache-status
DYNAMIC
cf-ray
82fdfa2708060a73-AMS
content-length
0
content-type
text/plain
date
Sun, 03 Dec 2023 18:47:16 GMT
location
https://fsrqt.ncelewasgildeda.net/BMOU?tag_id=989716&sub_id1=&sub_id2=346767376558478178&cookie_id=ce1160dd-bdab-4e26-b9e8-bf3fce9f244b&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="NID DSP ALL COR"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N4KuPOBfQ9wdbKmbdpNG3Icz5kHbctOh%2F%2BG%2FnhYNyfL8o4eUkuyK%2FG7DM80Pq6pQ5W1YJHmtNwK2xe%2F9RtI93lD51jJz%2FaRDmxgEbm9kvmEe%2FRowGtvcDNzA%2FxwrCD8FlPw%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
27041636549f701de242.js
trk25.zzzperform.com/l/ Frame 0441
Redirect Chain
  • https://zap.buzz/zEMyeOO
  • https://misctraff.com/l/27041636549f701de242?sub={yourClickId}&source={yourSubPublisherId}
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
36 KB
12 KB
Document
General
Full URL
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Referer
http://mpshark.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2783
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
82fdfa26cb9d364d-FRA
content-encoding
br
content-type
text/html
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Wed, 27 Sep 2023 17:56:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sJ8biVr3QxYv4tPYgGlEKNi%2FmU6aa6DG7B6yVpR5%2Fv8gvQoEFNuHJIq7nxhOoAeQuWvhH%2BwbFvAPMrjp8FuvsK1QJoMOJkczGww3OEhm1Wna%2F6pKHcAI2KG65RFWvhdj3NwEd%2BK8bijfYiw7sIt9OtPOww%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
82fdfa266863bbda-FRA
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nqr0gBV4fef91P7DwBsnZIUtTclMAknVDt4KcCvDNIYJWgxh%2BWBDRo5u0uO2nqOA9SbuZXQvqEZuKxECvTIYE1QVlfRBP0VQlIdOB8BiwxBymz94kDFfm8aSpMEC5OJgFCsL9i21cab4kx0H"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
27041636549f701de242.js
trk25.zzzperform.com/l/ Frame 92C0
Redirect Chain
  • https://zap.buzz/zEMyeOO
  • https://misctraff.com/l/27041636549f701de242?sub={yourClickId}&source={yourSubPublisherId}
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
36 KB
12 KB
Document
General
Full URL
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Referer
http://mpshark.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2783
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
82fdfa26cba0364d-FRA
content-encoding
br
content-type
text/html
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Wed, 27 Sep 2023 17:56:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PemXexH1K7TDDM2m6ids%2F%2BJhoSiqQNyEQybazfP9zuKfqxV9F%2BlicCtSAbLwc5L%2FKRfLYATbns6UekZEPVTQpOgtudDqavIw63vjsScw%2BwIQv78fK9Fag92BPKFFC8TeOfFO0SQAGH7CKvn5DL21FPzmpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
82fdfa26685dbbda-FRA
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iE2Qpd8zD0iaMI%2F%2F9v2MP4COu7M4kHNZSaObswcea3TOM68N0dQ%2Bf8rZta1%2FthNeM%2BliU7ysI3TZ4G1SuVOX82wxHLiX%2Bgmzc%2BbsX2wDmFbBu1WDP%2Bhwd4FHGN5w9tHMIUSNLNQZP6CDHA0b"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
27041636549f701de242.js
trk25.zzzperform.com/l/ Frame BA96
Redirect Chain
  • https://zap.buzz/zEMyeOO
  • https://misctraff.com/l/27041636549f701de242?sub={yourClickId}&source={yourSubPublisherId}
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
36 KB
12 KB
Document
General
Full URL
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Referer
http://mpshark.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2783
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
82fdfa26cba3364d-FRA
content-encoding
br
content-type
text/html
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Wed, 27 Sep 2023 17:56:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D88YlYVyiFBO2kPJGfE%2FsBAFouXl8XKdvQQWQUFtqC5SMbbFwr%2FS2abb4jc6DcAOuBv2iJI3pYh9YZJPVH%2FTT66w40o20Fq%2BLqDEz%2BqCMJ1tiMPlU9%2FhUBPMGJ4rlFVQcSC8ZVmGwsPWKr%2Fbuc7rkps8zg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
82fdfa266860bbda-FRA
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hO%2Bw%2BWRxTAxwbrjmhhyhSvhOYBS0NJl8iYfzk76IximzXI1RuQCqaWg31vL3kK6qKUspGRLbCfNPi8XHq6iImdE4smNUK27ZNvYn45k2HccO9R%2FxE3mVdPPvVRaWyFJDjdB4Q%2Bbgo59zFOpB"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
27041636549f701de242.js
trk25.zzzperform.com/l/ Frame F1FC
Redirect Chain
  • https://zap.buzz/zEMyeOO
  • https://misctraff.com/l/27041636549f701de242?sub={yourClickId}&source={yourSubPublisherId}
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
36 KB
12 KB
Document
General
Full URL
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Referer
http://mpshark.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2783
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
82fdfa26cba7364d-FRA
content-encoding
br
content-type
text/html
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Wed, 27 Sep 2023 17:56:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wj2jmM%2FGLewAr5hCLGCPsZpTyFhPQK6UHnxHjJuRKO7G1gLZHx9mX1kw9Pyx1Mxc7YArG5axViVMCTHNaNu%2FFXGJbd1p2vpfDifkrbQEPYNTG2h%2F%2BJ%2B5bGeNXcdX0r7KC9DIqmKvcpPihTpCRJAb3uWQUA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
82fdfa266862bbda-FRA
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ia9X7JzfBcZItU58AtmCKeGiitz3qI7wYQ2qlvLui%2FaFwUCOzlUEu36efq%2FU3YolZ3Q3Y9efoSjJ%2BGWI4BTO4hoMIBRHGYBfewu9x4TKzFWktB%2BAPjAkeSp5ZGUxUu3hmrSnvea1K8QJxyQO"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
gw.js
trk25.zzzperform.com/ Frame 92C0
Redirect Chain
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}&code=2dY3VvBDU8Njg.O0M9P0NCP0kRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVbjQ0A3hobggIcoEMPA13dxFBEnSLF...
  • https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_901b807b_7b56_4d48_ada8_...
1 KB
1 KB
Document
General
Full URL
https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221&hash=27041636549f701de242&ete=true
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b

Request headers

Referer
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2785
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
82fdfa280a0b1c1c-FRA
content-encoding
br
content-type
text/html
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Wed, 27 Sep 2023 17:56:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Is8YCWxbNxS3YFiYKA1Tjc5ulXv53MlHbAwmgJB1Blt27AcuQrGjoLFisBMHWELLAZa%2BWJgqVoJmERdogo24N7xPkSDkyHxvmTEUh6jG3U%2FjHVTFXKHxrF8H%2FgsRVOZVal%2BUV%2FDRUvIMjLU4quCVVUyaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
82fdfa27cd16364d-FRA
date
Sun, 03 Dec 2023 18:47:16 GMT
location
https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221&hash=27041636549f701de242&ete=true
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oDGU5YaOvKSlBKIIAHgoBVSUCw1MlkGYZCEq9zWlc2nzyGhBu1VHdLQ5B6wFM%2BQZjvKh3mO%2FCvr1mQqqgAiGuohYJQssUE2KNW26w7cm2cXWpRJBX6%2FwguoA7ZFsYzCBAKxVQSl9zsQluTV4ZjZfbLdz%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
gw.js
trk25.zzzperform.com/ Frame 0441
Redirect Chain
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}&code=36Y3VvBDU8Njg.O0M9P0NCQEgRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1aXgDMwRubgg4CWuCD...
  • https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_...
1 KB
1 KB
Document
General
Full URL
https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901&hash=27041636549f701de242&ete=true
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b

Request headers

Referer
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2785
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
82fdfa281a181c1c-FRA
content-encoding
br
content-type
text/html
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Wed, 27 Sep 2023 17:56:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RaNvZq2l9iv1iabcuVA%2BUvk0vmfGT4kfoYMIxWbzi3yNW8hycTTvIV5xsJc9AOvNFaJJZh8oWsacsLrSdFqSzGttsi4mmCvaNyui957Hw0J7Kmv08Hpt8SKNpOilZg7siokihPVSW%2FGB17vwB2uqlICHow%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
82fdfa27dd28364d-FRA
date
Sun, 03 Dec 2023 18:47:16 GMT
location
https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901&hash=27041636549f701de242&ete=true
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WJ7EWvceUEPnCwbA2mV1qmghjK879SHxZIHF6wwbnFAX5FqzS6%2BiRNZvFpys8goq5NEpsze4V2SssX2weMvxpV5cW%2F6OOhL2Dzj8t6EnJBSie6ZHtx4tRPZLsgfuOpUeKUeGOtNLXWaYUo0BOWsU87SeIg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
gw.js
trk25.zzzperform.com/ Frame F1FC
Redirect Chain
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}&code=3cY3VvBDU8Njg.O0M9P0NCQUURhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645aTqkaAIyA2V8B...
  • https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_...
1 KB
1 KB
Document
General
Full URL
https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035&hash=27041636549f701de242&ete=true
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b

Request headers

Referer
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2785
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
82fdfa282a311c1c-FRA
content-encoding
br
content-type
text/html
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Wed, 27 Sep 2023 17:56:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fzuYWMqkAossXdo5EjFiMoZZnij8Oxr8flZ2ctukRQuC7SmrtWz%2BEyYqgKyQ%2BzPi0F9JUHvNJROad46K5YaL0ti9VR6c8w%2FwBNcp17Cb5Nu6WKKttmZAzDQPlevgxFqb3KdcjzoW43BV8uFhoPzdRvLOuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
82fdfa27ed30364d-FRA
date
Sun, 03 Dec 2023 18:47:16 GMT
location
https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035&hash=27041636549f701de242&ete=true
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6Dqzdjh%2Fdo%2BCJo968LhhLn98JZOjpIB5I4lSAjN1A4%2BpvjkqlTp6WZtiQcsClBX50qgbPvLeZSnEHH%2FWAcikkNSMD6cg3cA7wGYYSmWh%2FvfYW0ma32rUmvmHrI3FHRYfmrW2Vz%2BL7C2iYnvH5aIPsrpww%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
gw.js
trk25.zzzperform.com/ Frame BA96
Redirect Chain
  • https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}&code=21Y3VvBDU8Njg.O0M9P0NCQkERhYV3Fn.GGI9-jR1PVB.JZGIDNDUFdnN8CmF0ekBAD4R0ehQUfo0YSBmDgx1NHoCXA...
  • https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_1cee7759_9ccc_4058_bc3a_...
1 KB
1 KB
Document
General
Full URL
https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16&hash=27041636549f701de242&ete=true
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b

Request headers

Referer
https://trk25.zzzperform.com/l/27041636549f701de242.js?sub={yourClickId}&source={yourSubPublisherId}
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2785
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
82fdfa289ac11c1c-FRA
content-encoding
br
content-type
text/html
date
Sun, 03 Dec 2023 18:47:16 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Wed, 27 Sep 2023 17:56:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OShvLG2g0B0yCOwfqDoC%2BdXPW3x5SgT1kPd5%2Fa2AmqzZa6OoOozVFYxArg2Ae1esyZL7HVB%2FqX1ai0J0dlJC%2BvFeb8vnNAZ3uQuvrWxnK121RBAfECsCzxYkS3En2Qwi4hw8QjATNO%2F84CAEPJRVlYJnRw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
82fdfa285a7b1c1c-FRA
date
Sun, 03 Dec 2023 18:47:16 GMT
location
https://trk25.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16&hash=27041636549f701de242&ete=true
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AkHiNE%2BxLZ0KL8AckG1%2B6sR9%2FT8x93yd%2BVrDE3fN2bIKeeSAqFOGHLbHemYG6Aty%2BdmWX8LHvHWWtcloZf2X5sd%2Fut3c9bWeTxSSJVsWYkkoZWnOoT4dXN4gAjCNbXzmGxhCCSUnafzB75xfitsBFu48zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
3d8a3d97e5
my.ueive.com/rc/ Frame 92C0
2 KB
2 KB
Document
General
Full URL
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221&pubid=142254_{yourSubPublisherId}
Requested by
Host: trk25.zzzperform.com
URL: https://trk25.zzzperform.com/l/27041636549f701de242?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221&hash=27041636549f701de242&ete=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9eb52498f42be441482cad086821606183d1b6d6595a323458b9ac8d0bce4e4d

Request headers

Referer
https://trk25.zzzperform.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82fdfa28cb5a9128-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Sun, 03 Dec 2023 18:47:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMYopgtLYdQrdCAHGtdhZlXDpVxFmvmXB1HjfVE9uFI%2B9Gww%2F7PXrJ2ZjuPM0bmm6MJ5qV8ivOkXUX2a3NnSzl7vJ9HdNP07EJ0z0poA6JEOrgNsANHsrT9vzR7o5B8sT0L7PixscsZFN%2FQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
3d8a3d97e5
my.ueive.com/rc/ Frame 0441
2 KB
2 KB
Document
General
Full URL
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901&pubid=142254_{yourSubPublisherId}
Requested by
Host: trk25.zzzperform.com
URL: https://trk25.zzzperform.com/l/27041636549f701de242?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901&hash=27041636549f701de242&ete=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fd32fc2c27a15ff0ac073f9dd1c207ea86e0d6c8885c04ff4ae4604e09f3ffd

Request headers

Referer
https://trk25.zzzperform.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82fdfa28cb599128-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Sun, 03 Dec 2023 18:47:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GX8sYPLea6jnGPSAdcT3EsyLyV3detGrzw2OYVKUhG8fArWZPYNIovvm3k%2BwyZ%2B455IKcRndlGAaD7pT5uqqekY%2F4tdqb3cMP2WREoPGWcJO%2Ff%2BhZWexplCpVjOnYZwyyzu%2BjAiamAoyFW0%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
3d8a3d97e5
my.ueive.com/rc/ Frame F1FC
2 KB
2 KB
Document
General
Full URL
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035&pubid=142254_{yourSubPublisherId}
Requested by
Host: trk25.zzzperform.com
URL: https://trk25.zzzperform.com/l/27041636549f701de242?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035&hash=27041636549f701de242&ete=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7526d713748f09d7279160f7029ce8c5aca0c5831be2defd159d6f9dd367f374

Request headers

Referer
https://trk25.zzzperform.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82fdfa28cb539128-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Sun, 03 Dec 2023 18:47:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=85bpyc6BThzmI2VjNCc7FaK%2FX6S0BdI%2FWx0hxI0zehWgUD7zOJZlYZvYVCgAiaXQA6Lp6ZgkqObqcq5VkS66uFCVa%2Bdo%2B4CLtHLemL1mhbUALM1rRQBdfMKx0URsbJuX%2BwWycpvutk4d7lk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
3d8a3d97e5
my.ueive.com/rc/ Frame BA96
2 KB
2 KB
Document
General
Full URL
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16&pubid=142254_{yourSubPublisherId}
Requested by
Host: trk25.zzzperform.com
URL: https://trk25.zzzperform.com/l/27041636549f701de242?sub=%7ByourClickId%7D&source=%7ByourSubPublisherId%7D&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16%26pubid%3D142254_%7ByourSubPublisherId%7D&vId=bmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16&hash=27041636549f701de242&ete=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afec01023c8ea7f4ec0aed629ade69c1b4097582c2a7e1ab65cff01f9f5a0793

Request headers

Referer
https://trk25.zzzperform.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82fdfa2a2d2c9128-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Sun, 03 Dec 2023 18:47:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHoP2B9uvMe%2BVkzY7WwrRnQk1LWffaFcZNb0YGHrsBqTnzDIkQVQsC09m8pDx7BOHXFlbQCXN15ccgqVwpZcglOhoshvgo903KaXsI6igSy1dchzXZ9maRaTr4TN9fKT3eneIjtufoh7zcM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
redirect.css
cdn.addlnk.com/ Frame 92C0
1 KB
1 KB
Stylesheet
General
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221&pubid=142254_{yourSubPublisherId}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:1362 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:16 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
2EVBZY2NYKBF7E84
age
1317
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
8EoGc90ouJMW9Seq36qrI9SWC6a4/L2eSNPmSl/hjDhyJ3HfIkukPztm/QQraG5wuH29xpTikV2GUFoAWuigcg==
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2FqqxFEKpWpa%2FsyTgRprwaZxQe%2BBA9%2BQvVGHOvhNVJdrGGC9JKifLVuBUqIl2IuDSKEehonmbGSBKRfvDHJGDBaW5KRjISsg8Gx2y8%2FBx8HvnEcQQatgU3nX0guqpwey5rkjafi2ru5qDEajWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
82fdfa2a68f339eb-FRA
redirect.css
cdn.addlnk.com/ Frame F1FC
1 KB
682 B
Stylesheet
General
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035&pubid=142254_{yourSubPublisherId}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:1362 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:16 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
2EVBZY2NYKBF7E84
age
1317
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
8EoGc90ouJMW9Seq36qrI9SWC6a4/L2eSNPmSl/hjDhyJ3HfIkukPztm/QQraG5wuH29xpTikV2GUFoAWuigcg==
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zle7ZHtMlNVwoYNZ8aevZCrga2xdo9EIe2qJpEDt4bFZrN4NzCcLUb8a65GJtrz%2BtH74m5zZxYXNlNi%2FDt27%2FJgKa5279wxBBO4wEenzPK7iYpgS2nCxLvadObUjrNz50guhcjXQBg3mbMxuGg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
82fdfa2a68f039eb-FRA
redirect.css
cdn.addlnk.com/ Frame 0441
1 KB
686 B
Stylesheet
General
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901&pubid=142254_{yourSubPublisherId}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:1362 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:16 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
2EVBZY2NYKBF7E84
age
1317
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
8EoGc90ouJMW9Seq36qrI9SWC6a4/L2eSNPmSl/hjDhyJ3HfIkukPztm/QQraG5wuH29xpTikV2GUFoAWuigcg==
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJnJFDzCNzXMp9ogGBatMWNO6nckcmI1h%2FBXQqD6wrs60St12%2BjzF6uaOZcuu6K2LtONJ2IUzp3LpCXKUXNT9qZXPQNsMnFUwTZvC08O%2FVzKO6KU5uxtOkUMJWhRpPL%2B6KueyedtUcTRyggBkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
82fdfa2a68f739eb-FRA
redirect.css
cdn.addlnk.com/ Frame BA96
1 KB
713 B
Stylesheet
General
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16&pubid=142254_{yourSubPublisherId}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:1362 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:17 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
2EVBZY2NYKBF7E84
age
1318
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
8EoGc90ouJMW9Seq36qrI9SWC6a4/L2eSNPmSl/hjDhyJ3HfIkukPztm/QQraG5wuH29xpTikV2GUFoAWuigcg==
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5FT%2B1Z%2BwJs1VdIdlhqlTsbAzMzYkxFnLrO4W5L016E9URbzKJoJ1l5Y%2BuMrc8Pc7w859TR6iedRvcQyLLUnhmeGfXDcTZ0k9wfMn5LAojhyPvDM1Zz7mUDE%2Fxo%2BFZFRSb8uxbDp6CbBXMYV1Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
82fdfa2beaf639eb-FRA
main.js
my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame 557B
Redirect Chain
  • https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
7 KB
4 KB
Script
General
Full URL
https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H3
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d325480ccba3171866ecbeb1965f82ec82e38972f82638a236dacaa18733040a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:16 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uaokuMyOGEm3RWTyVS37uJlE6nTR8nhVNYceI7Oiy3uGtCp1zV869VprTaL%2FmGllSIW6wbREFsPIbMmFvP0pYW49nnAEc7ICLYovO2WNfjkuZrUCBL5w6zIQfhsA1CiicA7Vcpl3BNy3uRg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
82fdfa2ab95a1919-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sun, 03 Dec 2023 18:47:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sPUEyoPhkFtgAZEH7k5TCJuj2%2FeHL57vgtGn%2F5SxF%2B3NZK0mA74mQg1xv1HosbMINqIibUOtjwUU55oA%2BGjztS%2BfW5%2FgxTTMpN1trfPITC1S%2FT630cYHhrfUhzZiJTm3TkMq8ACvbBaejAc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
cache-control
max-age=300, public
cf-ray
82fdfa2a99351919-FRA
alt-svc
h3=":443"; ma=86400
main.js
my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame 7458
Redirect Chain
  • https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
7 KB
4 KB
Script
General
Full URL
https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H3
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63dc4f752a6b19b835ccd06791229b36fdd666650994815b02894cfb74d0022f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:16 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=da4T8jp8ATfe0iyCAEumU2VAC7MC1tKH8xBExOxP1fqsp%2F5ZhuAHktO6ezO74CkbeHpEVQTayb2UqOsuZidlYTSg53j9F7dHicaEY3FkLeeVnwKBOhwJmH5hTNXusnUof2g9z7DMSd%2FUZ0U%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
82fdfa2ab95c1919-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sun, 03 Dec 2023 18:47:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CwqnDDyuFZRBP%2Fkug1ArYwFxYv%2FlXVyY%2FCKXV2gqH%2FCZYcv8SBcxwadEw3dlb%2Fncl53d6M0lS9ZDzOaBdXiOmVcYcnjA0KiYd6FllPpYiQRTNgy2bIXhg5hJ0BBWLNiSBFx1beekJDllr80%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
cache-control
max-age=300, public
cf-ray
82fdfa2a99391919-FRA
alt-svc
h3=":443"; ma=86400
82fdfa28cb5a9128
my.ueive.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 557B
0
546 B
XHR
General
Full URL
https://my.ueive.com/cdn-cgi/challenge-platform/h/b/jsd/r/82fdfa28cb5a9128
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 03 Dec 2023 18:47:17 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lhF1peVpDfkXZ1dvTvu3zjeUh0jtUJyuyCNXQZwJcDCI5OD5rqfu6qwjIsJWeDTxMyJgA7nq0SzPISOaUN5Sg7oWJPFophTJym1Xbgv8HZnZF6HgZme8c0iwBtN4CnQywSXpEp8oQV89i6A%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
82fdfa2b1a271919-FRA
alt-svc
h3=":443"; ma=86400
82fdfa28cb599128
my.ueive.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 7458
0
555 B
XHR
General
Full URL
https://my.ueive.com/cdn-cgi/challenge-platform/h/b/jsd/r/82fdfa28cb599128
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 03 Dec 2023 18:47:17 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2pXAPGl6FylRbfaNJ7PVQpjhe3LWc%2B%2BkCJB4%2BAgbElG0oHKP0D2oR38CWzu9OJ%2BWzeyKCQDJkBdPxzxs6ibNcOVW3nJ2U%2BHEvVfsFYmC5X%2BWhJD4ATBTC4j2WUkYeS3EX7KSqW6StO4aYww%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
82fdfa2b6a991919-FRA
alt-svc
h3=":443"; ma=86400
splash.php
s.pemsrv.com/ Frame 92C0
Redirect Chain
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pubdb13a0fadde449aaa79c18ac353f49ba&s=3k4fcald
  • https://go.savethereef.xyz/redirect?feed=557030&url=t3.hightid.com&subid=3k4fcald&query=&pub_clickid=656ccd35675a13280839344a&default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9q...
  • https://tfosrv.com/show_std.php?id_site=13101&id_channel=60771&uf=true
  • https://tfosrv.com/impression.php?channel_id=60771&id=8e07a6f4-d9d6-44f4-a1ca-136670d39814%3Ac2e7522c-d366-4f5c-948b-0ea25093e409&site_id=13101&uuid=e861ce3c-2313-4aaa-97b9-39661d3fb637
  • https://trafforsrv.com/click.php?id=8e07a6f4-d9d6-44f4-a1ca-136670d39814%3Ac2e7522c-d366-4f5c-948b-0ea25093e409
  • https://s.pemsrv.com/splash.php?idzone=5040978&type=8
0
457 B
Document
General
Full URL
https://s.pemsrv.com/splash.php?idzone=5040978&type=8
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221&pubid=142254_{yourSubPublisherId}
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.248 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ds03.evo.0x3e.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_901b807b_7b56_4d48_ada8_02428ebee221&pubid=142254_{yourSubPublisherId}
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-CH
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
Access-Control-Allow-Headers
X-CH-VALUES
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 03 Dec 2023 18:47:18 GMT
Server
nginx
Transfer-Encoding
chunked
X-Robots-Tag
noindex, follow

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
content-length
0
date
Sun, 03 Dec 2023 18:47:18 GMT
location
https://s.pemsrv.com/splash.php?idzone=5040978&type=8
server
nginx
l.php
cher.twtch.co/ Frame 0441
Redirect Chain
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub2f419ecaf28e4661bab49c68af8dbf1f&s=3k4fcald
  • https://t10.lowtid.com/s.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=koala.3k4fcald
  • https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.koala.3k4fcald.de.&k=bfb&url=&xrw=&lid=656ccd3532aa6a6f01012ab0&fid=888
  • https://gummy.trffclb.com/l.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=656ccd3532aa6a6f01012ab0&source=888.koala.3k4fcald.de.
  • https://cher.twtch.co/l.php?p=c:9qopki6xwqp07eckv&d=642a92571348034a06139c58&s=lone.cf.888.koala.3k4fcald.de.&pid=656ccd3583d74755fb7277db
0
0
Document
General
Full URL
https://cher.twtch.co/l.php?p=c:9qopki6xwqp07eckv&d=642a92571348034a06139c58&s=lone.cf.888.koala.3k4fcald.de.&pid=656ccd3583d74755fb7277db
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901&pubid=142254_{yourSubPublisherId}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:d5e0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_37f755e6_2c1e_4d2e_9ebd_49395141e901&pubid=142254_{yourSubPublisherId}
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated
challenge
cf-ray
82fdfa315f2b65c6-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Sun, 03 Dec 2023 18:47:17 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQc21l%2FEJJO6ZXDZO42O3cXxdIt2bEBbsGyq3zNIBA98qH6J4%2FGDIojxX2r23Am%2FCBDCOwvI%2BhUJGjOmHZqwXYt9xlmcZNq1y7egPJWEPhmTP1NIkux228oMyQWV%2BPkl%2FrvV2NrbQWBtq%2Fe0"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=0; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sun, 03 Dec 2023 18:47:17 GMT
Location
https://cher.twtch.co/l.php?p=c:9qopki6xwqp07eckv&d=642a92571348034a06139c58&s=lone.cf.888.koala.3k4fcald.de.&pid=656ccd3583d74755fb7277db
Raund
37p
Round
13hwrm3z98
Server
nginx
dlp
fsrqt.ncelewasgildeda.net/ Frame AC13
68 KB
27 KB
XHR
General
Full URL
https://fsrqt.ncelewasgildeda.net/dlp?st=1&lp=download_screen_arrow&geo=DE
Requested by
Host: fsrqt.ncelewasgildeda.net
URL: https://fsrqt.ncelewasgildeda.net/BMOU?tag_id=989716&sub_id1=&sub_id2=346767376558478178&cookie_id=ce1160dd-bdab-4e26-b9e8-bf3fce9f244b&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.225.185.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-225-185-110.compute-1.amazonaws.com
Software
/ Express
Resource Hash
d459a5aafaf42f0e6109d55537f40405ee73da2ff1f02c23061d8b45ab343965

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fsrqt.ncelewasgildeda.net/BMOU?tag_id=989716&sub_id1=&sub_id2=346767376558478178&cookie_id=ce1160dd-bdab-4e26-b9e8-bf3fce9f244b&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"11081-3Uqu4sCDxyqQiMTo5kg8SqbgBKY"
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
text/html; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
dlp
wxasm.ncelewasgildeda.net/ Frame 500E
68 KB
27 KB
XHR
General
Full URL
https://wxasm.ncelewasgildeda.net/dlp?st=1&lp=download_screen_arrow&geo=DE
Requested by
Host: wxasm.ncelewasgildeda.net
URL: https://wxasm.ncelewasgildeda.net/XRJLWZ?tag_id=989716&sub_id1=&sub_id2=7358909880525658277&cookie_id=99eb8b95-dc7f-45c6-9125-53966f5e138a&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.195.224.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-195-224-242.compute-1.amazonaws.com
Software
/ Express
Resource Hash
d459a5aafaf42f0e6109d55537f40405ee73da2ff1f02c23061d8b45ab343965

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxasm.ncelewasgildeda.net/XRJLWZ?tag_id=989716&sub_id1=&sub_id2=7358909880525658277&cookie_id=99eb8b95-dc7f-45c6-9125-53966f5e138a&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-encoding
gzip
etag
W/"11081-3Uqu4sCDxyqQiMTo5kg8SqbgBKY"
x-powered-by
Express
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
text/html; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
X-Requested-With,content-type
main.js
my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame 19A8
Redirect Chain
  • https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
7 KB
4 KB
Script
General
Full URL
https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H3
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f3768c95ab0b3c3e6d9ded08b85960d2577e2542706bf3a81859e91db55c423
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:17 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2F3RRkvVX3GMTxe2VvZA2vL%2BHKTmXLM1Ho39iSl%2FMitDxmA7yOvajxxBzoFBYVqHXxf30PU4NS4YN1UOwsKeEyozVoW8Gdtx741ub47ycmmiX7WqrCqd3v7q3bp09Ja0riYz0MkpROqt0S4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
82fdfa2c2c1b1919-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sun, 03 Dec 2023 18:47:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bMJALlsViAPxNgp1cKBj1JUSm710wE5K9B59XoUUKvJbaFSgp8Mz3hxB2iRaSahaR%2FlsRBmW%2FM3pzOEBjvex4M1orikYLLtidojxE22g3gmcOfy1QXpPBV4F3OsfUjlCH3%2B5Gz8CDb466bQ%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
cache-control
max-age=300, public
cf-ray
82fdfa2c0be61919-FRA
alt-svc
h3=":443"; ma=86400
main.js
my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame 6965
Redirect Chain
  • https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
7 KB
4 KB
Script
General
Full URL
https://my.ueive.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Requested by
Host: mpshark.com
URL: http://mpshark.com/
Protocol
H3
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa11b6cf0d8a075ab3f256d776335bf9f313d1a98a026c9ed088b4a54ba2ae8f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:47:17 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2UbV04Q6mSTixhDt84gJhJA0uvmcHOO7WD%2BiuLEsAgQamO%2FUKDa0qV9xJo8zgaFjIboSITbpPc3Wi8lEpnMtKS3NiKKOa0N6ueME30n2PgWwrl%2F5x1HaEj8ftyZ6xpqhXmWOX8hb7zxk9i4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
82fdfa2c2c1d1919-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sun, 03 Dec 2023 18:47:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWxrvrT1uTcotjgMLuw%2BSQOPPNNJG3akD3dvLtD4zk3vnPW3r5hTc8%2FIHsgACxqQclPu10arWKEl7W9pCcRn%2FguQXqk5zCkPifFf38%2BAmv1Oq4080%2BT%2Br2sHicRBbTVnhwjfomNquKl5268%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
cache-control
max-age=300, public
cf-ray
82fdfa2c1bf81919-FRA
alt-svc
h3=":443"; ma=86400
82fdfa2a2d2c9128
my.ueive.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 6965
0
550 B
XHR
General
Full URL
https://my.ueive.com/cdn-cgi/challenge-platform/h/b/jsd/r/82fdfa2a2d2c9128
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 03 Dec 2023 18:47:17 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kpBa3%2FhuSKONUAIbd789nDAG5peQnWHOAZPl4qGr4bM4hSTVnmet8T6ROYATFbolZkJNZEf7JB53yEplHYNdDo%2B6snpAyo01JgYyi9NSRsDNA%2FDLA7iINEM4KIipO7XqKUTgi4XtyJRjTOk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
82fdfa2c8cbd1919-FRA
alt-svc
h3=":443"; ma=86400
82fdfa28cb539128
my.ueive.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 19A8
0
552 B
XHR
General
Full URL
https://my.ueive.com/cdn-cgi/challenge-platform/h/b/jsd/r/82fdfa28cb539128
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 03 Dec 2023 18:47:17 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HsWMzVVvXRgBTelH8iK2KKB3Ok6zRcILSJdQ0kq40oAB4kGXGJs3kAIu1fjMVxGqbk51tNPWcMawvDxcvRv8fKq79YITXG8OdQp3l%2F0%2FbWn3ILHAHK%2FuKxbam%2FYElakOTNKx052r3fTVAyA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
82fdfa2ccd111919-FRA
alt-svc
h3=":443"; ma=86400
317194
ps.popcash.net/go/134600/ Frame F1FC
Redirect Chain
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=puba60bde68c14f45c18e3de8ce84b8ecb3&s=3k4fcald
  • https://t10.lowtid.com/s.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=koala.3k4fcald
  • https://popcash.net/world/go/134600/317194
  • http://ps.popcash.net/go/134600/317194
426 B
477 B
Document
General
Full URL
http://ps.popcash.net/go/134600/317194
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035&pubid=142254_{yourSubPublisherId}
Protocol
HTTP/1.1
Server
35.170.104.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-170-104-65.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb4ee2290050153971c369989d86415c2676946d44bfb2e21d1c4ae0dc0c6ca3

Request headers

Referer
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_e30c1d2f_5df0_48d0_a36a_4f152dd82035&pubid=142254_{yourSubPublisherId}
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sun, 03 Dec 2023 18:47:17 GMT
Server
nginx
Vary
Accept-Encoding
transfer-encoding
chunked

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
82fdfa2eba0d6691-AMS
content-length
162
content-type
text/html
date
Sun, 03 Dec 2023 18:47:17 GMT
location
http://ps.popcash.net/go/134600/317194
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2FBnwBu3WgTEZ%2FHAG1eWkPUKaFiBv%2F0WWekrseGvlUguq8TrGba8JEK7chAKzd5Q7t7Aein3NyREiggfnjZewRX5Z1TAeYoKZEi1IwaCgSxy5kOdd129grHuVc1HBbIxA40GM4t24Zk%2F"}],"group":"cf-nel","max_age":604800}
server
cloudflare
aHR0cDovL3RyYWZmaXg0LmNvbQ=
popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/ Frame BA96
Redirect Chain
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub2f419ecaf28e4661bab49c68af8dbf1f&s=3k4fcald
  • https://t10.lowtid.com/s.php?p=c:5mklge2tsml349y_c&d=655744eb46c1f060291a7ac7&s=koala.3k4fcald
  • https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=
0
0
Document
General
Full URL
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=
Requested by
Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16&pubid=142254_{yourSubPublisherId}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options DENY

Request headers

Referer
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20231203194716_1cee7759_9ccc_4058_bc3a_0153880b4b16&pubid=142254_{yourSubPublisherId}
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82fdfa2ecd069a33-FRA
content-encoding
br
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=UTF-8
date
Sun, 03 Dec 2023 18:47:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNQ0yji6c%2Fyb2VBoZhOsA7KFqS7%2FLDnmRZZ7pnAIAN%2BTmmdUOhZN6FecYccjcUOoKkfX0kNRwxocqoBUwdsYMowPvfHzWr9WQr64KAv%2BZEcpD5zO9RPphP90mek7%2B4hrsRiOrquKGGSg%2BDA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
DENY
x-powered-by
PHP/7.1.33

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sun, 03 Dec 2023 18:47:17 GMT
Location
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=
Raund
37l
Round
12c7p6j8cg
Server
nginx
css
fonts.googleapis.com/ Frame AC13
402 B
408 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Fredoka+One
Requested by
Host: fsrqt.ncelewasgildeda.net
URL: https://fsrqt.ncelewasgildeda.net/BMOU?tag_id=989716&sub_id1=&sub_id2=346767376558478178&cookie_id=ce1160dd-bdab-4e26-b9e8-bf3fce9f244b&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ca76180c2133d7d13de82a1b213bb4d0d1556d2cfd8c5fea78032f3724ec951f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fsrqt.ncelewasgildeda.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 03 Dec 2023 18:47:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 03 Dec 2023 18:32:18 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 03 Dec 2023 18:47:17 GMT
icons.css
file.myfontastic.com/BagtkAmXW6a4F7MPynNNNh/ Frame AC13
1 KB
756 B
Stylesheet
General
Full URL
https://file.myfontastic.com/BagtkAmXW6a4F7MPynNNNh/icons.css
Requested by
Host: fsrqt.ncelewasgildeda.net
URL: https://fsrqt.ncelewasgildeda.net/BMOU?tag_id=989716&sub_id1=&sub_id2=346767376558478178&cookie_id=ce1160dd-bdab-4e26-b9e8-bf3fce9f244b&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.202.16.124 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.124.16.202.116.clients.your-server.de
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
b253088a03924a2fcefc2e66e4cd33a0a3f3dd5af4a07643522f04e0acfa83cd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fsrqt.ncelewasgildeda.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:17 GMT
Content-Encoding
gzip
Last-Modified
Mon, 26 Nov 2018 15:32:13 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
W/"5bfc11fd-582"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-cache
Connection
keep-alive
css
fonts.googleapis.com/ Frame 500E
402 B
385 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Fredoka+One
Requested by
Host: wxasm.ncelewasgildeda.net
URL: https://wxasm.ncelewasgildeda.net/XRJLWZ?tag_id=989716&sub_id1=&sub_id2=7358909880525658277&cookie_id=99eb8b95-dc7f-45c6-9125-53966f5e138a&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ca76180c2133d7d13de82a1b213bb4d0d1556d2cfd8c5fea78032f3724ec951f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxasm.ncelewasgildeda.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 03 Dec 2023 18:47:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 03 Dec 2023 18:29:12 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 03 Dec 2023 18:47:17 GMT
icons.css
file.myfontastic.com/BagtkAmXW6a4F7MPynNNNh/ Frame 500E
1 KB
756 B
Stylesheet
General
Full URL
https://file.myfontastic.com/BagtkAmXW6a4F7MPynNNNh/icons.css
Requested by
Host: wxasm.ncelewasgildeda.net
URL: https://wxasm.ncelewasgildeda.net/XRJLWZ?tag_id=989716&sub_id1=&sub_id2=7358909880525658277&cookie_id=99eb8b95-dc7f-45c6-9125-53966f5e138a&lp=download_screen_arrow&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fegazedatthe.xyz%2F%3Ftid%3D989716%26noocp%3D1&hop=7&geo=DE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.202.16.124 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.124.16.202.116.clients.your-server.de
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
b253088a03924a2fcefc2e66e4cd33a0a3f3dd5af4a07643522f04e0acfa83cd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wxasm.ncelewasgildeda.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Sun, 03 Dec 2023 18:47:17 GMT
Content-Encoding
gzip
Last-Modified
Mon, 26 Nov 2018 15:32:13 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
W/"5bfc11fd-582"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-cache
Connection
keep-alive

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 function| $ function| jQuery function| Popper object| bootstrap function| _0x2ce8ce function| _0x2cfa string| UIeHNRxOT object| rPSJGsGWHg function| rFrx function| _0x1497 object| el

4 Cookies

Domain/Path Name / Value
mpshark.com/ Name: session
Value: eyJjc3JmX3Rva2VuIjoiY2Y3NDAwMDQxMjQ2MDc5NjNiZGMwMDdiMDFiM2M1OGZhOGQxZjg1NCJ9.ZWzNMw.ftrx-uzRTaBZY7OU56rYIxB_YpA
.ueive.com/ Name: cf_clearance
Value: SgQN_ewGfD_YI9KGefiA1jQWTOaYLp0_0I64iGwWaLs-1701629237-0-1-de2b1d9e.c675a55.dcf3b34a-0.2.1701629237
tfosrv.com/ Name: sppc_uuid
Value: e861ce3c-2313-4aaa-97b9-39661d3fb637
trafforsrv.com/ Name: sppc_uuid
Value: e04bdae3-9bdc-486a-b21d-06ff581bdf99

2 Console Messages

Source Level URL
Text
security error
Message:
Refused to frame 'https://popmyads.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
javascript error URL: http://ps.popcash.net/go/134600/317194(Line 11)
Message:
Unsafe attempt to initiate navigation for frame with URL 'http://mpshark.com/' from frame with URL 'http://ps.popcash.net/go/134600/317194'. The frame attempting navigation of the top-level window is sandboxed, but the flag of 'allow-top-navigation' or 'allow-top-navigation-by-user-activation' is not set.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.addlnk.com
cdnjs.cloudflare.com
cher.twtch.co
egazedatthe.xyz
file.myfontastic.com
fonts.googleapis.com
fonts.gstatic.com
fsrqt.ncelewasgildeda.net
go.savethereef.xyz
gummy.trffclb.com
misctraff.com
mpshark.com
my.ueive.com
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
popcash.net
popmyads.com
ps.popcash.net
s.pemsrv.com
t10.lowtid.com
t3.hightid.com
tfosrv.com
trafforsrv.com
trk25.zzzperform.com
wxasm.ncelewasgildeda.net
zap.buzz
104.21.82.27
116.202.16.124
216.18.168.28
216.18.168.29
2604:9e00:1:129::2:b2a
2606:4700:3030::ac43:d5e0
2606:4700:3031::6815:e2b
2606:4700:3034::6815:1362
2606:4700:3034::ac43:c2cb
2606:4700:3035::6815:3588
2606:4700:3036::6815:373c
2606:4700::6811:190e
2a00:1450:4001:801::2003
2a00:1450:4001:828::200a
2a06:98c1:3120::3
2a06:98c1:3121::3
34.195.224.242
35.170.104.65
5.161.78.177
51.161.115.163
51.83.143.92
54.225.185.110
95.211.229.248
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0ae5c59810a0de5f5dc0700f0be225e650fc4de4fbc137f97f4ff6b925c4a2c4
0afb5412783ebcb8e5b04b68919cc4bd0f1b47aa8dd23b8167949e8728807b9d
106b3d4f5c4c1ddbccd6078cf233e9a28f04675575551b26709cfc381c8434b0
155cb29f145297cd77a3c8b113ec50839dcc6ae74f67efd1859157706ed83f65
230e8424c9c7539874de39b69c00edf8fee65613dbc32b4d999f0dd73adf9307
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
4fd32fc2c27a15ff0ac073f9dd1c207ea86e0d6c8885c04ff4ae4604e09f3ffd
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
63dc4f752a6b19b835ccd06791229b36fdd666650994815b02894cfb74d0022f
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
6b9f1135ba160e5dc694ad7977f6bf73d40d3c15742b14ca8910ea23bb3e6e79
7526d713748f09d7279160f7029ce8c5aca0c5831be2defd159d6f9dd367f374
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
7e9d73bb0820b819162c4cbb90c1f95485b37fee16e622b25cbd20164c986526
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
98c790ddb1f2f5b03f594f16c507038d3a569f514bdb5a4a65e5f2a2ab031d16
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
9eb52498f42be441482cad086821606183d1b6d6595a323458b9ac8d0bce4e4d
9f3768c95ab0b3c3e6d9ded08b85960d2577e2542706bf3a81859e91db55c423
ab9f855e542893de23c7b7e4897eb91066c9dbbfeaa1b1fa73a826867833b4b1
ac0007423ab131a26c3ff023d2046eea25bccaab1ae3420817b30c57ffe1f779
afec01023c8ea7f4ec0aed629ade69c1b4097582c2a7e1ab65cff01f9f5a0793
b253088a03924a2fcefc2e66e4cd33a0a3f3dd5af4a07643522f04e0acfa83cd
bb4ee2290050153971c369989d86415c2676946d44bfb2e21d1c4ae0dc0c6ca3
bd50ac935fb5fcda8978d189be4245514e60231a47bd466707ee354eb7b2478c
c13280e79f74109c5e3854822c0f0c972d0a57245c95b0b3762f9788bd918f8d
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
ca76180c2133d7d13de82a1b213bb4d0d1556d2cfd8c5fea78032f3724ec951f
d325480ccba3171866ecbeb1965f82ec82e38972f82638a236dacaa18733040a
d459a5aafaf42f0e6109d55537f40405ee73da2ff1f02c23061d8b45ab343965
d9716994f96b14296dd1b21d3e0a73f07ee88e7935d07ebdc51a9df7eb934a10
e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e98ae3ff936b4723cd8a2377d2c549a667ce87e81201ec4995cc01bd374c1288
f1f74804c9159254155f0227b54030743c99f9d6c77b4704e9bb39a1a4044c79
fa11b6cf0d8a075ab3f256d776335bf9f313d1a98a026c9ed088b4a54ba2ae8f