files.9minecraft.net Open in urlscan Pro
2606:4700:20::ac43:4667  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

• https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
• https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AcMMx-eXSIHqwBt3uQax6kZh1srP0m8AjFG5t37oGzTdqhgHvVCze5i6HnCO_JkYjTezqpgG33pV HTTP 302
• https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-cLqNuS_09W05aYlU3MsxQHHtVCcPwYzm_LRW5I1qVlGNjX9HwAY6oITZ43x94CuFSNc07_&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1713470307%3A1730032740196548&ddm=0

Request Chain 12

• https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
• https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AcMMx-dNE-FYgM6B9n-qUMp92Np34aG2r55w7UXL91-how95Ysp_O77BaWV2NWujxZox4X74gH-b HTTP 302
• https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-cqNTT3zqq-YhubaXup7pMiNKeZnsVOykHyuGk6a1vtghfpCfvI6cguFiHdOvN_jm3RB3Vq&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1728275369%3A1730032740201750&ddm=0

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.php Show response files.9minecraft.net/	5 KB 2 KB	341ms 308ms	Document text/html	2606:4700:20::ac43:4667 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://files.9minecraft.net/index.php?act=dl&id=1665805668 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4667 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b9d13c0bfab55d0511e8fc3fb6c56865fa200a8bd2aacf67b61112179451d578 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers cf-cache-status DYNAMIC cf-ray 8d92bf0c8d51d282-FRA content-encoding br content-type text/html; charset=UTF-8 date Sun, 27 Oct 2024 12:38:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FDPk%2FYni5stMnLvGC3nX11mZ%2B75a%2Bgv0I4lgwQ6EcDsxDcnOUNKTe%2FidrOmVtKHh1vWHg4nwx9gSVLRE3T5Wjz%2FQDpWkyNN%2BbfZZXbCrUp9vjGoDjgZ%2FZaOHAtmrPu0gqD9I31FWYnOK%2BjCMDCvK0a6L"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	css2 fonts.googleapis.com/	11 KB 1 KB	64ms 18ms	Stylesheet text/css	2a00:1450:4001:81d::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Oswald:wght@200;300;400;500;600;700&display=swap Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/index.php?act=dl&id=1665805668 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash c8f8b465985c395cad16d0c2b264f60195eaed29430f0a30de1bb3d358f7a735 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers content-encoding gzip x-content-type-options nosniff expires Sun, 27 Oct 2024 12:38:59 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Sun, 27 Oct 2024 12:38:59 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Sun, 27 Oct 2024 12:15:36 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
GET H2	200	style.css files.9minecraft.net/	1 KB 820 B	290ms 289ms	Stylesheet text/css	2606:4700:20::ac43:4667 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://files.9minecraft.net/style.css Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/index.php?act=dl&id=1665805668 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4667 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ec1ce999cfc5c45577cd9caa4b8231483de56426d7ef730039e359bb46ee88f7 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/index.php?act=dl&id=1665805668 Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status DYNAMIC etag "47f-6250ea092a980-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iSHZDUjRSVDfm5icf%2Bo0bSwC2eQDEsVDL6pcW0X6wTuoHU9QrEyvIMOlOKT4PiYB2JvftBzAuclz0YJhaG%2BXQLKIf9s6U2rN6VlGeOz0L9aFU25mdcKYCsi9JzfSWDlB1CeyTm3Mw%2BJxeUl6VY9pIjRj"}],"group":"cf-nel","max_age":604800} cf-ray 8d92bf0e89fed282-FRA accept-ranges bytes content-length 484 date Sun, 27 Oct 2024 12:38:59 GMT content-type text/css last-modified Tue, 22 Oct 2024 10:56:54 GMT vary Accept-Encoding server cloudflare
GET H2	200	download-button.png files.9minecraft.net/	15 KB 15 KB	120ms 119ms	Image image/png	2606:4700:20::ac43:4667 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://files.9minecraft.net/download-button.png Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/index.php?act=dl&id=1665805668 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4667 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 549eee1f5a6f50384324a9fa2f786e26c4900c3f51e753adc0fedf11d4f1ff3d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/index.php?act=dl&id=1665805668 Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status DYNAMIC etag "3b08-6106f69667300" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlaseIGyGz3L1nDX06D5srBEOKN6lr1nnsigFFITPHBad%2F0%2BMT200vUCU8PI4OQ0%2FQ%2BxCEUqyXfMJ1UMdPX9DB2k0GTLtKPRr6htOc4%2BbX9JpnaOd0rUy4V4jlQbTOJW10iL1EtX3PgkQrbWWwz26hPm"}],"group":"cf-nel","max_age":604800} cf-ray 8d92bf0e8a01d282-FRA accept-ranges bytes content-length 15112 date Sun, 27 Oct 2024 12:38:59 GMT content-type image/png last-modified Sat, 03 Feb 2024 00:35:56 GMT server cloudflare
GET H/1.1	403 Forbidden	invoke.js whaleslightestimposter.com/574d560be5a444b1215af0c52be1d13c/	0 0	293ms 95ms	Script application/javascript	192.243.61.227 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://whaleslightestimposter.com/574d560be5a444b1215af0c52be1d13c/invoke.js Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/index.php?act=dl&id=1665805668 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.21.6 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers Accept-CH Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Connection keep-alive Access-Control-Allow-Origin * Content-Length 0 P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Date Sun, 27 Oct 2024 12:38:59 GMT Content-Type application/javascript Host whaleslightestimposter.com Server nginx/1.21.6
GET H2	200	/ Show response d2w9cdu84xc4eq.cloudfront.net/	164 KB 54 KB	205ms 160ms	Script text/plain	2600:9000:223f:6800:d:547c:9480:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d2w9cdu84xc4eq.cloudfront.net/?wbbcd=1089995 Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/index.php?act=dl&id=1665805668 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223f:6800:d:547c:9480:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a5079d46b2bf2bab905d812ff8c29c212ce3adbfc732273c9d5e93aef3c1b13a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers cache-control no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform content-encoding gzip pragma no-cache via 1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront) access-control-allow-origin * x-cache Miss from cloudfront content-length 54600 x-amz-cf-id uzE6tJ5UU8oZLG0_ylC0UQ7mAyzmswGP7Bn8HjL5fxEDOEPpgjIg1Q== date Sun, 27 Oct 2024 12:38:59 GMT x-amz-cf-pop FRA56-P5
GET H2	200	rocket-loader.min.js Show response files.9minecraft.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/	12 KB 4 KB	12ms 11ms	Script application/javascript	2606:4700:20::ac43:4667 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://files.9minecraft.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/index.php?act=dl&id=1665805668 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4667 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/index.php?act=dl&id=1665805668 Response headers x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cache-control max-age=172800, public content-encoding gzip etag W/"67180f7e-302c" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u6dQznVr3Gpn5Bf5JFnj64Xz6xUOt2PYSVbeCNbeN%2F8xoeOO4A6lZNVfa6eKvMx3DNku07H71Ti%2Fg5jvEqOIT0E8DJ01KMqsSMnVUIwNLzaUROqSPlw0tE%2F0ElGknrJYHq3sAPa52LUAEIHC8qej4A5L"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff cf-ray 8d92bf0ecab6d282-FRA expires Tue, 29 Oct 2024 12:38:59 GMT date Sun, 27 Oct 2024 12:38:59 GMT content-type application/javascript last-modified Tue, 22 Oct 2024 20:47:58 GMT server cloudflare vary Accept-Encoding
GET H2	200	asd100.bin Show response ukankingwithea.com/	100 KB 101 KB	299ms 245ms	Fetch binary/octet-stream	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ukankingwithea.com/asd100.bin Requested by Host: d2w9cdu84xc4eq.cloudfront.net URL: https://d2w9cdu84xc4eq.cloudfront.net/?wbbcd=1089995 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers cf-cache-status HIT age 2126 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YzzI3HAw4zq19rawEO9lXPCZryCai%2F%2B4SWYCtB%2Fkq0AmnMYTjjeeFMseY4kNTqfj4%2BKw%2BeCneg4tfTi7BSkr%2B5XSq3lDUDDdRsNfXlMM6Y6hC8pwV45B5xKJxw0RBxGdYBC1q78%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-methods GET alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=6733&sent=7&recv=14&lost=0&retrans=0&sent_bytes=4012&recv_bytes=2296&delivery_rate=568162&cwnd=250&unsent_bytes=0&cid=67fa05a033234173&ts=37&x=0" date Sun, 27 Oct 2024 12:38:59 GMT content-type binary/octet-stream last-modified Sun, 27 Oct 2024 12:03:33 GMT vary Accept-Encoding access-control-allow-headers X-Requested-With, content-type cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} access-control-allow-credentials true cf-ray 8d92bf10b89c03dc-FRA access-control-allow-origin https://files.9minecraft.net server cloudflare
GET H2	200	/ Show response ukankingwithea.com/	27 B 535 B	341ms 288ms	Fetch text/plain	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ukankingwithea.com/ Requested by Host: d2w9cdu84xc4eq.cloudfront.net URL: https://d2w9cdu84xc4eq.cloudfront.net/?wbbcd=1089995 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 12b2c3ed7a6893c3c674e2fc8ce21ab9046ca6911c443fb15e6570cf53cdf04b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JBipOsy4HY3qQQtKSy4dgsOvdDetA4XFh3F2fYmzV4mfv9cqVUionkRaWEJDGyo9KQ%2FcxVCnP%2BR6ahyx7XodP2xjXJYrnQUqhMuMs5bw5rfn1v%2FcwrRP9A6EJWglXot1tCYkzk8%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-credentials true access-control-allow-methods GET cf-ray 8d92bf10b89b03dc-FRA access-control-allow-origin https://files.9minecraft.net alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=6733&sent=64&recv=15&lost=0&retrans=1&sent_bytes=69166&recv_bytes=2296&delivery_rate=568162&cwnd=251&unsent_bytes=31608&cid=67fa05a033234173&ts=126&x=0" date Sun, 27 Oct 2024 12:39:00 GMT content-type text/plain server cloudflare access-control-allow-headers X-Requested-With, content-type
GET H2	200	Pz4PUScsZyt2Ag4WKA4nOiUAZhA8EDRRQVAjNFwdGAdeWDUuEQd2Ois+D1EiDSQ9B0QBBwFPJi0aJmZXAyEDWQFUGRtzJFAQIX4DHSVURg ordinghology.com/bDdxaVINVRIEbQ0KE08nHltMTGAqEkMvNl5ASAo2GQ9FETFYUgBHMQBYBA00HlgfHXwCUgVMYCpOKD8iG1IkUREiZUUPMS5iCy8XPhJDKwc7fTs4GjZiFygTIHwWDTwqXzADEC9bFDgRJX4/KwcNZyAoai5xEgEQLwImLCgbeD8oECl1MzA3... Frame 0DB0	0 0	274ms 103ms	Document text/html	13.32.99.70 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ordinghology.com/bDdxaVINVRIEbQ0KE08nHltMTGAqEkMvNl5ASAo2GQ9FETFYUgBHMQBYBA00HlgfHXwCUgVMYCpOKD8iG1IkUREiZUUPMS5iCy8XPhJDKwc7fTs4GjZiFygTIHwWDTwqXzADEC9bFDgRJX4/KwcNZyAoai5xEgEQLwImLCgbeD8oECl1MzA3JmIwJx4uejItBgRtOlgLInkgPzw9YUkDEyhmKTsVB3I/KxwpURoKZSp1BRAENEA0KgEtfCsROSBnIygiKWZFBRUWDiYtEVlUPxFqKH0WWWApYQlQGF4OFDoFHGMQBTUuUR0rd15xIBMmHWJDBjEpdDQ8GwAaJyU0FFsYOzs2AicxHDpkQlETJ1AwPxkEblRbFClfOAQUNA4yOWEcZBM/ZydSJDs9PXE0AhE/AxUvBRxjNj8EIFEGWSgrTwkYB15YKSERG3w/Pz4PUScsZyt2Ag4WKA4nOiUAZhA8EDRRQVAjNFwdGAdeWDUuEQd2Ois+D1EiDSQ9B0QBBwFPJi0aJmZXAyEDWQFUGRtzJFAQIX4DHSVURg Requested by Host: d2w9cdu84xc4eq.cloudfront.net URL: https://d2w9cdu84xc4eq.cloudfront.net/?wbbcd=1089995 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.70 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-70.fra60.r.cloudfront.net Software openresty/1.17.8.2 / Resource Hash Request headers Referer https://files.9minecraft.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ch DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List cache-control no-store, no-cache, must-revalidate, no-transform content-encoding gzip content-length 1246 content-type text/html date Sun, 27 Oct 2024 12:39:00 GMT p3p CP="NID DSP ALL COR" pragma no-cache server openresty/1.17.8.2 via 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront) x-amz-cf-id cRSXFAXyI9MiObiUM3t5DcLSD1xS6M7eQbOAuk7O0cf3oS1QuwpJ5w== x-amz-cf-pop FRA60-P3 x-cache Miss from cloudfront
GET H3	204	MG9mVTAfUAUmDVJfKCB+SiUDNgEAKidkVEc5ETZ3ZzcCAnRHPkAhWVRSV2UICVZfYBZABgJoARYcEjRERRxbZBZZAQA6DRYZW2QeA1tIZgYeW0AgDQFJEiVRV1JXc0BEGwpoAQdcVmUDAlhVbAkBWw kinarilyhukelpfulin.com/	0 624 B	280ms 110ms	Image text/plain	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://kinarilyhukelpfulin.com/MG9mVTAfUAUmDVJfKCB+SiUDNgEAKidkVEc5ETZ3ZzcCAnRHPkAhWVRSV2UICVZfYBZABgJoARYcEjRERRxbZBZZAQA6DRYZW2QeA1tIZgYeW0AgDQFJEiVRV1JXc0BEGwpoAQdcVmUDAlhVbAkBWw Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/index.php?act=dl&id=1665805668 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=km70wMPMnJFPhVSpGpAZTO%2FtpHot6%2BBXY0hxOAjWg4xh6GB%2Fbic8OicU95kQp5c0MMYBlWdpK%2FwQrOJzfNivX75gWmQPlM9s9ThH54HFvbga433vFr%2FeDja5dCzOjgZzjF8vSD0AhPw3Eg%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d92bf11fc22dbce-FRA access-control-allow-origin * alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=11088&sent=13&recv=11&lost=0&retrans=0&sent_bytes=4191&recv_bytes=4614&delivery_rate=717&cwnd=12000&unsent_bytes=0&cid=5b7b55726be56102&ts=240&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 27 Oct 2024 12:39:00 GMT server cloudflare priority u=3,i
GET		login.php www.facebook.com/	0 0
GET		identifier accounts.google.com/v3/signin/ Redirect Chain https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AcMMx-eXSIHqwBt3uQax6kZh1srP0m8AjFG5t37oGzTdqhgHvVCze5i6HnCO_Jk... https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-cLqNuS_09W05aYlU3MsxQHHtVCcPwYzm_LRW5I1qVlGNjX9HwAY6oITZ43x94CuFSNc07_&passive=...	0 0
GET		identifier accounts.google.com/v3/signin/ Redirect Chain https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AcMMx-dNE-FYgM6B9n-qUMp92Np34aG2r55w7UXL91-how95Ysp_O77BaWV... https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-cqNTT3zqq-YhubaXup7pMiNKeZnsVOykHyuGk6a1vtghfpCfvI6cguFiHdOvN_jm3RB3Vq&passive...	0 0
GET H/1.1	403 Forbidden	invoke.js whaleslightestimposter.com/66703215243c0a9abcfb813d55eabeb4/	0 0	107ms 106ms	Script application/javascript	192.243.61.227 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://whaleslightestimposter.com/66703215243c0a9abcfb813d55eabeb4/invoke.js Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.21.6 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers Accept-CH Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Connection keep-alive Access-Control-Allow-Origin * Content-Length 0 P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Date Sun, 27 Oct 2024 12:39:00 GMT Content-Type application/javascript Host whaleslightestimposter.com Server nginx/1.21.6
GET H/1.1	403 Forbidden	invoke.js whaleslightestimposter.com/fb443fc9e797c521f2a047e0941ef938/	0 0	198ms 98ms	Script application/javascript	192.243.61.227 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://whaleslightestimposter.com/fb443fc9e797c521f2a047e0941ef938/invoke.js Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.21.6 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers Accept-CH Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Connection keep-alive Access-Control-Allow-Origin * Content-Length 0 P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Date Sun, 27 Oct 2024 12:39:00 GMT Content-Type application/javascript Host whaleslightestimposter.com Server nginx/1.21.6
GET H2	404	scripts.js files.9minecraft.net/	0 0	524ms 522ms	Script text/html	2606:4700:20::ac43:4667 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://files.9minecraft.net/scripts.js Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4667 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/index.php?act=dl&id=1665805668 Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hU3KEorbM5eh51slxDgFuPiP8e2ODgx4ks1IP11NibIkQN6msZrEG4rL3pb6pnrNJdB9MD5cnqrsprEh3Du2jTfNOHGqGsjFBvAeI0%2B6fqDNCtMf8aHMyGZp7UBm0C6EwTDzN0%2BePiHHXlG4dAfeTpXO"}],"group":"cf-nel","max_age":604800} cf-ray 8d92bf112811d282-FRA date Sun, 27 Oct 2024 12:39:00 GMT content-type text/html; charset=iso-8859-1 server cloudflare
GET H3	200	popunder.gif kinarilyhukelpfulin.com/	35 B 735 B	21ms 20ms	Image image/gif	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://kinarilyhukelpfulin.com/popunder.gif Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/index.php?act=dl&id=1665805668 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers content-encoding gzip cf-cache-status HIT age 69957 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e6hpPdnZSv1W2hxm%2BqOKZBLHxuioUDmHFwYQuxF4D8P5keIq9BxRo51QfRkRONtFwvqpqankCB75lMY%2BYiW9nKTkk6g6J1jqFjDz6hpCxflDSJqgfHhTdTt7lKLKSEZMHOGdW8cX6g8SGw%3D%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=13156&sent=15&recv=13&lost=0&retrans=0&sent_bytes=4862&recv_bytes=5002&delivery_rate=12291&cwnd=12000&unsent_bytes=0&cid=5b7b55726be56102&ts=376&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 27 Oct 2024 12:39:00 GMT content-type image/gif last-modified Sat, 26 Oct 2024 17:13:03 GMT vary Accept-Encoding priority u=3,i cache-control public, max-age=604800, immutable nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma public cf-ray 8d92bf135f66dbce-FRA accept-ranges bytes access-control-allow-origin * content-length 58 server cloudflare
GET H/1.1	403 Forbidden	invoke.js whaleslightestimposter.com/66703215243c0a9abcfb813d55eabeb4/	0 0	97ms 96ms	Script application/javascript	192.243.61.227 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://whaleslightestimposter.com/66703215243c0a9abcfb813d55eabeb4/invoke.js Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.21.6 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers Accept-CH Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Connection keep-alive Access-Control-Allow-Origin * Content-Length 0 P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Date Sun, 27 Oct 2024 12:39:00 GMT Content-Type application/javascript Host whaleslightestimposter.com Server nginx/1.21.6
GET H2	200	favicon.ico files.9minecraft.net/	1 KB 661 B	866ms 865ms	Other image/vnd.microsoft.icon	2606:4700:20::ac43:4667 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://files.9minecraft.net/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4667 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee0788dd0f117abc71713aa0e037772986d5c9f4a9b9c2cd527368e64df72a49 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/index.php?act=dl&id=1665805668 Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status DYNAMIC etag W/"57e-6106f6984f780" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBGU4cZo8dSCm4nXQ%2Fzvb8S6AwJFUsAnYsfECVc9MC7LZ8xzV07lixiXC%2FUwqzsdd9kzgew%2BfWIaHhRk5PUSz%2B4d3wVebyAh1GMxTJJNbcajXi%2B87aPASmlQp3Bto4jxjvLjtyrV3uF1ERI4BxRo1dKE"}],"group":"cf-nel","max_age":604800} cf-ray 8d92bf158ac3d282-FRA date Sun, 27 Oct 2024 12:39:01 GMT content-type image/vnd.microsoft.icon last-modified Sat, 03 Feb 2024 00:35:58 GMT server cloudflare
GET H/1.1	403 Forbidden	invoke.js whaleslightestimposter.com/66703215243c0a9abcfb813d55eabeb4/	0 0	95ms 94ms	Script application/javascript	192.243.61.227 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://whaleslightestimposter.com/66703215243c0a9abcfb813d55eabeb4/invoke.js Requested by Host: files.9minecraft.net URL: https://files.9minecraft.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.21.6 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://files.9minecraft.net/ Response headers Accept-CH Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA Connection keep-alive Access-Control-Allow-Origin * Content-Length 0 P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Date Sun, 27 Oct 2024 12:39:00 GMT Content-Type application/javascript Host whaleslightestimposter.com Server nginx/1.21.6

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.facebook.com

URL

https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp

Domain

accounts.google.com

URL

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-cLqNuS_09W05aYlU3MsxQHHtVCcPwYzm_LRW5I1qVlGNjX9HwAY6oITZ43x94CuFSNc07_&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1713470307%3A1730032740196548&ddm=0

Domain

accounts.google.com

URL

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-cqNTT3zqq-YhubaXup7pMiNKeZnsVOykHyuGk6a1vtghfpCfvI6cguFiHdOvN_jm3RB3Vq&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1728275369%3A1730032740201750&ddm=0

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| utr_1089995 number| userTrackingInterval number| _2752138118 object| __cfQR number| iinf object| atOptions object| myButton boolean| __cfRLUnblockHandlers

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ukankingwithea.com/	1970-01-21 09:12:16	Name: csu Value: 2087368388999981@1@1730032740

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://whaleslightestimposter.com/574d560be5a444b1215af0c52be1d13c/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://whaleslightestimposter.com/66703215243c0a9abcfb813d55eabeb4/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://whaleslightestimposter.com/fb443fc9e797c521f2a047e0941ef938/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://files.9minecraft.net/scripts.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://whaleslightestimposter.com/66703215243c0a9abcfb813d55eabeb4/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://whaleslightestimposter.com/66703215243c0a9abcfb813d55eabeb4/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
d2w9cdu84xc4eq.cloudfront.net
files.9minecraft.net
fonts.googleapis.com
kinarilyhukelpfulin.com
ordinghology.com
ukankingwithea.com
whaleslightestimposter.com
www.facebook.com
accounts.google.com
www.facebook.com
13.32.99.70
188.114.96.3
188.114.97.3
192.243.61.227
2600:9000:223f:6800:d:547c:9480:21
2606:4700:20::ac43:4667
2a00:1450:4001:81d::200a
12b2c3ed7a6893c3c674e2fc8ce21ab9046ca6911c443fb15e6570cf53cdf04b
549eee1f5a6f50384324a9fa2f786e26c4900c3f51e753adc0fedf11d4f1ff3d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a5079d46b2bf2bab905d812ff8c29c212ce3adbfc732273c9d5e93aef3c1b13a
b9d13c0bfab55d0511e8fc3fb6c56865fa200a8bd2aacf67b61112179451d578
c8f8b465985c395cad16d0c2b264f60195eaed29430f0a30de1bb3d358f7a735
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec1ce999cfc5c45577cd9caa4b8231483de56426d7ef730039e359bb46ee88f7
ee0788dd0f117abc71713aa0e037772986d5c9f4a9b9c2cd527368e64df72a49
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16