Report - romsfun.com/download/need-for-speed-most-wanted-4-40992/2

Report Overview

Visited public
2024-08-29 22:43:20
Tags
Submit Tags
URL
romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Finishing URL
romsfun.com/download/need-for-speed-most-wanted-4-40992/2
IP / ASN
104.26.13.236
#13335 CLOUDFLARENET
Title
Download Need for Speed: Most Wanted ROM & ISO - PS3 Game

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-28 18:12:07	1.3 kB	3.6 kB	23.36.76.226
romsfun.com	314183	2021-01-05	2021-01-06 09:53:22	2024-07-11 18:27:53	10 kB	763 kB	104.26.13.236
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-08-29 04:37:05	868 B	171 kB	142.250.74.136
cvxwaslonejulyha.info	unknown	unknown	No data	No data	971 B	1.8 kB	108.157.214.102
getrunkhomuto.info	unknown	2024-03-31	2024-03-31 12:52:35	2024-08-29 19:56:13	922 B	1.8 kB	108.157.229.76
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2024-08-28 18:13:42	3.7 kB	28 kB	64.233.163.84
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-28 18:12:05	654 B	1.8 kB	23.36.76.226
pogothere.xyz	unknown	2022-08-22	2022-09-04 21:11:25	2024-08-29 09:32:46	832 B	104 kB	172.67.220.203
dt3y1f1i1disy.cloudfront.net	unknown	2008-04-25	2024-06-10 21:05:24	2024-08-01 19:34:17	1.8 kB	71 kB	143.204.42.202
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-08-28 18:24:30	1.6 kB	3.5 kB	142.250.74.131
yusiswensaidoh.info	unknown	unknown	No data	No data	1.6 kB	1.9 kB	104.21.25.216

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-29	medium	cvxwaslonejulyha.info	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-CXR95QZ9B0&l=dataLayer&cx=c	ScriptElement	265 kB	2024-08-31	2024-08-31
Pretty URL www.googletagmanager.com/gtag/js?id=G-CXR95QZ9B0&l=dataLayer&cx=c IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-31 08:35 Last Seen2024-08-31 08:35 Times Seen2 Hash 6f7ee2631d4536089c4cee9ce5f6784b 495d96b1305e18f75aa2d9d2c1397fa263689c67 84b2c191f5e37ad6ec42e14dd38c3c3163e2a27da464be3ea182cbd9f4a27265 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-13
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-13 06:25 Times Seen407886 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	romsfun.com/wp-includes/js/jquery/jquery.js?ver=3.7.1	ScriptElement	141 kB	2023-11-16	2025-07-05
Pretty URL romsfun.com/wp-includes/js/jquery/jquery.js?ver=3.7.1 IP 104.26.13.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2025-07-05 15:14 Times Seen134 Hash 15d149d159697f14f22caca6467e2174 22b596ae7aad63a4118c6304b9e4587b246b80a0 508a8d88a4db7b5ef87b1d5b6fc60e56b7c5384b75b75b10e77f298ea108b510 Loading...

	romsfun.com/download/need-for-speed-most-wanted-4-40992/2	ScriptElement	154 B	2023-03-12	2025-07-12
Pretty URL romsfun.com/download/need-for-speed-most-wanted-4-40992/2 IP 104.26.13.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 11:39 Last Seen2025-07-12 23:42 Times Seen183 Hash 8d7444ba152aae0282a6738064d9bea3 c933aa5aaa985bc9cbb540da2af946e49d5ac89f 4ab58bdef37cafc6c8613216447b0d8074e0e4a133b23acaa2aeb3856aee33fe Loading...

	romsfun.com/download/need-for-speed-most-wanted-4-40992/2	ScriptElement	102 B	2023-03-12	2025-07-12
Pretty URL romsfun.com/download/need-for-speed-most-wanted-4-40992/2 IP 104.26.13.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 11:39 Last Seen2025-07-12 23:42 Times Seen180 Hash f1afecca58bbea096e1f40082c1a81d0 2d7f288793f0042033236e03a2043173d6a29cf7 79afca549552a12dcbda55428465f0e0c10952e87253bc7d4b079b8509bb1250 Loading...

	romsfun.com/wp-content/themes/romsfun/js/site.js?ver=1.5	ScriptElement	7.3 kB	2024-01-06	2024-10-22
Pretty URL romsfun.com/wp-content/themes/romsfun/js/site.js?ver=1.5 IP 104.26.13.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-06 21:02 Last Seen2024-10-22 18:45 Times Seen78 Hash d0c06ac274cc1ffad4888bc2e04ed7e2 e53ab6dfa900d7f0910f483838c3c9849833f143 3e3f5004d73e0fd91f6ec8bd3e9017a3ac49774c7af908da74daac5afe57cf3d Loading...

	www.googletagmanager.com/gtag/js?id=UA-89527130-9	ScriptElement	215 kB	2024-08-31	2024-08-31
Pretty URL www.googletagmanager.com/gtag/js?id=UA-89527130-9 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-31 08:35 Last Seen2024-08-31 08:35 Times Seen1 Hash 5cafb1a42d9ac5af7a982c71bf64c180 3e765d6eaaa2632f401172ff0083aeca66bd28d2 539bc1b1687af47a5c4daa38b7e6846f8e805ddc749d696e675211fb694214bb Loading...

	romsfun.com/wp-content/themes/romsfun/js/bootstrap.min.js?ver=1.5	ScriptElement	166 kB	2023-10-24	2025-07-12
Pretty URL romsfun.com/wp-content/themes/romsfun/js/bootstrap.min.js?ver=1.5 IP 104.26.13.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 03:42 Last Seen2025-07-12 23:42 Times Seen166 Hash 9c407d157bf5ffc36814e6cc948a11e9 5d598bfa7ada13784621d76d1bb907d58c20bbd0 4a090a9b8bbb0f86926f094f4f1543ba2a48b776baff36d6429f8a9639d741a8 Loading...

	romsfun.com/download/need-for-speed-most-wanted-4-40992/2	ScriptElement	921 B	2024-08-31	2024-08-31
Pretty URL romsfun.com/download/need-for-speed-most-wanted-4-40992/2 IP 104.26.13.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-31 08:35 Last Seen2024-08-31 08:35 Times Seen1 Hash 019fd950ae75970885dbf64155b35533 43339fc4023aab8b05e384518b084d40702255ee d1f69ba2a14d38f20d067b45a067083d139a6c8ebe6bf7e33784bb6c64bda294 Loading...

	romsfun.com/download/need-for-speed-most-wanted-4-40992/sandbox%20eval%20code		147 B	2023-04-11	2025-07-13
Pretty URL romsfun.com/download/need-for-speed-most-wanted-4-40992/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-13 06:25 Times Seen408303 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	dt3y1f1i1disy.cloudfront.net/?ifytd=1058666	ScriptElement	210 kB	2024-08-31	2024-08-31
Pretty URL dt3y1f1i1disy.cloudfront.net/?ifytd=1058666 IP 143.204.42.202 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-31 08:35 Last Seen2024-08-31 08:35 Times Seen2 Hash 70d024e3d2eda918b83b22e6b77d784f 88862df4c0d0efbdcd19098fbe48eae2a507a1e4 ff703eb75886497ad2e094509b38b05e81a166b48c8b80699ff5f4e105e52139 Loading...

	unknown	ScriptElement	236 B	2024-08-31	2024-08-31
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-31 08:35 Last Seen2024-08-31 08:35 Times Seen1 Hash c70fb86625619063579fa6cde008a005 22cb277df59083e7a8e34f6d8686f54615cb9657 ca3f16e38d3743bf261e29409f5fb3522330d7380421b5e38f89c633d01cbfc9 Loading...

	romsfun.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.7 kB	2024-08-31	2024-08-31
Pretty URL romsfun.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.26.13.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-31 08:35 Last Seen2024-08-31 08:35 Times Seen1 Hash 2d34f719d5cdc306697986d0246db767 99d4ebd340efee814ec35f76537a81f519a3bda9 16d5b7dab311bb845cc1acdbb361c392a4d67947496774c4af95961d8e663158 Loading...

	romsfun.com/wp-includes/js/jquery/jquery-migrate.js?ver=3.4.1	ScriptElement	19 kB	2023-08-30	2025-02-19
Pretty URL romsfun.com/wp-includes/js/jquery/jquery-migrate.js?ver=3.4.1 IP 104.26.13.236 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-30 21:22 Last Seen2025-02-19 13:41 Times Seen98 Hash 318a8652a313c02b1d19f46b7ef1e426 afc5e61e6185848646a929a2287386a788870329 82815a7dba0c18a1092121e80005ee37b0390b8b755a6dc8ba03e199ed3a2501 Loading...

HTTP Transactions (49)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c3d1bfb12515d2f23214f980f7a18b8c
24cc3d9048888cc7e1f4ff42b8fdc1c16c9feb46
35a446cea345dbdb2c297726a3d6cc5f1088f4f9a3f65904c3b9655056efda06

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "35A446CEA345DBDB2C297726A3D6CC5F1088F4F9A3F65904C3B9655056EFDA06"
Last-Modified: Thu, 29 Aug 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12237
Expires: Fri, 30 Aug 2024 02:06:49 GMT
Date: Thu, 29 Aug 2024 22:42:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ad9353fb65f1fa0bbdceb3c11014bc98
ae9f125b1b5a65ad7b6e225c0f35f1731089268f
79aed0724a285fba7afa425eed0e3aa473b6d1465ff7a8a45c63b0fb5e198d91

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "79AED0724A285FBA7AFA425EED0E3AA473B6D1465FF7A8A45C63B0FB5E198D91"
Last-Modified: Wed, 28 Aug 2024 19:52:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19901
Expires: Fri, 30 Aug 2024 04:14:33 GMT
Date: Thu, 29 Aug 2024 22:42:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d1b950f0bd232ad70f30bec1a18d94b3
c5cb139e5fc383bbfa53e29adb3f67f1133d97f7
dddf51c8f55bfa6412a026a2c39ba779b5c701370dbd7f2fc1aac0e08e706c72

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DDDF51C8F55BFA6412A026A2C39BA779B5C701370DBD7F2FC1AAC0E08E706C72"
Last-Modified: Wed, 28 Aug 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17381
Expires: Fri, 30 Aug 2024 03:32:33 GMT
Date: Thu, 29 Aug 2024 22:42:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
41d99bdb0bce7036541a169e82b157fd
448d08018f9868e2a7ccda7a3bdc81242cfdb412
441e957bca9afb4a865df5362c94cc68df8071610ef8c8b49ec682bf57d81b4e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "441E957BCA9AFB4A865DF5362C94CC68DF8071610EF8C8B49EC682BF57D81B4E"
Last-Modified: Wed, 28 Aug 2024 14:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18712
Expires: Fri, 30 Aug 2024 03:54:45 GMT
Date: Thu, 29 Aug 2024 22:42:53 GMT
Connection: keep-alive

GET romsfun.com/wp-content/uploads/2023/08/LOGO.png

104.26.13.236

200 OK

3.4 kB

URL GET HTTP/3
romsfun.com/wp-content/uploads/2023/08/LOGO.png
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
PNG image data, 250 x 37, 8-bit/color RGBA, non-interlaced
Size
3.4 kB (3353 bytes)
Hash
ae49b2e6869d15f84ee14c108f7c47c1
f902bb6413098a058891465a2c2453c7635fb869
3c64d789f1bad2e11da480a16e36a4a239334f022929183eaccc0d22a5c6cffe

HTTP Headers

GET /wp-content/uploads/2023/08/LOGO.png HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: image/png
content-length: 3353
last-modified: Fri, 25 Aug 2023 20:00:32 GMT
etag: "64e90860-d19"
expires: Thu, 26 Sep 2024 15:53:15 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 197378
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g6jPv66oatfHOd1m4z%2F6Lct4zvm8MQwa1JjuSTx2%2F0%2BbbKdUcwb3spFVZUNka3N8NwGPCONzbu2xIEXZ19MKEmQSUvejkua3q4m6tBK0MPFaoDzu4bC5aHaSdmx5fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bb00e8a5a0eb509-OSL
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/uploads/2020/11/ryu-ga-gotoku-zero-chikai-no-basho-370527.8-300x300.jpg

104.26.13.236

200 OK

23 kB

URL GET HTTP/3
romsfun.com/wp-content/uploads/2020/11/ryu-ga-gotoku-zero-chikai-no-basho-370527.8-300x300.jpg
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp
Size
23 kB (22774 bytes)
Hash
6e02c97fb3bf6dd5c41f220f4717e9e8
c9aab56d06387cf3b90c18a75c639ef777427f3d
12bc02e7e96ea0c94cddb1e9a15a1da051d0166fba107f7621f2845de8404d73

HTTP Headers

GET /wp-content/uploads/2020/11/ryu-ga-gotoku-zero-chikai-no-basho-370527.8-300x300.jpg HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: image/webp
content-length: 22774
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=23891
content-disposition: inline; filename="ryu-ga-gotoku-zero-chikai-no-basho-370527.webp"
etag: "617d8107-5d53"
expires: Mon, 23 Sep 2024 14:45:49 GMT
last-modified: Sat, 30 Oct 2021 17:29:43 GMT
pragma: public
vary: Accept
cf-cache-status: HIT
age: 460624
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQxPIbJpukWDb06az2XTbF2KGVjQHrKL3dIyrZjjRcZv%2BwnFj9DZtSwZmt3RdpbSnIPmy98zcuqFfRe6F5v2cNizZikKE4Z2%2FDIxeJ5%2FBioCAL7OdK127suHcHXYbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a5a10b509-OSL
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/uploads/2020/01/Battlefield-1943-ps3-300x346.png

104.26.13.236

200 OK

59 kB

URL GET HTTP/3
romsfun.com/wp-content/uploads/2020/01/Battlefield-1943-ps3-300x346.png
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
PNG image data, 300 x 346, 8-bit colormap, non-interlaced
Size
59 kB (59016 bytes)
Hash
7e95425be6a5daaf9f8be568d1f89c67
cf6099caec5f9937964afe04d6b6a50bed4a0793
2e5b5d863989933db8c505bb009574484a70f48270b3240d669766b80d5ef803

HTTP Headers

GET /wp-content/uploads/2020/01/Battlefield-1943-ps3-300x346.png HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: image/png
content-length: 59016
last-modified: Sat, 30 Oct 2021 19:01:57 GMT
etag: "617d96a5-e688"
expires: Mon, 23 Sep 2024 15:12:02 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 459051
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u15IJpqhmYh%2F61T8a%2BZHEmeyMRUnYd7acZIGkCd%2BIQ0Rf8O4kDMig6h1Pw%2BuBxy%2FiOwYqAZ5lXk71wC5zD31ZAe4mq2d%2FOtPYyHuwpr9%2FCuT9BPjSocsQhqchVARjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bb00e8a5a0fb509-OSL
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/uploads/2019/10/dragon-age-ii-ps3-300x341.jpg

104.26.13.236

200 OK

22 kB

URL GET HTTP/3
romsfun.com/wp-content/uploads/2019/10/dragon-age-ii-ps3-300x341.jpg
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x341, Scaling: [none]x[none], YUV color, decoders should clamp
Size
22 kB (22066 bytes)
Hash
ade7d9bdf98f312b2527d3b2309695dc
c8e3ca7febdaa95d72109065c520f564c8bab240
21c7001a7d8f304c642117a8035b90037117e8986d4c80ba3b2dc8f4f7210684

HTTP Headers

GET /wp-content/uploads/2019/10/dragon-age-ii-ps3-300x341.jpg HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: image/webp
content-length: 22066
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=27205
content-disposition: inline; filename="dragon-age-ii-ps3-300x341.webp"
etag: "617da95e-6a45"
expires: Mon, 23 Sep 2024 15:06:37 GMT
last-modified: Sat, 30 Oct 2021 20:21:50 GMT
pragma: public
vary: Accept
cf-cache-status: HIT
age: 459376
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9UeEC5y4NkxXpZY5ooH65RaH7rYMNlMyTxfYT5OByrXlvlexbFnYeyV8uwsWBb9G0WgvQ5oYqo1SLjr7IdhjuuidI4v8fccv4bIht%2BOPyUhRLgn0dTiqGiN9xoxsvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a5a16b509-OSL
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/uploads/2020/01/1234-300x340.png

104.26.13.236

200 OK

62 kB

URL GET HTTP/3
romsfun.com/wp-content/uploads/2020/01/1234-300x340.png
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
RIFF (little-endian) data, Web/P image
Size
62 kB (62192 bytes)
Hash
19e9077071c6a94f8aa958bc1c45f078
83bb55842311c74d4f209ba171ec2a3d177eb673
5cb96233587b9bafd71f62d6aa4eefa85998999237113ffb8116226436e19578

HTTP Headers

GET /wp-content/uploads/2020/01/1234-300x340.png HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: image/webp
content-length: 62192
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=64651
content-disposition: inline; filename="1234-300x340.webp"
etag: "617d97b5-fc8b"
expires: Mon, 23 Sep 2024 15:06:37 GMT
last-modified: Sat, 30 Oct 2021 19:06:29 GMT
pragma: public
vary: Accept
cf-cache-status: HIT
age: 459376
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sNqM5g%2BRzEFAqeAy1VEMueOczCYsHtTNvFBFt1YlwQTlp7A7qDzAo3tl70fEtyfbuQzR9FjDr3e4BHrtoNJGw%2Blt4w5bGxzyTur5tf0SjMQw%2BONpIvtDxqechcRnbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a5a1ab509-OSL
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/uploads/2020/11/914MHWeFhcL._SL1500_-300x345.jpg

104.26.13.236

200 OK

34 kB

URL GET HTTP/3
romsfun.com/wp-content/uploads/2020/11/914MHWeFhcL._SL1500_-300x345.jpg
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x345, components 3
Size
34 kB (34285 bytes)
Hash
d9e5cd85aa1a921e7d8174cf85a92a22
d12b822ae5d42cc443ec182a8805574b3bac8b47
b7fc748f906cd415518025e8a8c72004bae18de9867443f12a4514e38e55f74d

HTTP Headers

GET /wp-content/uploads/2020/11/914MHWeFhcL._SL1500_-300x345.jpg HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: image/jpeg
content-length: 34285
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=34718, status=webp_bigger
etag: "617d8009-879e"
expires: Mon, 23 Sep 2024 15:06:37 GMT
last-modified: Sat, 30 Oct 2021 17:25:29 GMT
pragma: public
cf-cache-status: HIT
age: 459376
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eJeEdXICN3IMgGdvc1RKwmhnJIs%2Bsu1mvzA7JPSmuDT7QBdxmSl5Vm47M5NvBAt65VcuN5BndA941sR45pAILF3Mi0ppA2QqbGRxrRLrF8JdSlzWK7yCn%2BmVfjwEfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bb00e8a5a1bb509-OSL
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/uploads/2019/10/kingdom-hearts-hd-1.5-remix-ps3-300x346.jpg

104.26.13.236

200 OK

32 kB

URL GET HTTP/3
romsfun.com/wp-content/uploads/2019/10/kingdom-hearts-hd-1.5-remix-ps3-300x346.jpg
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x346, components 3
Size
32 kB (32471 bytes)
Hash
30aee845234af8aadc8e436e2e3dc740
dd2df21dc988493d3febfc1cfecbf4bef6aae5ba
5475736fa4bcd1504e4ffcda8831e7bd66fd97b58e6361b18b2f7d6df2f05e34

HTTP Headers

GET /wp-content/uploads/2019/10/kingdom-hearts-hd-1.5-remix-ps3-300x346.jpg HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: image/jpeg
content-length: 32471
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=33288, status=webp_bigger
etag: "617da9fb-8208"
expires: Mon, 23 Sep 2024 15:06:37 GMT
last-modified: Sat, 30 Oct 2021 20:24:27 GMT
pragma: public
cf-cache-status: HIT
age: 459376
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KW18%2BvbiSBGdl%2BpM3R2YC%2BXnL7aOxdqBjkyHhEtN36i1ooxTvdQVVgvErwSHVjcWx0RDSlkYw9cTYitZNPHY6DKYW4GfD2ztd9OPpixstG8sWqSC%2Fr7zF85%2FyjTl%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bb00e8a6a1db509-OSL
alt-svc: h3=":443"; ma=86400

GET dt3y1f1i1disy.cloudfront.net/?ifytd=1058666

143.204.42.202

200 OK

69 kB

URL GET HTTP/2
dt3y1f1i1disy.cloudfront.net/?ifytd=1058666
IP
143.204.42.202:443
ASN
#16509 AMAZON-02

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (15945)
Size
69 kB (69378 bytes)
Hash
70d024e3d2eda918b83b22e6b77d784f
88862df4c0d0efbdcd19098fbe48eae2a507a1e4
ff703eb75886497ad2e094509b38b05e81a166b48c8b80699ff5f4e105e52139

HTTP Headers

GET /?ifytd=1058666 HTTP/1.1
Host: dt3y1f1i1disy.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 69378
date: Thu, 29 Aug 2024 22:39:52 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Pw5UcSi6vRzW-EbfMtg62XQYfacEmYlEs70Xbdo9KzLWlEMkUEH7uQ==
age: 181
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
1d3d76f5276c5d2b2387a8b76cf0e663
a6bf4493b843e02faa20fa670246a429881fb68a
034691d2e829add85ac7fa0de7621eb90d182e357306ab5254d36058941eb707

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Aug 2024 22:42:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET romsfun.com/download/need-for-speed-most-wanted-4-40992/2

104.26.13.236

200 OK

8.4 kB

URL User Request GET HTTP/2
romsfun.com/download/need-for-speed-most-wanted-4-40992/2
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (8856)
Size
8.4 kB (8382 bytes)
Hash
a673bd479a665a545fc785732bf85241
22403bb95834cee25be06ee84a30b4c5ea3e6dc5
dbc121e2d0b126c4542a9d8b290261421df4973344fc0f034e66f18ebe3b3895

HTTP Headers

GET /download/need-for-speed-most-wanted-4-40992/2 HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 29 Aug 2024 22:42:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 29 Aug 2024 12:41:48 GMT
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2FghHmmbsif1bA1bX8Q0ybJwLFaji41jeb1C8Dq71%2BRJttdvXUeYnHYspaNhOmW4quGexBHXjj%2FRnVcwGR2qYq3%2BKZlpCD1gL7%2Bbs%2BGF8pOMDNe90JNjMVtxFGy2Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e87fb26b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=UA-89527130-9

142.250.74.136

200 OK

77 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-89527130-9
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint27:BF:6E:8E:D6:51:1C:C5:B2:CF:E2:E9:0F:87:D0:F3:33:23:E7:37
ValidityTue, 30 Jul 2024 12:32:47 GMT - Tue, 22 Oct 2024 12:32:46 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
77 kB (77118 bytes)
Hash
5cafb1a42d9ac5af7a982c71bf64c180
3e765d6eaaa2632f401172ff0083aeca66bd28d2
539bc1b1687af47a5c4daa38b7e6846f8e805ddc749d696e675211fb694214bb

HTTP Headers

GET /gtag/js?id=UA-89527130-9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Aug 2024 22:42:53 GMT
expires: Thu, 29 Aug 2024 22:42:53 GMT
cache-control: private, max-age=900
last-modified: Thu, 29 Aug 2024 21:59:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77118
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
1d3d76f5276c5d2b2387a8b76cf0e663
a6bf4493b843e02faa20fa670246a429881fb68a
034691d2e829add85ac7fa0de7621eb90d182e357306ab5254d36058941eb707

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Aug 2024 22:42:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET romsfun.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.26.13.236

302 Found

0 B

URL GET HTTP/3
romsfun.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Thu, 29 Aug 2024 22:42:53 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hT3QOo12jEBALI%2Bovp0AYDJwnnmoLqIWtZ0Zkh1I2WrGEyxIIsZSdnPeWzP%2B5CJPkxuXFHGemAJ3qqLuwjuGjmqAwKh1tsvVkra8XrP2IPHX%2Bw71Ml0dKyvOJGVdCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bb00e8d4d4ab509-OSL
alt-svc: h3=":443"; ma=86400

GET yusiswensaidoh.info/VTF3cU56DhQCcwd2GyYaAF0NJgkPFEUzKA1JJSsGYAcRJwg8Vy9BaCFYE0x/ZQRPR3hjFwcYKmgAUQI6NEUCAnNkFx4fKDoMUQdzZB9ERWBmB1lFaCAMRlc6JVAQTH9zQQMFImgAQEN6bAZGQnlmBUFD

104.21.25.216

204 No Content

0 B

URL GET HTTP/2
yusiswensaidoh.info/VTF3cU56DhQCcwd2GyYaAF0NJgkPFEUzKA1JJSsGYAcRJwg8Vy9BaCFYE0x/ZQRPR3hjFwcYKmgAUQI6NEUCAnNkFx4fKDoMUQdzZB9ERWBmB1lFaCAMRlc6JVAQTH9zQQMFImgAQEN6bAZGQnlmBUFD
IP
104.21.25.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectyusiswensaidoh.info
FingerprintBF:62:28:5A:EE:99:27:BB:3A:0C:E9:72:0D:DD:62:45:ED:8B:26:3E
ValidityTue, 09 Jul 2024 04:17:21 GMT - Mon, 07 Oct 2024 04:17:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /VTF3cU56DhQCcwd2GyYaAF0NJgkPFEUzKA1JJSsGYAcRJwg8Vy9BaCFYE0x/ZQRPR3hjFwcYKmgAUQI6NEUCAnNkFx4fKDoMUQdzZB9ERWBmB1lFaCAMRlc6JVAQTH9zQQMFImgAQEN6bAZGQnlmBUFD HTTP/1.1
Host: yusiswensaidoh.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 29 Aug 2024 22:42:53 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mfln5oluMMpv%2FdquQOL5o9VcnS1YiAupadZCBLgk9i%2FNYqQ%2BHDmcDAwcS1Yma2NrgAyUag57LkNRe8G7HaU5fkUjmvtwq5U3l%2BtWcnd2gdiJK%2BV0IOv4hk%2BrwRnoJ%2F2F%2B9jJN7tl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8d4d4bb509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET yusiswensaidoh.info/c1E3SmJcblQ5XyY9dTM0GAtaEDc9PFQnFh0CBQhTEjxxCThAFBE+CxdsBnpXS2gHeEQDOFN3U0t3RD4DByREd1NVOFksDU53QXdTXWEZeExGd0J3U1UlRysFTmAROhYHPQp7VUFlDn1TQGYEflpA

104.21.25.216

204 No Content

0 B

URL GET HTTP/2
yusiswensaidoh.info/c1E3SmJcblQ5XyY9dTM0GAtaEDc9PFQnFh0CBQhTEjxxCThAFBE+CxdsBnpXS2gHeEQDOFN3U0t3RD4DByREd1NVOFksDU53QXdTXWEZeExGd0J3U1UlRysFTmAROhYHPQp7VUFlDn1TQGYEflpA
IP
104.21.25.216:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectyusiswensaidoh.info
FingerprintBF:62:28:5A:EE:99:27:BB:3A:0C:E9:72:0D:DD:62:45:ED:8B:26:3E
ValidityTue, 09 Jul 2024 04:17:21 GMT - Mon, 07 Oct 2024 04:17:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c1E3SmJcblQ5XyY9dTM0GAtaEDc9PFQnFh0CBQhTEjxxCThAFBE+CxdsBnpXS2gHeEQDOFN3U0t3RD4DByREd1NVOFksDU53QXdTXWEZeExGd0J3U1UlRysFTmAROhYHPQp7VUFlDn1TQGYEflpA HTTP/1.1
Host: yusiswensaidoh.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 29 Aug 2024 22:42:53 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yPRL1INuogL7GSsaWCID0QQdcxVJsFaxLiOY49hPUqDLYwqQkc%2BTJUpCyyMw92DZTjPcKPI5AVqGmAwT8cGa7bTADuuMw6smqEiYQL8VmWvO1wMe0inHIFO7ZsT%2BloUN9cGxkFWd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8d6d57b509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-CXR95QZ9B0&l=dataLayer&cx=c

142.250.74.136

200 OK

93 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-CXR95QZ9B0&l=dataLayer&cx=c
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint27:BF:6E:8E:D6:51:1C:C5:B2:CF:E2:E9:0F:87:D0:F3:33:23:E7:37
ValidityTue, 30 Jul 2024 12:32:47 GMT - Tue, 22 Oct 2024 12:32:46 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
93 kB (92810 bytes)
Hash
6f7ee2631d4536089c4cee9ce5f6784b
495d96b1305e18f75aa2d9d2c1397fa263689c67
84b2c191f5e37ad6ec42e14dd38c3c3163e2a27da464be3ea182cbd9f4a27265

HTTP Headers

GET /gtag/js?id=G-CXR95QZ9B0&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Aug 2024 22:42:53 GMT
expires: Thu, 29 Aug 2024 22:42:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92810
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET cvxwaslonejulyha.info/MG5LQmpRDCgvVVFTKWQfQgJ2Z1h2S3kEDkRdMnMMAQd6JgNDF2UhBl8bLyQYXwA/bARVGm5wLHsKeQhfZTt/Fy5iDXghO30iAxUSFVwNEFtULBFxAnI8CikAexYNJClKWiEAK2EjG3ArZSoZEFl6LxoMLEkoMQoAYTYNOjtpOwgqAHI7fhoySTt7B1sJJC87I2cqCXcZUSwCDy1dFm5wLGU/BiYnAyAPECsABgIQElYtDwsNchkGECFjDQgAPAgFB3IFYCgiMQR3GX8bDngZMxRbVAYqcjxjOxguTwIoGSkOeyt5NixlBh52I3EnKhotfkt5AC4BHhsGBFgqGXJHXzoqcjxjLTImGGItBQMwAiwDEVtIBC0qK3gpIS0CZQIKZ1h2N3h3LWUFJyUMWzQDEVh1AQMqK1MgMgc6Yl44Gg4AKAYRMlNZGC4nFgQ4LQRAUyIUBHY0JHA7AiVydw

108.157.214.102

200 OK

1.2 kB

URL GET HTTP/2
cvxwaslonejulyha.info/MG5LQmpRDCgvVVFTKWQfQgJ2Z1h2S3kEDkRdMnMMAQd6JgNDF2UhBl8bLyQYXwA/bARVGm5wLHsKeQhfZTt/Fy5iDXghO30iAxUSFVwNEFtULBFxAnI8CikAexYNJClKWiEAK2EjG3ArZSoZEFl6LxoMLEkoMQoAYTYNOjtpOwgqAHI7fhoySTt7B1sJJC87I2cqCXcZUSwCDy1dFm5wLGU/BiYnAyAPECsABgIQElYtDwsNchkGECFjDQgAPAgFB3IFYCgiMQR3GX8bDngZMxRbVAYqcjxjOxguTwIoGSkOeyt5NixlBh52I3EnKhotfkt5AC4BHhsGBFgqGXJHXzoqcjxjLTImGGItBQMwAiwDEVtIBC0qK3gpIS0CZQIKZ1h2N3h3LWUFJyUMWzQDEVh1AQMqK1MgMgc6Yl44Gg4AKAYRMlNZGC4nFgQ4LQRAUyIUBHY0JHA7AiVydw
IP
108.157.214.102:443
ASN
#16509 AMAZON-02

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerAmazon
Subjectcvxwaslonejulyha.info
Fingerprint63:20:19:0D:4D:29:D5:6A:7C:71:98:FE:20:19:D3:D9:A1:D8:F6:7E
ValiditySun, 28 Jul 2024 00:00:00 GMT - Tue, 26 Aug 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3041), with no line terminators
Size
1.2 kB (1192 bytes)
Hash
574af80225eee9ddb38893b0bb6e4380
aa46cae76d23d1f78a669a50b419a085339cb1c9
62568ad8df3076e123132aac14cde7fea34bd1e59aa9f99a38d24e02b29ad95a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /MG5LQmpRDCgvVVFTKWQfQgJ2Z1h2S3kEDkRdMnMMAQd6JgNDF2UhBl8bLyQYXwA/bARVGm5wLHsKeQhfZTt/Fy5iDXghO30iAxUSFVwNEFtULBFxAnI8CikAexYNJClKWiEAK2EjG3ArZSoZEFl6LxoMLEkoMQoAYTYNOjtpOwgqAHI7fhoySTt7B1sJJC87I2cqCXcZUSwCDy1dFm5wLGU/BiYnAyAPECsABgIQElYtDwsNchkGECFjDQgAPAgFB3IFYCgiMQR3GX8bDngZMxRbVAYqcjxjOxguTwIoGSkOeyt5NixlBh52I3EnKhotfkt5AC4BHhsGBFgqGXJHXzoqcjxjLTImGGItBQMwAiwDEVtIBC0qK3gpIS0CZQIKZ1h2N3h3LWUFJyUMWzQDEVh1AQMqK1MgMgc6Yl44Gg4AKAYRMlNZGC4nFgQ4LQRAUyIUBHY0JHA7AiVydw HTTP/1.1
Host: cvxwaslonejulyha.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1192
date: Thu, 29 Aug 2024 22:42:53 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a8de383ae0e22ed372880220fd20b198.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: e4mlNJKplkqvdqq5yRcNcXbU76rmMIJ5y7bN4NfoaB_Q0fydfIBayg==
X-Firefox-Spdy: h2

GET getrunkhomuto.info/U1B4SHcyMhslSDJtGm4CITxFbUUVdUoOEydjAXkRYjlJLB4gKVYrGzwlHC4FPD4MZhk2JF16MQAeSyAxMjoqHTEqIzULRx4CMR4UFRJIeU4GJykOLzkFIR0hFRY2PyEJAjp8ABESCB0xKjg1EBwCCDMwGBkCOnBEEicyLCM9YRksGRE1NRo1AhMTIB0RPC4SP2A4NR0hODIdDgQABhA/GQUnORozAAIgHyE0EzQJLQoGFHlEHxE9EiQUEiEKNWsRHA4EARI8OBAEESoqMgAjHhw1GRscGj4eESssDQs4PQ04PhIhCjIGHyEOG2IUE30FBDhIGyQ9fS0GIgUBLAMcaxcbHQdiBw8ZPwAILioyAgYxAQAdFy0gQyIVEA0xAz4AKzA0NB0FMTAWXiIEPD4IdQQ0IhF+HWVoSAow

108.157.229.76

200 OK

1.2 kB

URL GET HTTP/2
getrunkhomuto.info/U1B4SHcyMhslSDJtGm4CITxFbUUVdUoOEydjAXkRYjlJLB4gKVYrGzwlHC4FPD4MZhk2JF16MQAeSyAxMjoqHTEqIzULRx4CMR4UFRJIeU4GJykOLzkFIR0hFRY2PyEJAjp8ABESCB0xKjg1EBwCCDMwGBkCOnBEEicyLCM9YRksGRE1NRo1AhMTIB0RPC4SP2A4NR0hODIdDgQABhA/GQUnORozAAIgHyE0EzQJLQoGFHlEHxE9EiQUEiEKNWsRHA4EARI8OBAEESoqMgAjHhw1GRscGj4eESssDQs4PQ04PhIhCjIGHyEOG2IUE30FBDhIGyQ9fS0GIgUBLAMcaxcbHQdiBw8ZPwAILioyAgYxAQAdFy0gQyIVEA0xAz4AKzA0NB0FMTAWXiIEPD4IdQQ0IhF+HWVoSAow
IP
108.157.229.76:443
ASN
#16509 AMAZON-02

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerAmazon
Subjectgetrunkhomuto.info
Fingerprint07:6C:15:28:EC:56:65:DE:8C:55:1C:BF:A5:DB:7B:96:8F:38:56:0E
ValidityMon, 01 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3017), with no line terminators
Size
1.2 kB (1173 bytes)
Hash
77149092fca2982f3c9ccbd4432a7869
5a035cedaf02820f3c84ff924efb3e36649fca04
01919df9337691be5127421b10506648865d9b0fadca3a7b63b1406c58a25f64

HTTP Headers

GET /U1B4SHcyMhslSDJtGm4CITxFbUUVdUoOEydjAXkRYjlJLB4gKVYrGzwlHC4FPD4MZhk2JF16MQAeSyAxMjoqHTEqIzULRx4CMR4UFRJIeU4GJykOLzkFIR0hFRY2PyEJAjp8ABESCB0xKjg1EBwCCDMwGBkCOnBEEicyLCM9YRksGRE1NRo1AhMTIB0RPC4SP2A4NR0hODIdDgQABhA/GQUnORozAAIgHyE0EzQJLQoGFHlEHxE9EiQUEiEKNWsRHA4EARI8OBAEESoqMgAjHhw1GRscGj4eESssDQs4PQ04PhIhCjIGHyEOG2IUE30FBDhIGyQ9fS0GIgUBLAMcaxcbHQdiBw8ZPwAILioyAgYxAQAdFy0gQyIVEA0xAz4AKzA0NB0FMTAWXiIEPD4IdQQ0IhF+HWVoSAow HTTP/1.1
Host: getrunkhomuto.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1173
date: Thu, 29 Aug 2024 22:42:53 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4a97b39292c0cc77b857d41135aea32a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: KWKlptJd9FSSFH1RoJbOGE48k_xWUSOVX68QmfhQit6NV6J81lv4mA==
X-Firefox-Spdy: h2

GET romsfun.com/wp-content/themes/romsfun/css/bootstrap.min.css?ver=1.5

104.26.13.236

200 OK

29 kB

URL GET HTTP/3
romsfun.com/wp-content/themes/romsfun/css/bootstrap.min.css?ver=1.5
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
gzip compressed data, from Unix
Size
29 kB (29441 bytes)
Hash
5cab9004a28c5590be18b903225313ff
5cd1dc5910762ecb50091f9bbe38c54f6b35dd7b
9c1f7fd87c1ad1a6023f05cf6b14398a71c17be4203ff9b7fd02d650c61d2c6b

HTTP Headers

GET /wp-content/themes/romsfun/css/bootstrap.min.css?ver=1.5 HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: text/css
last-modified: Fri, 17 Nov 2023 06:56:04 GMT
vary: Accept-Encoding
etag: W/"65570e84-2953d"
expires: Mon, 23 Sep 2024 14:44:35 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
content-encoding: gzip
cf-cache-status: HIT
age: 460698
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=15z61c0z%2Fihf2Jmi7PXwPrW3boy77tXvnXVu4y%2BySWQ1z41Sy0iJv1cvM5jqGHiYTpJ1ofvyGX%2FVsfeEwCvsOx9UyRAult%2ByJgOCNfRGR4woYVWS3IqwGUPgnUCZbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a4a03b509-OSL
alt-svc: h3=":443"; ma=86400

POST romsfun.com/cdn-cgi/challenge-platform/h/b/jsd/r/8bb00e87fb26b503

104.26.13.236

200 OK

0 B

URL POST HTTP/3
romsfun.com/cdn-cgi/challenge-platform/h/b/jsd/r/8bb00e87fb26b503
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8bb00e87fb26b503 HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12181
Origin: https://romsfun.com
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:54 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.romsfun.com; HttpOnly; Secure; SameSite=None
cf_clearance=lkzSQC3apbvkQADexSHicpQjfH8wxpanNF.bqshOufI-1724971374-1.2.1.1-QVZ4onyFY.Iwn0aB5V8k4RHWZLgLT.bdGjQYrPY2R9.0jjFZDTrfSXVWq_bCMzQtTh.R0ceXURZxbX1DtxjePccZJMHR.QWp91Aa1JfVAFq3MJA3h.O_lnclAokg2ZM_NSCHQHa65eh24hNOf.Wcn9PruukpXzld8jhiN36hGDJgYjjoGgly0VNm8BZASDOEayYZ2CieB9jbVq9y0VjCCvstuAhvxeT9aXs6zmiXw.4_jpAJoGBNfd892YvKzZTejTpb_VGsmMQ3G8EPQLf5UOkhlehO10CdAf1DgH0U6ahnoydE2I96J6LruBkRsEdvb_Ae8TClmcisYLFWLiuz2g; Path=/; Expires=Fri, 29-Aug-25 22:42:54 GMT; Domain=.romsfun.com; HttpOnly; Secure; SameSite=None; Partitioned
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mgx5U55U%2Bgb5a6opCJDeeZnbPHHKjK4JwaDRwPGA1LDFaSpKZTD1%2Fm7dtk2nI85LvDU7HZT%2BwJyVGgNrzq4Lolr1FX9ROAJ6K2qZcyzQ0g20ffpfA5%2FH7njvr2vD1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8fd817b509-OSL
alt-svc: h3=":443"; ma=86400

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d92eef3344f4554f74e3cb6cb8542c1a
65ae450b15708c76832864d58ad3acf7dbde2a13
37a559d3177a9b1c7a8dd0d32b981b5ffcfe06fd50b337a65a6c5b1f8b4be676

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Aug 2024 22:42:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d92eef3344f4554f74e3cb6cb8542c1a
65ae450b15708c76832864d58ad3acf7dbde2a13
37a559d3177a9b1c7a8dd0d32b981b5ffcfe06fd50b337a65a6c5b1f8b4be676

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Aug 2024 22:42:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

64.233.163.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
64.233.163.84:443
ASN
#15169 GOOGLE

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
FingerprintBF:81:A1:2A:1D:B9:BA:98:48:CC:71:D4:22:44:39:74:64:A4:07:BC
ValidityMon, 05 Aug 2024 07:20:02 GMT - Mon, 28 Oct 2024 07:20:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:5beVm7P7q8wk1E1Q9-a5fP_u6ejefQ:0lRM8P9EwmlAfviV; Expires=Sat, 29-Aug-2026 22:42:54 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Aug 2024 22:42:54 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=Ab5oB3q06XF_9goEn4sxCEHMUvy71XPDog4Rgycch8RUK0qUvhP9_JtJz-epHqCySKRe6jLz2MxD
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-R9VjomyzQhN_T0OH2M3fSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

64.233.163.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
64.233.163.84:443
ASN
#15169 GOOGLE

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
FingerprintBF:81:A1:2A:1D:B9:BA:98:48:CC:71:D4:22:44:39:74:64:A4:07:BC
ValidityMon, 05 Aug 2024 07:20:02 GMT - Mon, 28 Oct 2024 07:20:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:jaJPtpIE-NIhyTKP6Wy_3-E7LHKAJQ:ZC0n3slX0G8e2Bo6; Expires=Sat, 29-Aug-2026 22:42:54 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Aug 2024 22:42:54 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=Ab5oB3rtmdGRxNE6LV97aw4BVuq7VuItXGKRorGz7F0VoLCCHnx-WqeB56pW24YKw0B93fNPtGgw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-7toXmlyrhChJE1SujxK4mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dt3y1f1i1disy.cloudfront.net/Kd2J5UU4UDRc3cQMLHWx/R1dBZ3hBRAkjKxFfCz4jBAQMP2AUDRR3JAQNFyFzHjQXFxQYUChjBU5XXyU0E19JdyIWDB5saBIMGmx/UQMdM3NDRA0hIRxfCDIgBwMRKScCBV8kL0oPFisnGw4YdHwxV1dha0VSUSl/RkdKE2tFUhU4IAIaXGN+D1pPDnhDR0-oTa0VSCydrRCNAZ2BHS1xjfhAHGjohUlA/Y35GUklgfkZHS2EoHhAcNyEPR0sXd0FMSXc7SlM

143.204.42.202

601 B

URL
dt3y1f1i1disy.cloudfront.net/Kd2J5UU4UDRc3cQMLHWx/R1dBZ3hBRAkjKxFfCz4jBAQMP2AUDRR3JAQNFyFzHjQXFxQYUChjBU5XXyU0E19JdyIWDB5saBIMGmx/UQMdM3NDRA0hIRxfCDIgBwMRKScCBV8kL0oPFisnGw4YdHwxV1dha0VSUSl/RkdKE2tFUhU4IAIaXGN+D1pPDnhDR0-oTa0VSCydrRCNAZ2BHS1xjfhAHGjohUlA/Y35GUklgfkZHS2EoHhAcNyEPR0sXd0FMSXc7SlM
IP
143.204.42.202:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
ASCII text, with very long lines (848), with no line terminators
Size
601 B (601 bytes)
Hash
46f5b1695e73ea2b223a57334ae7140b
29faffec161497d8bc8d3aca961a2c45dcb10f91
33cf905c5e8bfb78543bb30c11136824add8c6c477a91bda37e22f8e65f0c83a

HTTP Headers

GET /Kd2J5UU4UDRc3cQMLHWx/R1dBZ3hBRAkjKxFfCz4jBAQMP2AUDRR3JAQNFyFzHjQXFxQYUChjBU5XXyU0E19JdyIWDB5saBIMGmx/UQMdM3NDRA0hIRxfCDIgBwMRKScCBV8kL0oPFisnGw4YdHwxV1dha0VSUSl/RkdKE2tFUhU4IAIaXGN+D1pPDnhDR0-oTa0VSCydrRCNAZ2BHS1xjfhAHGjohUlA/Y35GUklgfkZHS2EoHhAcNyEPR0sXd0FMSXc7SlM HTTP/1.1
Host: dt3y1f1i1disy.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cvxwaslonejulyha.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 601
date: Thu, 29 Aug 2024 22:42:54 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tDHAOXTlL_i6-Kng2eFfzcNE32wo1X9r7mfjZDq0l1mM8uf5MrNJNw==
X-Firefox-Spdy: h2

dt3y1f1i1disy.cloudfront.net/SN3hFajRUFysMC0MRIVcFB019UwQFXjUYUVFFNwVZRB4wBBpUFyhMXkQXKxoJRB83AwJdTn1adnBeMRBQCkhjBlVZH3hMUVkbeFsSVhwnVwARDSRXWVgCLAZYVl13LAEZSGBYBB8AdFsRBDpgWARbESsfTBJKdRIMASdzXhEEOmBYBEUOYFl1Dk5rWh0SSn-UNUVQTKk8GcUp1WwQHSXVbEQVIIwNGUh4qEhEFPnxcGgdeMFcF

143.204.42.202

192 B

URL
dt3y1f1i1disy.cloudfront.net/SN3hFajRUFysMC0MRIVcFB019UwQFXjUYUVFFNwVZRB4wBBpUFyhMXkQXKxoJRB83AwJdTn1adnBeMRBQCkhjBlVZH3hMUVkbeFsSVhwnVwARDSRXWVgCLAZYVl13LAEZSGBYBB8AdFsRBDpgWARbESsfTBJKdRIMASdzXhEEOmBYBEUOYFl1Dk5rWh0SSn-UNUVQTKk8GcUp1WwQHSXVbEQVIIwNGUh4qEhEFPnxcGgdeMFcF
IP
143.204.42.202:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
192 B (192 bytes)
Hash
1bb6c416bdcb36ae756329cda30fcf1d
9c54a8c3a96726770ddb7cb2b6ded64bf4afc99f
724567ef255bc4c96ca3268faa105435e345572025add88153dbe5c64892f368

HTTP Headers

GET /SN3hFajRUFysMC0MRIVcFB019UwQFXjUYUVFFNwVZRB4wBBpUFyhMXkQXKxoJRB83AwJdTn1adnBeMRBQCkhjBlVZH3hMUVkbeFsSVhwnVwARDSRXWVgCLAZYVl13LAEZSGBYBB8AdFsRBDpgWARbESsfTBJKdRIMASdzXhEEOmBYBEUOYFl1Dk5rWh0SSn-UNUVQTKk8GcUp1WwQHSXVbEQVIIwNGUh4qEhEFPnxcGgdeMFcF HTTP/1.1
Host: dt3y1f1i1disy.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getrunkhomuto.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 192
date: Thu, 29 Aug 2024 22:42:54 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: W_6uIFB_QNatYvd4gtCYuvEpp5R4U4oa9MYY9z-FW9Zdjv_I1Wjk6A==
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4871c7e0e56aaacd6f5a6341b8b43374
a53d5ac99a9cdc16e0c8bc6e7abf794e68fe721e
6e46681c40596015f75799eb4703ff67dd95313929ccd0bded92144524781b65

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Aug 2024 22:42:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=Ab5oB3q06XF_9goEn4sxCEHMUvy71XPDog4Rgycch8RUK0qUvhP9_JtJz-epHqCySKRe6jLz2MxD

64.233.163.84

302 Found

418 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=Ab5oB3q06XF_9goEn4sxCEHMUvy71XPDog4Rgycch8RUK0qUvhP9_JtJz-epHqCySKRe6jLz2MxD
IP
64.233.163.84:443
ASN
#15169 GOOGLE

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
FingerprintBF:81:A1:2A:1D:B9:BA:98:48:CC:71:D4:22:44:39:74:64:A4:07:BC
ValidityMon, 05 Aug 2024 07:20:02 GMT - Mon, 28 Oct 2024 07:20:01 GMT

File type
HTML document, ASCII text, with very long lines (386)
Size
418 B (418 bytes)
Hash
4c306431c8a10556e6d1988f89e62c32
a992da9472b7f3d30d65878635cb543c84a96f33
ee57e40193b3f47ae437d5c7444125bbe0ebfc1c239fda8f8f41be7770eeabed

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=Ab5oB3q06XF_9goEn4sxCEHMUvy71XPDog4Rgycch8RUK0qUvhP9_JtJz-epHqCySKRe6jLz2MxD HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://romsfun.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:lIsViPNtnmxW2RMCrV_ZH159iiZ2Pw:3R5zwvt5MltaNyl2;Path=/;Expires=Sat, 29-Aug-2026 22:42:54 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Aug 2024 22:42:54 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=Ab5oB3q3w1yhWXGSeZiOCYguPOQ7zbk6Pz9TgxuQCgwDrs6HoqOabmk5rpB1pTw8KokLHi9tXJRx&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S70040093%3A1724971374252563&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-_tjbYMCp9oxmBsRVTSVYMg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 418
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=Ab5oB3rtmdGRxNE6LV97aw4BVuq7VuItXGKRorGz7F0VoLCCHnx-WqeB56pW24YKw0B93fNPtGgw

64.233.163.84

302 Found

421 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=Ab5oB3rtmdGRxNE6LV97aw4BVuq7VuItXGKRorGz7F0VoLCCHnx-WqeB56pW24YKw0B93fNPtGgw
IP
64.233.163.84:443
ASN
#15169 GOOGLE

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
FingerprintBF:81:A1:2A:1D:B9:BA:98:48:CC:71:D4:22:44:39:74:64:A4:07:BC
ValidityMon, 05 Aug 2024 07:20:02 GMT - Mon, 28 Oct 2024 07:20:01 GMT

File type
HTML document, ASCII text, with very long lines (392)
Size
421 B (421 bytes)
Hash
afeadc47661ffd56b7ab661075543c23
3829fe538220bc02b7503b762c38586b5f9f500d
fe0af58382410fb93fb8214a933e8de4ea0551fed09522e32c0660f350efdfc9

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=Ab5oB3rtmdGRxNE6LV97aw4BVuq7VuItXGKRorGz7F0VoLCCHnx-WqeB56pW24YKw0B93fNPtGgw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://romsfun.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:trK5kpNmbKbexgSwOwPVgo-T71G2Zg:s-RD8s7aa8On1S4i;Path=/;Expires=Sat, 29-Aug-2026 22:42:54 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Aug 2024 22:42:54 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=Ab5oB3pd0sXI1bo6kfMT8SU59GjokWW-nZVBQBUVh3FSTeNoI75BPPZJDlih6UpbDDgmJY3ln4jd&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1713966384%3A1724971374253325&ddm=1
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-PAbBPXbWYX4lioTkUxwDgw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 421
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET yusiswensaidoh.info/popunder.gif

104.21.25.216

58 B

URL GET
yusiswensaidoh.info/popunder.gif
IP
104.21.25.216:0
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectyusiswensaidoh.info
FingerprintBF:62:28:5A:EE:99:27:BB:3A:0C:E9:72:0D:DD:62:45:ED:8B:26:3E
ValidityTue, 09 Jul 2024 04:17:21 GMT - Mon, 07 Oct 2024 04:17:20 GMT

File type
GIF image data, version 89a, 1 x 1
Size
58 B (58 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: yusiswensaidoh.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:54 GMT
content-type: image/gif
content-length: 58
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
cf-cache-status: HIT
age: 35463
last-modified: Thu, 29 Aug 2024 12:51:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Stki6kWMZBrG695ZMEwg7N7AshXP0obYTgil%2FraS9hUeLBgX%2F1GrMqZEGxhHJmbSAMXLKjJd2ImAQ8FfTvjDDMlS68QeGAc4M8z5OvhzQOqdK0ukLnK4jAq0o4l3ktMgrWgWtMB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bb00e937dae56a8-OSL
alt-svc: h3=":443"; ma=86400

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
bb5e9405671b53b4e83ea35107d596c2
0137160e22736d3b47d6d0a8e4c0c6745547e822
2acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Fri, 30 Aug 2024 01:32:55 GMT
Date: Thu, 29 Aug 2024 22:42:56 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
bb5e9405671b53b4e83ea35107d596c2
0137160e22736d3b47d6d0a8e4c0c6745547e822
2acdad34338bf8b93c35557e9d821022e6a9c770a6dea0b4f08e83281be315e0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2ACDAD34338BF8B93C35557E9D821022E6A9C770A6DEA0B4F08E83281BE315E0"
Last-Modified: Wed, 28 Aug 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10199
Expires: Fri, 30 Aug 2024 01:32:55 GMT
Date: Thu, 29 Aug 2024 22:42:56 GMT
Connection: keep-alive

GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=Ab5oB3pd0sXI1bo6kfMT8SU59GjokWW-nZVBQBUVh3FSTeNoI75BPPZJDlih6UpbDDgmJY3ln4jd&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1713966384%3A1724971374253325&ddm=1

64.233.163.84

403 Forbidden

8.4 kB

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=Ab5oB3pd0sXI1bo6kfMT8SU59GjokWW-nZVBQBUVh3FSTeNoI75BPPZJDlih6UpbDDgmJY3ln4jd&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1713966384%3A1724971374253325&ddm=1
IP
64.233.163.84:443
ASN
#15169 GOOGLE

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subject*.google.com
FingerprintB6:BD:DB:2F:59:38:3C:25:02:05:98:69:CE:1B:5D:42:0B:8A:F8:09
ValidityMon, 05 Aug 2024 06:37:26 GMT - Mon, 28 Oct 2024 06:37:25 GMT

File type
gzip compressed data, max compression
Size
8.4 kB (8394 bytes)
Hash
60e8e73f7dd852bb3687911bd5e467a4
98a6e6c0011bc0c427a43ba627f9dd59508bc0a7
6931393702f6563bac0363fe3449dd9447b5e850e716bbfd924fc56edee78284

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=Ab5oB3pd0sXI1bo6kfMT8SU59GjokWW-nZVBQBUVh3FSTeNoI75BPPZJDlih6UpbDDgmJY3ln4jd&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1713966384%3A1724971374253325&ddm=1 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://romsfun.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Aug 2024 22:42:54 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-t9L65HMeKTJiYWsTI67bhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.Vs2WUWD9gQo.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=Ab5oB3q3w1yhWXGSeZiOCYguPOQ7zbk6Pz9TgxuQCgwDrs6HoqOabmk5rpB1pTw8KokLHi9tXJRx&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S70040093%3A1724971374252563&ddm=0

64.233.163.84

403 Forbidden

6.0 kB

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=Ab5oB3q3w1yhWXGSeZiOCYguPOQ7zbk6Pz9TgxuQCgwDrs6HoqOabmk5rpB1pTw8KokLHi9tXJRx&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S70040093%3A1724971374252563&ddm=0
IP
64.233.163.84:443
ASN
#15169 GOOGLE

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subject*.google.com
FingerprintB6:BD:DB:2F:59:38:3C:25:02:05:98:69:CE:1B:5D:42:0B:8A:F8:09
ValidityMon, 05 Aug 2024 06:37:26 GMT - Mon, 28 Oct 2024 06:37:25 GMT

File type
gzip compressed data, max compression
Size
6.0 kB (6018 bytes)
Hash
eac98cb5e95a11daf768bd0ec7529e18
82f22d80eb552f1332a5956641e969f44eb15a33
9cdb06182b26fff6522a41c02666bd16126706c5ed400a24c16bb14cfc6e65ef

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=Ab5oB3q3w1yhWXGSeZiOCYguPOQ7zbk6Pz9TgxuQCgwDrs6HoqOabmk5rpB1pTw8KokLHi9tXJRx&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S70040093%3A1724971374252563&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://romsfun.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Aug 2024 22:42:54 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-WtHZKoJiLMe_-ZqKuw3RTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.clR4MTyL-is.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET romsfun.com/wp-includes/js/jquery/jquery-migrate.js?ver=3.4.1

104.26.13.236

200 OK

19 kB

URL GET HTTP/3
romsfun.com/wp-includes/js/jquery/jquery-migrate.js?ver=3.4.1
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
JavaScript source, ASCII text, with very long lines (2434)
Size
19 kB (19183 bytes)
Hash
318a8652a313c02b1d19f46b7ef1e426
afc5e61e6185848646a929a2287386a788870329
82815a7dba0c18a1092121e80005ee37b0390b8b755a6dc8ba03e199ed3a2501

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.js?ver=3.4.1 HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=31978
etag: W/"66573ef8-7cea"
expires: Mon, 23 Sep 2024 14:44:35 GMT
last-modified: Wed, 29 May 2024 14:43:04 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 460698
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mk1cij6Y90miDVNY3MD3Rs7pf2pTjdHpe90VP3Nnh1Dj6IUMx3RaqMAf%2FZyka9K4iySmqY4lwPb8unxIpfoAEyBAZa1dgcLEoxHhxHr92dk3nWlFu0Ee18qX2ipkiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a4a0cb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/themes/romsfun/js/bootstrap.min.js?ver=1.5

104.26.13.236

200 OK

166 kB

URL GET HTTP/3
romsfun.com/wp-content/themes/romsfun/js/bootstrap.min.js?ver=1.5
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type

Size
166 kB (166355 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/themes/romsfun/js/bootstrap.min.js?ver=1.5 HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: application/javascript
last-modified: Fri, 17 Nov 2023 06:56:04 GMT
vary: Accept-Encoding
etag: W/"65570e84-289d3"
expires: Mon, 23 Sep 2024 14:44:36 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
content-encoding: gzip
cf-cache-status: HIT
age: 460697
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JgwQwPTi5YJLjtDZUg2SO%2F%2FZ9l4mr2huZV3cNR3IppoUZFbKriPgIBGmNFoc%2BZEMOOCxp5d8LfRFCvyodSG6JsJutm3yNpSmK4DhkyDGf38BsgbOlu2pUNlQlu0kkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a6a22b509-OSL
alt-svc: h3=":443"; ma=86400

GET pogothere.xyz/asd100.bin

172.67.220.203

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.67.220.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectpogothere.xyz
Fingerprint07:B6:9C:F9:CF:D9:C8:A6:57:9C:E3:13:F4:CD:43:4A:94:CE:06:6A
ValidityTue, 23 Jul 2024 05:27:01 GMT - Mon, 21 Oct 2024 05:27:00 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://romsfun.com/
Origin: https://romsfun.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 29 Aug 2024 22:42:54 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://romsfun.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3578
last-modified: Thu, 29 Aug 2024 21:43:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynXRvn1%2FbTZ%2BhZ0m%2BVgAk1Fz4zGfP4B1Y88EWggOHTGab48nWw9Csq%2FrdQJYLWWXn%2BAkkv%2FXecYwoHiiR8lpvsrg9BtQ21%2BOMNS4bptiKp2mms2pxZFn79EuJ8S7O7OA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bb00e8fea4f56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET romsfun.com/wp-includes/css/dist/block-library/style.css?ver=6.6.1

104.26.13.236

200 OK

112 kB

URL GET HTTP/3
romsfun.com/wp-includes/css/dist/block-library/style.css?ver=6.6.1
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type

Size
112 kB (112230 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-includes/css/dist/block-library/style.css?ver=6.6.1 HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=120559
etag: W/"669ffa72-1d6ef"
expires: Mon, 23 Sep 2024 14:44:35 GMT
last-modified: Tue, 23 Jul 2024 18:46:10 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 460698
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j1dlEfWAjFyVybg67BijOmEIn%2F2N9Fl%2Fem%2BFRiiWWk%2FAPxccU4rf8gyEYeCpygDjBnaK2%2By3sXznNFThQ4Ps9JL8%2FVWMDdBzoN010u7aGwtDaFsiTD6L14DYrra6Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a4a00b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET pogothere.xyz/

172.67.220.203

200 OK

26 B

URL GET HTTP/2
pogothere.xyz/
IP
172.67.220.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectpogothere.xyz
Fingerprint07:B6:9C:F9:CF:D9:C8:A6:57:9C:E3:13:F4:CD:43:4A:94:CE:06:6A
ValidityTue, 23 Jul 2024 05:27:01 GMT - Mon, 21 Oct 2024 05:27:00 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
cb35d4ff2385148983c8132dc2e65488
8f777bef042268ab9b80ef6dbf12fd15ce5bee2c
ff4a7af2c0e6788d7e05d16a6e0fab3af25a861709e99d5e7bd3540c1954d433

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://romsfun.com/
Origin: https://romsfun.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 29 Aug 2024 22:42:54 GMT
content-type: text/plain
set-cookie: csu=914894999406754@1@1724971374; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://romsfun.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CzZ5ozZgiR4d%2F14eYUKxj6%2BHpMyw0DOXhzx2oV2%2Fszz27OXl%2ByUkpsYpPlY1BvnqlYgyipi1cErfyN6E6HcL%2B7OumJmw1gX7yEKgcPwQXmOFDbxbQwX72v4KH%2FUL%2FRPw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8fea5156b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET romsfun.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?

104.26.13.236

200 OK

7.7 kB

URL GET HTTP/3
romsfun.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
JavaScript source, ASCII text, with very long lines (7725), with no line terminators
Size
7.7 kB (7725 bytes)
Hash
2d34f719d5cdc306697986d0246db767
99d4ebd340efee814ec35f76537a81f519a3bda9
16d5b7dab311bb845cc1acdbb361c392a4d67947496774c4af95961d8e663158

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js? HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z85yUahsHQvvENTEfSsOxAYlVyl4oPQV%2FwIKuIL543E4ubBZUK6C10D44rmsjOjfGc41KNsYPWMUHEJo%2BNkZbJsh46%2BHoT0uE7s36Go2QCoZ8E9S%2FFXTs4asgPJY%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bb00e8d7d61b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/themes/romsfun/js/site.js?ver=1.5

104.26.13.236

200 OK

7.3 kB

URL GET HTTP/3
romsfun.com/wp-content/themes/romsfun/js/site.js?ver=1.5
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
JavaScript source, ASCII text, with very long lines (7367), with no line terminators
Size
7.3 kB (7305 bytes)
Hash
866081e4776dc5812b790c57a1888445
7d74714ef202d116b3b984023678674c129a5b42
c4426a3208c9c140cb90a8ce126b12ea2a4c81cac09a696733ac31c958a4d7e5

HTTP Headers

GET /wp-content/themes/romsfun/js/site.js?ver=1.5 HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=9269
etag: W/"65570e84-2435"
expires: Mon, 23 Sep 2024 14:44:36 GMT
last-modified: Fri, 17 Nov 2023 06:56:04 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 460697
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pBA6AWnMCAAvwhXoL2quCPwvuE%2Be1UFUpph1cJSR%2F%2BK9L5WpJP%2BTCEadAHKOHeNZ5sHl9WLinMxP5kNji5iOKjuTKq3onQ7Mq%2FhyUbxzgRHjn24KG7zszICJ7jHXxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a6a24b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-includes/js/jquery/jquery.js?ver=3.7.1

104.26.13.236

200 OK

141 kB

URL GET HTTP/3
romsfun.com/wp-includes/js/jquery/jquery.js?ver=3.7.1
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
JavaScript source, ASCII text, with very long lines (1210)
Size
141 kB (141386 bytes)
Hash
15d149d159697f14f22caca6467e2174
22b596ae7aad63a4118c6304b9e4587b246b80a0
508a8d88a4db7b5ef87b1d5b6fc60e56b7c5384b75b75b10e77f298ea108b510

HTTP Headers

GET /wp-includes/js/jquery/jquery.js?ver=3.7.1 HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=285334
etag: W/"66573ef8-45a96"
expires: Mon, 23 Sep 2024 14:44:35 GMT
last-modified: Wed, 29 May 2024 14:43:04 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 460698
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f7IQ4SCAEKMQcmuTaZFKYFhHGpg78r9Vhv7F%2FRr3Ma9ZWd8wDFjwwyMGSyk1ohvhVDC62W5PTUiQ0LQximrZoruBu%2F9eU2fYom3wKOgX3I8Ek%2Be1d6ggwy8bl%2BzS8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a4a0ab509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

POST romsfun.com/wp-admin/admin-ajax.php

104.26.13.236

200 OK

1.2 kB

URL POST HTTP/3
romsfun.com/wp-admin/admin-ajax.php
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
ASCII text, with very long lines (1229), with no line terminators
Size
1.2 kB (1153 bytes)
Hash
9b8d6e21d938872b093eb772873ca7ef
94cc74ad4906eacfcfa923b6a89a713798659ffb
b058394466f88aae114cdc4457be6f415cff8eb709a11b6d3c3165090ba72ddf

HTTP Headers

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 21
Origin: https://romsfun.com
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://romsfun.com
access-control-allow-credentials: true
x-robots-tag: noindex
x-content-type-options: nosniff, nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L0LtiVaLuawplfovfossrBGhyzxC%2BsPnP5s5wRnsddr2mODfy8Fo7cxg3cFXcmiF5LkkM6oG2kM6rK2o9seJtbA9l3ccB0Fnnf3NuAZ2ni49EV7sj4fOp8sMp3hAFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8d5d51b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/uploads/2021/04/rom.png

104.26.13.236

200 OK

2.6 kB

URL GET HTTP/3
romsfun.com/wp-content/uploads/2021/04/rom.png
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
PNG image data, 128 x 128, 8-bit colormap, non-interlaced
Size
2.6 kB (2591 bytes)
Hash
d14d3e1f8c5c8fc726bc8b650827bb40
9c3c0d2be47e19589e8af25497b81ccb3a18164b
ae1392507a987bd964acac758984be348583ba30abb261034264bff51376d714

HTTP Headers

GET /wp-content/uploads/2021/04/rom.png HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: image/png
content-length: 2591
last-modified: Sat, 30 Oct 2021 17:07:29 GMT
etag: "617d7bd1-a1f"
expires: Thu, 26 Sep 2024 20:55:43 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 179230
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LVXdg91MuGyHsR7mExd8uG8DGBax0VuUFV%2FNmSWjowsVRZnrHbHFYgvuBFN0eVz%2B%2BMNUnG%2FUGvzuDzhKRzQH5zWhzX%2Fpi6EmrHxz9aTkqqxKK%2Bur7sMcWeXrbaefqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bb00e8f2f23b509-OSL
alt-svc: h3=":443"; ma=86400

GET romsfun.com/wp-content/themes/romsfun/style.css?ver=1.5

104.26.13.236

200 OK

15 kB

URL GET HTTP/3
romsfun.com/wp-content/themes/romsfun/style.css?ver=1.5
IP
104.26.13.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Certificate
IssuerGoogle Trust Services
Subjectromsfun.com
Fingerprint9A:F7:25:B5:F6:98:9D:C5:04:0B:DA:19:C1:19:BA:4F:50:94:3F:E7
ValiditySat, 17 Aug 2024 05:49:15 GMT - Fri, 15 Nov 2024 05:49:14 GMT

File type
ASCII text, with very long lines (14648), with no line terminators
Size
15 kB (14648 bytes)
Hash
fabdfcfad39aca293f739d3922ead311
b33c606f5f516c75eee5d0970358400c94b27524
a6c3ad3689ef34118c6bedae55c05d8f8b60ab6d8fbcb476d514d66ae7dd0f6c

HTTP Headers

GET /wp-content/themes/romsfun/style.css?ver=1.5 HTTP/1.1
Host: romsfun.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://romsfun.com/download/need-for-speed-most-wanted-4-40992/2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 29 Aug 2024 22:42:53 GMT
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=20512
etag: W/"65846e85-5020"
expires: Mon, 23 Sep 2024 14:44:35 GMT
last-modified: Thu, 21 Dec 2023 16:57:41 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 460698
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TAdRMOyiuHRMLU4YjNJ%2FnKmbFaPIap7cbcRZzBsLwVQvW3BBXfJg%2FW3UnmwMNiq30brdiRH%2BvndsztGkwPeK4CH33VkQzLzADsLUIxFjCmVu9CR7eA6IkYtAu7li6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bb00e8a4a08b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by