Report - afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh

Report Overview

Visited public
2024-10-21 00:09:09
Tags
URL
afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Finishing URL
afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
IP / ASN
104.21.58.242
#13335 CLOUDFLARENET
Title
afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
uqqmj868.xyz	unknown	2024-09-24	2024-10-14	2024-10-14	497 B	810 B	188.114.96.1
arleavannya.com	unknown	2024-01-22	2024-01-22	2024-10-16	4.3 kB	6.7 kB	139.45.197.248
offpichuan.com	unknown	2023-03-30	2023-03-31	2024-10-20	1.0 kB	4.8 kB	139.45.197.237
epededonemile.com	unknown	2024-07-08	2024-10-14	2024-10-14	517 B	14 kB	3.164.230.98
grixaign.top	unknown	2024-01-19	2024-01-19	2024-10-15	16 kB	654 kB	188.114.96.1
videothumbs.me	unknown	2024-03-25	2024-03-25	2024-10-20	425 B	22 kB	172.67.138.198
xkacs5av.xyz	unknown	2024-08-01	2024-10-19	2024-10-19	399 B	72 kB	104.21.38.193
click-v4.exclkplat.com	unknown	2023-02-20	2024-03-08	2024-10-13	528 B	200 B	198.134.116.17
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-10-16	425 B	741 B	139.45.195.8
ofklefkian.com	unknown	2024-01-25	2024-01-25	2024-10-20	496 B	485 B	139.45.197.251
afl3ua5u.xyz	unknown	2024-07-30	2024-10-16	2024-10-16	7.0 kB	1.3 MB	104.21.58.242
be7713.rcr82.waw05.cdn112.com	unknown	2023-05-27	2023-05-27	2024-10-16	2.3 kB	3.0 MB	178.171.122.244
lernodydenknow.info	unknown	2023-12-31	2024-01-24	2024-10-14	524 B	785 B	108.157.229.103
datatechonert.com	46154	2021-12-24	2021-12-24	2024-10-16	536 B	479 B	185.49.145.45

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-20	medium	arleavannya.com	Sinkholed
2024-10-20	medium	arleavannya.com	Sinkholed
2024-10-20	medium	arleavannya.com	Sinkholed
2024-10-20	medium	arleavannya.com	Sinkholed
2024-10-20	medium	arleavannya.com	Sinkholed
2024-10-20	medium	arleavannya.com	Sinkholed
2024-10-20	medium	arleavannya.com	Sinkholed
2024-10-20	medium	arleavannya.com	Sinkholed
2024-10-20	medium	arleavannya.com	Sinkholed
2024-10-20	medium	ofklefkian.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (52)

	URL	From	Size	First Seen	Last Seen
	afl3ua5u.xyz/js/jquery.js	ScriptElement	90 kB	2023-03-07	2025-05-14
Pretty URL afl3ua5u.xyz/js/jquery.js IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-14 02:55 Times Seen206258 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	140 B	2024-10-21	2024-10-21
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-21 00:09 Last Seen2024-10-21 00:09 Times Seen1 Hash 2a2d5a0daada8fd949415c3a72dde6a1 e848dc206e2a9a13b235cff59a4aa7315eb746e2 01ab23f7282a910d0d4b88fc3f39fe6bf3d8d0b1ea34d09754597f3ec1156c6c Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	514 B	2024-04-13	2025-04-05
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-13 15:29 Last Seen2025-04-05 17:24 Times Seen460 Hash 9f65a1ea61c99521274aa8cae75cf64c 8f6c4b1e4d6b97ba85a557d2303f501cf834fe96 63d1ba1f37f9df17aa589c2b237b36897935faf9c1263c90b1baf149ea8374c1 Loading...

	afl3ua5u.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3	ScriptElement	38 B	2023-03-07	2025-05-12
Pretty URL afl3ua5u.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3 IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-05-12 05:44 Times Seen773 Hash 99eccae6afa72c589ae54b5c3890282a 0f102f8f5b556635de65d16cf70fa8269c6761b4 b74a58316385de04b054737776e71c160cd60d2d01b5440b32c21651fb0ab8d3 Loading...

	grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884	ScriptElement	133 B	2023-11-23	2024-10-25
Pretty URL grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-23 16:23 Last Seen2024-10-25 19:20 Times Seen1350 Hash a398de6ae1c8b51691128a5fea1343cc 155cbbc64f751554cef59bd9439f631cf030186f 847eb8323b3f14c51320009e4d29352aa3e475c765952e6537ca7335177b70aa Loading...

	grixaign.top/js/_rtc.18eb00dc.js	ScriptElement	12 kB	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/_rtc.18eb00dc.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10896 Hash 5c5f3060cd93784f5fa50afe6afc74d6 75e3b31d4f51eb81f248f6b839b6d72d914ab135 c95a1d56c4d585ba485463a4d4061e64b1e46d17f4b9e83cab0f95302cba65fe Loading...

	grixaign.top/js/v-index.mjs.50c8d69e.js	ScriptElement	35 kB	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/v-index.mjs.50c8d69e.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10890 Hash 5c080e9f349f6d33d5c403bc10184fe1 60f3e3a155ea4ece476a55514b2787c1fb8d4079 77475e9048319c715ea626739ad44bd16d6372dd0ec5c3584334edd3c38aa6d4 Loading...

	grixaign.top/js/s-checkSessionStorageAvailable.ts.080f6a89.js	ScriptElement	330 B	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/s-checkSessionStorageAvailable.ts.080f6a89.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10890 Hash 7f47bb5a56d927f57d86d548d09cd40e 4f03f6114c1ab423c76a97866d32c70995a5e898 c05ab2c9f4705b6fa04130002332d765f6e5450d7990f3e26425890c053f62f0 Loading...

	grixaign.top/js/v-attributes-to-props.js.5847b9cb.js	ScriptElement	702 B	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/v-attributes-to-props.js.5847b9cb.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10890 Hash c8f9fb2ed7bd006c3d7cc42d76c6e7ae 806b3544282c62d48a7b1265e0bdf7ec3700c8c1 b9afc8a496fb345df0e1b8976ce1cf147720effeed0eca9c1343b5749171c82e Loading...

	afl3ua5u.xyz/js/jquery.cookie.js	ScriptElement	4.3 kB	2023-03-07	2025-05-12
Pretty URL afl3ua5u.xyz/js/jquery.cookie.js IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-12 05:44 Times Seen1585 Hash ae0c2c5d8f01f7d35bb698bb618a62f7 63556a22ddea1c5f23a5cf7d0b6d35c7aab54e20 75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc Loading...

	xkacs5av.xyz/js/cortega.js	ScriptElement	71 kB	2024-10-21	2024-10-23
Pretty URL xkacs5av.xyz/js/cortega.js IP 104.21.38.193 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-21 00:09 Last Seen2024-10-23 06:24 Times Seen10 Hash 34d3cb60ba84e720c3fdeec227e4046b cbc2bfb4513bf32f9ce018f48abed7c37299779f 9cdb7e206c84c7b7cb4396bbe124e745e9c8082946ecceb8209afbc1e4645362 Loading...

	grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884	ScriptElement	1.8 kB	2024-03-23	2024-10-25
Pretty URL grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-23 20:19 Last Seen2024-10-25 19:20 Times Seen728 Hash 55944d93b2b7ed332a4d495ad34eb0b3 247fa02eb29be85a1967d3ca87311052ad7aea7a f65c0ef6d06565a2f2525d76f5b32939fcf37b31bf5b372ac3e42ed885c8eb7c Loading...

	grixaign.top/js/v-possibleStandardNamesOptimized.js.11ece07d.js	ScriptElement	7.6 kB	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/v-possibleStandardNamesOptimized.js.11ece07d.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10890 Hash c529058720318ac3409a4112cbabf570 33ffefb6174bb08382dc49046eb7c08ded366f59 ff443296217803a32ec8998536f81a0d0b88e38f7eabb4d7076eececf93f1668 Loading...

	grixaign.top/pfe/current/stattag.js	ScriptElement	19 kB	2024-01-17	2024-10-26
Pretty URL grixaign.top/pfe/current/stattag.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-17 11:23 Last Seen2024-10-26 20:44 Times Seen3714 Hash 3a74216e872211a9c770302bb7d4a63f 7e63556174a7d66eee407218e503ec0aae2c0f9e 03405209d89a927b81d53eb13968663069760776389c5400bb79d11bd9f78f78 Loading...

	grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884	ScriptElement	773 B	2024-09-27	2024-10-25
Pretty URL grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-27 05:29 Last Seen2024-10-25 19:20 Times Seen63 Hash c508258ec6b232049b7ca395feef8549 3c5e971039d303d5edc8df3946e6b82ecee002fa ab1aff2a9e655addfa6667d229ae853c8f9599f4cee9e146f2bbf07ddb9a33b7 Loading...

	grixaign.top/js/_each-land-config.a12b95fb.js	ScriptElement	75 kB	2024-09-25	2024-10-26
Pretty URL grixaign.top/js/_each-land-config.a12b95fb.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-25 13:58 Last Seen2024-10-26 20:44 Times Seen8097 Hash 6ab281e44ee56df6438a28112c975f32 e1ab37b44e6adb7cb779bc776b78c6d34ec4a710 5b18e5e5a46c30be8c22f3026e9fee5bd51b4e5f4be49bad03debab224a6d5a3 Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	202 B	2024-09-28	2024-10-22
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-28 15:48 Last Seen2024-10-22 14:18 Times Seen55 Hash 08ec990324e6295f26a70e74d5254348 79839bda6830f2e6d6d56ce96930d23396790f06 3623365e514ff5aa0f5ed7a7e40bbec8762b4615e703dda72114fb2443ccc3e2 Loading...

	afl3ua5u.xyz/player/jw8_26/provider.hlsjs.js?v=2	ScriptElement	423 kB	2024-04-13	2025-05-11
Pretty URL afl3ua5u.xyz/player/jw8_26/provider.hlsjs.js?v=2 IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 15:29 Last Seen2025-05-11 22:54 Times Seen498 Hash 0f95e38aa7bb0943693b51bd6a7deed0 26c89f76894108f76ad23af32ecc6b1e708993ba 1b1263b7061aaca7fe0b69168b16cb2401a7fe2ada08ccfdd373ee06c7d125b1 Loading...

	grixaign.top/js/v-index.js.5b2ca3be.js	ScriptElement	41 kB	2024-09-20	2024-10-26
Pretty URL grixaign.top/js/v-index.js.5b2ca3be.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-20 12:49 Last Seen2024-10-26 20:44 Times Seen10260 Hash 215cd3b327ba30435f9c0ff3ca47b922 6a04322915142458451f3ad8cd2d4f21a2b857c8 35d59eabc6466988a49bf79a938c60970d56358d939def8d16e6c930af0b2a72 Loading...

	grixaign.top/js/config/sd/sd-5671-en.js?v=10	ScriptElement	4.1 kB	2024-09-21	2024-10-25
Pretty URL grixaign.top/js/config/sd/sd-5671-en.js?v=10 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-21 15:53 Last Seen2024-10-25 18:38 Times Seen30 Hash 71db2b3b384e2b19205dc7e1665915d6 6285f7dd407436b6ec31a91b8077215660f97fcf e215c4463f59e90bb961bc1205c0c0fa1cf4d7775dfbf27f86b99cb7703cd723 Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	258 B	2024-10-08	2024-12-31
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-08 13:07 Last Seen2024-12-31 19:38 Times Seen123 Hash 47e574848430ac650959aadf82894692 729fbfb3360326f829f4b8afdf84d025c4f414af 64cc090a104bd6938abcee688b92a8497ee32190bd9c277d80dcbf9ec74006a3 Loading...

	afl3ua5u.xyz/player/jw8_26/jwplayer.core.controls.js?v=2	ScriptElement	327 kB	2024-03-12	2025-05-11
Pretty URL afl3ua5u.xyz/player/jw8_26/jwplayer.core.controls.js?v=2 IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-12 19:48 Last Seen2025-05-11 22:54 Times Seen761 Hash fee77850b6b254569cf03f43a4dfdde4 35841d306d3404fbef6825371ffdbcd992ade913 50b22ddf7e9cf49716e33660cc9de3c2bbf3cb90f203d8af93810f8f97bdee3f Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	111 B	2024-10-08	2024-10-28
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-08 13:07 Last Seen2024-10-28 09:07 Times Seen112 Hash 0e497e8a4bfbd18004add59c513be3ef 717ba09d7cb507ac12e973cc4bdccb4d905129d5 4fd443a904c4cc7f8547d369967b842fc3ab4a3f82a7202537260d2bfea9769a Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	43 B	2023-03-08	2025-05-11
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:46 Last Seen2025-05-11 22:54 Times Seen526 Hash 4f98cf8486a8beb4d2d271b8e9304216 112dd81cdd24e37a4554c9a5c5327b30a476acf8 77b18c051d8450512853f4643dd7ac0e4c3205b7ec4cd1373ca5ad0dd2f470c3 Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	154 B	2023-03-08	2025-05-11
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:46 Last Seen2025-05-11 22:54 Times Seen523 Hash d882b49167571a8dc4de310e0b2e623d 426f496e1155dfab34840a7a467866838448c8d0 6dc67eafa621e57610ed67c02b1c0c5532e495dfe555dcade99fb81b6744899b Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	1.5 kB	2023-03-08	2025-01-20
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:46 Last Seen2025-01-20 03:59 Times Seen484 Hash 36e0f7e5e53c5804e2188799d503746b 6a1df181d1324e3bd50ce865861a990cbe185c7b 3685002591a539aa34044215aac57a04d32a0f485bdf1719223803c4a5198dcb Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	4.6 kB	2024-10-15	2024-10-21
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-15 12:34 Last Seen2024-10-21 05:51 Times Seen4 Hash 6d328f05035d3f541fcbda55bf0ac894 f71a4c582b9dee061cedd908bd85506a8ddee7a1 490ce2045f26412d3fc0f2f8fb29d6662e4e91b35531904d408b032f1d346ab9 Loading...

	grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884	ScriptElement	2.5 kB	2024-07-10	2024-10-25
Pretty URL grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-10 18:56 Last Seen2024-10-25 19:20 Times Seen210 Hash 43f1c505392882ab192d6855015b3528 99ba105aae48687e23f0e6b845379fd2b4b08042 b7801010d661771d56da5412c8b13d88926b498009ea84b4bd5106fcbda67c5e Loading...

	grixaign.top/js/v-utilities.js.a456b741.js	ScriptElement	2.6 kB	0001-01-01	2024-10-28
Pretty URL grixaign.top/js/v-utilities.js.a456b741.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2024-10-28 13:21 Times Seen10518 Hash 1e2b0a0fc525d08a93a9d8213823fcb8 85b092acdde4cbf6f4302838fc0ca173b0999694 9a6425f5b6ae1755e9bbd2bc626301977ae333cfe6f3ffddcdb13946cc5de202 Loading...

	grixaign.top/js/v-domparser.js.2f998fb8.js	ScriptElement	1.7 kB	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/v-domparser.js.2f998fb8.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10892 Hash bacaf103248319bc704a58548d3d8e1e c4dbf338d5cbc10c25ed32054e2e4099bbcb5287 2d7fedd370cd3164d6cdb12ae31333d04d34b69c84eb0d81dbe143e45ee6d495 Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	60 B	2023-03-07	2025-05-11
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:59 Last Seen2025-05-11 22:54 Times Seen523 Hash 47a7df3210911e27dfdc28583faa9264 fb289b528d31f67e951e5415dd4e0cfca739b654 f46f00646225f54664e4d7bb625fb06dbcfc86904826cd3382efa56c4d524ddc Loading...

	afl3ua5u.xyz/player/jw8_26/jwplayer.js?v=5.0.2	ScriptElement	111 kB	2024-04-13	2025-05-11
Pretty URL afl3ua5u.xyz/player/jw8_26/jwplayer.js?v=5.0.2 IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 15:29 Last Seen2025-05-11 22:54 Times Seen498 Hash f91de142eed44442bad231961488c5d0 ea6c79968011a5b59e444d792f7ab048a1f7e31d b3031ee0f2674c203fe1400df12a96148c4bed344553fc9063c3846ba8466295 Loading...

	grixaign.top/js/v-redux-toolkit.esm.js.61510496.js	ScriptElement	11 kB	2024-09-20	2024-10-28
Pretty URL grixaign.top/js/v-redux-toolkit.esm.js.61510496.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-20 12:49 Last Seen2024-10-28 13:21 Times Seen10522 Hash bcd7372f51c7e725335ac2b99f5669e1 2b15ed1e1a3762c3a5c99572e75fd0007ad2a8a0 40ff34e4603dfa933b0e2a1174b7a0e24c2311166bb1cf9ffc8b005f0245e1df Loading...

	grixaign.top/js/survey-dating.4e867f97.js	ScriptElement	13 kB	2024-09-25	2024-10-25
Pretty URL grixaign.top/js/survey-dating.4e867f97.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-25 18:03 Last Seen2024-10-25 19:20 Times Seen66 Hash cc18c36b70873d3e85056478312a7029 0c8bc9f9cb93d532222d1ec50f8a4a20214494b5 00cd64c8155ecc05a876914d57c46d6114e7aa2d8a5f198c512f47b0123dc271 Loading...

	grixaign.top/js/v-node.js.b3f20640.js	ScriptElement	6.3 kB	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/v-node.js.b3f20640.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10889 Hash 34ea0907efd338e9e0d8ea46afb66c98 c96e3471fe33e9652881932062583f3d1c1ff531 1d525de9457160ed5ea2528a1bc72f1217706cce001e85f77be6011b3ec1afc2 Loading...

	grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884	ScriptElement	96 B	2023-10-08	2024-10-28
Pretty URL grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-08 13:44 Last Seen2024-10-28 13:21 Times Seen27089 Hash 1c21f8c6a7c78b7e67c5272c65c97f91 1a2eb15ee36a8f8b7160358a304ccf575b571074 0af800d9d96b01d9183737d36c4e01792913fdcd393bc56727f1e9be39730fc2 Loading...

	grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884	ScriptElement	238 B	2023-08-12	2024-10-25
Pretty URL grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-12 18:45 Last Seen2024-10-25 19:20 Times Seen1687 Hash 74a28a18aeb8b73050d3e7fc31cee875 4ada21a49fb402e1befdf047f5b9a5db0c827e30 05419b431ded7c661c166befba794f8a387de03fbea12381fe6089ec646411fc Loading...

	grixaign.top/js/_core-survey.51ef2056.js	ScriptElement	156 kB	2024-09-26	2024-10-26
Pretty URL grixaign.top/js/_core-survey.51ef2056.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-26 16:01 Last Seen2024-10-26 20:44 Times Seen7687 Hash 3ca9e28891a7aa9d49f69d652b17db74 24c614982727641a639443255cad9d76e1aba9d6 e28ddb16530d3ced764410f2cdc275c0b308a73edd31bd12de8a447fbdece9be Loading...

	grixaign.top/js/v-dom-to-react.js.0eca2a35.js	ScriptElement	1.1 kB	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/v-dom-to-react.js.0eca2a35.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10889 Hash dc8fc82300322899a76036aa8627e4f4 a07bd7b384d7ca25588ac17be4ee58a90eda2a53 7977d75d0f2b2aac689546784dd83968f7d35e0b988bbd072a2315c8a2862bbc Loading...

	grixaign.top/js/SurveyContainer.e2953ccc.js	ScriptElement	57 kB	2024-09-25	2024-10-26
Pretty URL grixaign.top/js/SurveyContainer.e2953ccc.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-25 13:58 Last Seen2024-10-26 20:44 Times Seen8089 Hash ac89d4ead0df295f23227a401509695d e3be2e31b83c25ac5301112274abc065d4a63e92 1a0d3353433bae380dcbd40effbb01b63b1a5593017a591bf268ff3dc953229c Loading...

	afl3ua5u.xyz/js/bafsd.js	ScriptElement	14 kB	2024-10-04	2025-05-11
Pretty URL afl3ua5u.xyz/js/bafsd.js IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-04 15:55 Last Seen2025-05-11 22:54 Times Seen241 Hash c2432aca90e92e0370d2ded2545eb1fa 8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb 89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5 Loading...

	grixaign.top/js/s-storageService.js.05cc15a0.js	ScriptElement	2.2 kB	2024-09-25	2024-10-28
Pretty URL grixaign.top/js/s-storageService.js.05cc15a0.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-25 13:58 Last Seen2024-10-28 13:21 Times Seen8337 Hash 60b02596dea145543c6e3fcd3369662d bcdf4bec13b38423ed7e51fcba633ecd24759047 7337b8fb84142131a56ba48f4d404aec9c574e4098bd0b93225f5024347f997f Loading...

	grixaign.top/js/v-react-dom.production.min.js.e532a3ff.js	ScriptElement	129 kB	2024-07-10	2024-10-26
Pretty URL grixaign.top/js/v-react-dom.production.min.js.e532a3ff.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 21:07 Last Seen2024-10-26 20:44 Times Seen10549 Hash c2cf402b45a2670a7c49fff904dae02e f56f5968f7aa6eff91d85d7f11e97a46790dd684 6bcbf6c0a1c5a41aba18b241fe9ea09e935110665fada43402ffbc91de3e23e0 Loading...

	grixaign.top/js/v-constants.js.23082895.js	ScriptElement	600 B	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/v-constants.js.23082895.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10889 Hash 38b0375b70bb96d12cc97c37f9b14eb4 95ba2b2c545e8c0a22e4e2c308a28d079e8202ad cbf2ed7d20c68b61aa1a676ba1c3b614f82a229e9b6f22cc3589e5d468eb1a30 Loading...

	afl3ua5u.xyz/js/xupload.js	ScriptElement	11 kB	2023-03-07	2025-03-25
Pretty URL afl3ua5u.xyz/js/xupload.js IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24 Last Seen2025-03-25 20:59 Times Seen494 Hash 2609e3a9490dcfe748407d3af317c472 af55b2b16e9190e09407f67ffae4ca705ea6f112 c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d Loading...

	afl3ua5u.xyz/js/ls.js	ScriptElement	2.1 kB	2023-03-07	2025-05-11
Pretty URL afl3ua5u.xyz/js/ls.js IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42 Last Seen2025-05-11 22:54 Times Seen589 Hash f6784d7271569579cbc7e508fddb3fbb 61be0722316952e865893972791486e26961cdda 96f2f3c87be4a0582def1b5e1e9e19aa0529adb7fd9277cede56c1eefd906d01 Loading...

	grixaign.top/js/s-checkLocalStorageAvailable.ts.f85cd6f6.js	ScriptElement	330 B	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/s-checkLocalStorageAvailable.ts.f85cd6f6.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10891 Hash 0bf28c2389793b8e590e0b73148bed3f 954c255e52e406833ca4f283f3ca4841ea17de6c 55c66a7cf2788e49fce8ac8aa8c2dcc8e6096911e56211f17624eb57f153ff02 Loading...

	afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh	ScriptElement	6.5 kB	2024-10-21	2024-10-21
Pretty URL afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-21 00:09 Last Seen2024-10-21 00:09 Times Seen1 Hash 28226be9ee3152923f8573c6af736291 5eaae487032030548f93abf6322dca5c622a1734 9151ad458038a87380e589d9ab08243660f1b937e07c6809bffb2aab669ffec9 Loading...

	afl3ua5u.xyz/player/jw8/vast.js	ScriptElement	107 kB	2023-09-18	2025-05-11
Pretty URL afl3ua5u.xyz/player/jw8/vast.js IP 104.21.58.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 06:50 Last Seen2025-05-11 22:54 Times Seen326 Hash 3cd85ca1814c3fd976764bf6b83b989d 90e931622205c6adfbc75cfe681563a127580f05 2e4fe3d8b3565a3f8b5ec0ecfe0e5f26a756401b6847dd475327793da41897f5 Loading...

	grixaign.top/js/v-html-to-dom.js.6f877ef8.js	ScriptElement	364 B	2024-07-10	2024-10-28
Pretty URL grixaign.top/js/v-html-to-dom.js.6f877ef8.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-10 18:56 Last Seen2024-10-28 13:21 Times Seen10890 Hash 2c246fbf964ef076df635e736b5a326d 5df106f4ba371db07c94e4cb77c5176e7c39a5c6 db4884db299689db4f3d465bccecf829da42dea2f7acdce9accfebd7351602df Loading...

	grixaign.top/pfe/current/micro.tag.min.js?z=5953353&sw=/sw/sw5953353.js&var=6993465&var_3=null&var_4=null&ymid=1029916&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000	ScriptElement	27 kB	2024-01-17	2024-10-26
Pretty URL grixaign.top/pfe/current/micro.tag.min.js?z=5953353&sw=/sw/sw5953353.js&var=6993465&var_3=null&var_4=null&ymid=1029916&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-17 10:52 Last Seen2024-10-26 20:44 Times Seen3178 Hash 75c26ccd65e96e912725399ff3ce66e9 d300939979d2048844dc5ac80c51ed8121126f4e c9db5c92934b273ad485c58710d6fbc2d580c2923a99bb456b18cb5e1465f5cf Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0424f2fd259d58c1d1936a8bc7768f05	7.8 kB	2024-10-21 00:09	2024-10-21 00:09
Pretty Observations First Seen2024-10-21 00:09 Last Seen2024-10-21 00:09 Times Seen1 Hash 0424f2fd259d58c1d1936a8bc7768f05 eeb7c961d3da62376661b15a8aa33520e0490ca1 1334241752e702f19ffd084ba1a4b502a014b519c679d222eae6e2502190c377 Loading...

HTTP Transactions (77)

URL IP Response Size

afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh

104.21.58.242

200 OK

6.9 kB

URL User Request GET HTTP/2
afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
JavaScript source, ASCII text, with very long lines (6545), with CRLF, LF line terminators
Size
6.9 kB (6885 bytes)
Hash
7436c80393fa9e22652dd109e18427a3
6f939e0debf9a8d3cecaf7895ec26aa68b12a5e6
3a052863a8ca6ba5afcba59a07c9fe420289111ae14bfd90282baa734f694de9

HTTP Headers

GET /brr/aeerjgxp0v11?referer=bflix.sh HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 21 Oct 2024 00:08:41 GMT
content-type: text/html; charset=UTF-8
expires: Sun, 20 Oct 2024 00:08:41 GMT
set-cookie: lang=1; domain=.afl3ua5u.xyz; path=/; HttpOnly
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FiYjxfA%2BHYumlyXmhZDnYrEW1hPma%2BTJJbjPASIiM3GyJQjHYeLfMY7s4z6jlIgaKhZwdETht488hcV4ZnX%2F2XpENJfOkmjNMiyH6WneErQm0Q6HPHYQ2%2FXH3ubaKMs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03bbca4bb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25111&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3204&recv_bytes=1141&delivery_rate=261198&cwnd=254&unsent_bytes=0&cid=bd066d6b360ea36c&ts=334&x=0"
X-Firefox-Spdy: h2

afl3ua5u.xyz/js/jquery.cookie.js

104.21.58.242

200 OK

142 kB

URL GET HTTP/3
afl3ua5u.xyz/js/jquery.cookie.js
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
ASCII text
Size
142 kB (142129 bytes)
Hash
ae0c2c5d8f01f7d35bb698bb618a62f7
63556a22ddea1c5f23a5cf7d0b6d35c7aab54e20
75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 May 2011 12:53:56 GMT
etag: W/"4de4e4e4-10eb"
expires: Wed, 23 Oct 2024 05:26:04 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412958
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X82uBi4%2Fv1PeQYwNl9rc7iQ1%2BfRi699LcN3QHd%2FTYRx6cILhEf32Q3FLYWbsOpzBjN6n%2BhGAT%2F%2BvBQPsptgV%2BA0Go201H%2FWTCJc7AyEPTO0CDdxDSJYQ7AgoXfYm3r8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03bfcc0356ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20042&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16235&recv_bytes=3085&delivery_rate=33831&cwnd=12000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=314&x=1", cfExtPri, cfHdrFlush;dur=33

be7713.rcr82.waw05.cdn112.com/hls2/01/04701/aeerjgxp0v11_x/master.m3u8?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p=

178.171.122.244

200 OK

300 B

URL GET HTTP/1.1
be7713.rcr82.waw05.cdn112.com/hls2/01/04701/aeerjgxp0v11_x/master.m3u8?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p=
IP
178.171.122.244:443
ASN
#174 COGENT-174

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectcdn112.com
FingerprintBF:1B:3E:F6:7F:6E:FD:9C:0A:46:8A:AF:5D:BF:95:13:CA:EB:F4:C7
ValidityFri, 20 Sep 2024 01:55:16 GMT - Thu, 19 Dec 2024 01:55:15 GMT

File type
M3U playlist, ASCII text
Size
300 B (300 bytes)
Hash
6a8a8fb3c84d1ac7f888b3a26406fc88
1f84120ede880ae5048dc4f5e8baa898f030de9e
4259b67792caaa301e7cc1ac9a394da9546e8170de47483534e15c22d22d860f

HTTP Headers

GET /hls2/01/04701/aeerjgxp0v11_x/master.m3u8?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p= HTTP/1.1
Host: be7713.rcr82.waw05.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://afl3ua5u.xyz
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Oct 2024 00:08:42 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Mon, 21 Oct 2024 00:08:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 21 Oct 2024 00:58:20 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip

be7713.rcr82.waw05.cdn112.com/hls2/01/04701/aeerjgxp0v11_x/index-v1-a1.m3u8?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p=

178.171.122.244

200 OK

2.1 kB

URL GET HTTP/1.1
be7713.rcr82.waw05.cdn112.com/hls2/01/04701/aeerjgxp0v11_x/index-v1-a1.m3u8?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p=
IP
178.171.122.244:443
ASN
#174 COGENT-174

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectcdn112.com
FingerprintBF:1B:3E:F6:7F:6E:FD:9C:0A:46:8A:AF:5D:BF:95:13:CA:EB:F4:C7
ValidityFri, 20 Sep 2024 01:55:16 GMT - Thu, 19 Dec 2024 01:55:15 GMT

File type
M3U playlist, ASCII text
Size
2.1 kB (2104 bytes)
Hash
08cdc89dbf1c0a4fc197a1c9f8c055d3
6d9fa64f0d0d7f99e4f0eb5702286f93db079974
446207af080e296175695be8358d250027129d7edf56d652168fd1f62aa91d5a

HTTP Headers

GET /hls2/01/04701/aeerjgxp0v11_x/index-v1-a1.m3u8?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p= HTTP/1.1
Host: be7713.rcr82.waw05.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://afl3ua5u.xyz
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Oct 2024 00:08:42 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Mon, 21 Oct 2024 00:08:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 21 Oct 2024 00:58:20 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip

be7713.rcr82.waw05.cdn112.com/hls2/01/04701/aeerjgxp0v11_x/encryption.key?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p=

178.171.122.244

200 OK

16 B

URL GET HTTP/1.1
be7713.rcr82.waw05.cdn112.com/hls2/01/04701/aeerjgxp0v11_x/encryption.key?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p=
IP
178.171.122.244:443
ASN
#174 COGENT-174

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectcdn112.com
FingerprintBF:1B:3E:F6:7F:6E:FD:9C:0A:46:8A:AF:5D:BF:95:13:CA:EB:F4:C7
ValidityFri, 20 Sep 2024 01:55:16 GMT - Thu, 19 Dec 2024 01:55:15 GMT

File type
data
Size
16 B (16 bytes)
Hash
4df03f77edb6553b69043b4ab238b954
fe65358620394b08b7b011ce2d9fec6b809e29df
681c4c7412b4513a8dc857e0595022ebb15be26403853e1daa9d5cad5a72e75b

HTTP Headers

GET /hls2/01/04701/aeerjgxp0v11_x/encryption.key?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p= HTTP/1.1
Host: be7713.rcr82.waw05.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://afl3ua5u.xyz
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Oct 2024 00:08:42 GMT
Content-Type: application/octet-stream
Content-Length: 16
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Mon, 21 Oct 2024 00:58:21 GMT
ETag: "5f693e80-10"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes

be7713.rcr82.waw05.cdn112.com/hls2/01/04701/aeerjgxp0v11_x/seg-1-v1-a1.ts?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p=

178.171.122.244

200 OK

3.0 MB

URL GET HTTP/1.1
be7713.rcr82.waw05.cdn112.com/hls2/01/04701/aeerjgxp0v11_x/seg-1-v1-a1.ts?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p=
IP
178.171.122.244:443
ASN
#174 COGENT-174

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectcdn112.com
FingerprintBF:1B:3E:F6:7F:6E:FD:9C:0A:46:8A:AF:5D:BF:95:13:CA:EB:F4:C7
ValidityFri, 20 Sep 2024 01:55:16 GMT - Thu, 19 Dec 2024 01:55:15 GMT

File type
data
Size
3.0 MB (2957248 bytes)
Hash
1225289ee4ba979f5c9ba0573dbc710a
0d6fbc5be229868b23fc3e7c300af70d1c888eab
5dc3bf99066943ded86a127e20c69348df0d48254f24dffd9daa316ef98c62f4

HTTP Headers

GET /hls2/01/04701/aeerjgxp0v11_x/seg-1-v1-a1.ts?t=ZduBJrP--3_nLzOhc5LWr0KMWgXX5xa-1FRVPLzroPk&s=1729469321&e=10800&f=23508829&srv=23&asn=50304&sp=5500&p= HTTP/1.1
Host: be7713.rcr82.waw05.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://afl3ua5u.xyz
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Oct 2024 00:08:43 GMT
Content-Type: video/MP2T
Content-Length: 2957248
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Mon, 21 Oct 2024 00:58:21 GMT
ETag: "5f693e80-2d1fc0"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes

afl3ua5u.xyz/adcgi?id=79500527

104.21.58.242

504 Gateway Timeout

6.3 kB

URL GET HTTP/3
afl3ua5u.xyz/adcgi?id=79500527
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
HTML document, ASCII text, with very long lines (394)
Size
6.3 kB (6323 bytes)
Hash
0af7bfff598f7b40246c7978e9d5cda2
b5a97259aa1c92aa253c37d5f0789d5564cbffc1
58610bd0b29d9af9afa6a03a627125c1e9c81f953b1521ee433ddc44304d69cd

HTTP Headers

GET /adcgi?id=79500527 HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 504 Gateway Timeout
date: Mon, 21 Oct 2024 00:08:43 GMT
content-type: text/html; charset=UTF-8
content-length: 6323
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pWSPafhCg2nERK39uSOqLq6opz3hHpH3jKj8tXieu%2FGkMPCe3uvL7jm46viY1gDGEAN%2FsWfAa%2BNcafOOuooLgdpJaKsdhExR8kzRsFMfFrMsFRCvMztY%2B1BVJqQcmgM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 8d5d03c8595d56ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19670&sent=339&recv=30&lost=0&retrans=0&sent_bytes=370748&recv_bytes=5319&delivery_rate=23738&cwnd=192000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=1811&x=1", cfExtPri, cfHdrFlush;dur=0

uqqmj868.xyz/

188.114.96.1

302 Found

0 B

URL GET HTTP/2
uqqmj868.xyz/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectuqqmj868.xyz
Fingerprint80:B4:6F:5F:E3:AB:82:94:A6:D1:DE:33:8A:98:26:6B:A3:88:64:8D
ValidityTue, 24 Sep 2024 06:01:54 GMT - Mon, 23 Dec 2024 06:01:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: uqqmj868.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 21 Oct 2024 00:08:48 GMT
content-type: text/html; charset=UTF-8
location: https://epededonemile.com/?fmon=1076462
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ihoVJeivEvimh8jaqzczo5tp9F2ZhTL1Yk09BJqDTP5%2BmrP2Ecrk0a6Ro8ycQ6eL5jnJr1Wfssah4A6wDrZeXBsHK3QjCiC2L1RHJMncC8LSBawjXxUJTBWVI0sa1VA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03e45fd95695-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=17077&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3278&recv_bytes=1258&delivery_rate=260947&cwnd=254&unsent_bytes=0&cid=9fda010fe9e359be&ts=72&x=0"
X-Firefox-Spdy: h2

click-v4.exclkplat.com/click?i=gyXDpgc9jWk_0

198.134.116.17

302 Found

0 B

URL GET HTTP/1.1
click-v4.exclkplat.com/click?i=gyXDpgc9jWk_0
IP
198.134.116.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGlobalSign nv-sa
Subject*.exclkplat.com
Fingerprint94:5B:F7:90:77:1F:86:D6:29:43:9F:F6:4F:7D:28:26:3C:22:92:27
ValidityTue, 05 Mar 2024 10:21:00 GMT - Sun, 06 Apr 2025 10:20:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=gyXDpgc9jWk_0 HTTP/1.1
Host: click-v4.exclkplat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://afl3ua5u.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 21 Oct 2024 00:08:49 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://lernodydenknow.info/redirect?tid=1029916

lernodydenknow.info/redirect?tid=1029916

108.157.229.103

302 Found

0 B

URL GET HTTP/2
lernodydenknow.info/redirect?tid=1029916
IP
108.157.229.103:443
ASN
#16509 AMAZON-02

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerAmazon
Subjectlernodydenknow.info
Fingerprint0B:53:BB:D6:51:E9:8D:1C:38:77:BA:75:C6:18:21:E5:31:71:DC:5B
ValidityWed, 24 Jan 2024 00:00:00 GMT - Fri, 21 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?tid=1029916 HTTP/1.1
Host: lernodydenknow.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://afl3ua5u.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
date: Mon, 21 Oct 2024 00:08:49 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=0f94d5f6-7e7c-43bf-97a0-8a863d9e4e59
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: MUXWi5wHY6ytusoJZ9lKSZkKJtoeWTITRzWkmtkWGR5jcUeq6kb6IA==
X-Firefox-Spdy: h2

grixaign.top/img/dating/location.png

188.114.96.1

200 OK

1.5 kB

URL GET HTTP/3
grixaign.top/img/dating/location.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
PNG image data, 61 x 98, 8-bit colormap, non-interlaced
Size
1.5 kB (1517 bytes)
Hash
66875cfbf3b97c6e58aae28214e8adef
7bfcfa2c8d5ea6c1a4a64ed7f2c85261213c4cf5
4e4d3c81874840a43119f58352787b0091a22499ad67694a1c4f531f0b47203e

HTTP Headers

GET /img/dating/location.png HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/png
content-length: 1517
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-5ed"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TA8BYX3Q4mrJrZUcU45ikzvTosf4PnEhhETpb%2BT%2FhtmVpKFEQAjTTUhpo3bI5FhafaSYjZtUS6mJ4uC9e0xhjF4iMWjt%2FZ2W%2FZnWkFGp%2FZb5acn4d1l80x9g%2BouHvi4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f24e4f712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=60&recv=25&lost=0&retrans=0&sent_bytes=40411&recv_bytes=5760&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=299&x=1", cfExtPri, cfHdrFlush;dur=33

grixaign.top/img/dating/anna.webp

188.114.96.1

200 OK

14 kB

URL GET HTTP/3
grixaign.top/img/dating/anna.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x499, Scaling: [none]x[none], YUV color, decoders should clamp
Size
14 kB (13976 bytes)
Hash
2de563c3cbee5c2322c8ac8a2b081cd0
f281d6a51e1f9910211fa24f9f8c6b2b893fe76c
b6fc298a9e5ceb3e5533137e2439179adc97db2278cdf2c07baac25e711bab27

HTTP Headers

GET /img/dating/anna.webp HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/webp
content-length: 13976
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-3698"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rBK17VdG7czROjV5BnQCkESCFd8Cmq76tPBAdmITK5YOP7ICfHzRnt1Rl44nEvGfOooq0%2Fe2LZROPPw6%2F1AK9%2BydbMgBbCv6Il6kt798s6feZuZLvKyOZ6W5UFmjSYw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f25e56712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=61&recv=26&lost=0&retrans=0&sent_bytes=40437&recv_bytes=6020&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=304&x=1", cfExtPri, cfHdrFlush;dur=28

grixaign.top/img/dating/milana.webp

188.114.96.1

200 OK

8.5 kB

URL GET HTTP/3
grixaign.top/img/dating/milana.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x375, Scaling: [none]x[none], YUV color, decoders should clamp
Size
8.5 kB (8522 bytes)
Hash
a720c0311818090ac5d0011ac1ee9169
23303f8fa9932fe369b39e9c92503147cb6b9526
d47c3085088b0964867de396473c6552befe6f13ad3946718f76f7ff8a781b6d

HTTP Headers

GET /img/dating/milana.webp HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/webp
content-length: 8522
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-214a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=llOV2pM8T1E4Bt5Z9YLJA%2FHHmbNXtFm7htE64tzRDh5C1s8PFbqlctcO04VfLIb8Wl%2FXhoqc%2FFyYf0bW1%2BBuqydN8XP2ExyI9ACzR%2BBG%2BkIUkiOwyYN5Mewf2YhBkyU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f25e58712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=61&recv=26&lost=0&retrans=0&sent_bytes=40437&recv_bytes=6020&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=304&x=1", cfExtPri, cfHdrFlush;dur=28

grixaign.top/img/dating/adriana.webp

188.114.96.1

200 OK

10 kB

URL GET HTTP/3
grixaign.top/img/dating/adriana.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp
Size
10 kB (10520 bytes)
Hash
a72acf36a318a48fae3269a70e595350
c89b823e53a6aca172a8998621f7767838586c25
5800f01a47e4c9266b23e3c9bc9d1cba7ca6a7860405d70bbe67c47bcea2cec0

HTTP Headers

GET /img/dating/adriana.webp HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/webp
content-length: 10520
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-2918"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95G1mVksS4XWf5r7Sl4m6iHgVZZ4yzC7Om%2Bzl%2FbEW2MPgFTsr%2FZcUb106mjkxf%2FetWmohega%2FZcqmfWFH%2F43SnkvTc6n3863phFeJtRUdCdy%2BMwGXLAgAGRkiHEWBbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f25e5b712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=61&recv=26&lost=0&retrans=0&sent_bytes=40437&recv_bytes=6020&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=303&x=1", cfExtPri, cfHdrFlush;dur=29

grixaign.top/img/dating/jayden.webp

188.114.96.1

200 OK

4.9 kB

URL GET HTTP/3
grixaign.top/img/dating/jayden.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x241, Scaling: [none]x[none], YUV color, decoders should clamp
Size
4.9 kB (4912 bytes)
Hash
1b1a762ced577ff1ae9c8e28f871f413
dd14acfc0e7b93dc6d2ca9ef13bbfd8682f62eba
7ab7205c68dd0cc636ba0be7046e43f266c131cd8725cc9857b7bb801f3113c3

HTTP Headers

GET /img/dating/jayden.webp HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/webp
content-length: 4912
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-1330"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=enYW4EXbkhQHzmSEqhRzUQLyWyqr7CYsmH3X3uoJ8KOnGQU0ptSVvt6AHeD%2FrpQPSq48H%2BdxRhd15oZvQ04fnX%2BLQLnR1ORR0hqmsS5MYRHmoCH%2FeYvON8%2BcBh7O6gw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f25e5c712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=61&recv=26&lost=0&retrans=0&sent_bytes=40437&recv_bytes=6020&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=304&x=1", cfExtPri, cfHdrFlush;dur=28

grixaign.top/img/dating/jessica.webp

188.114.96.1

200 OK

20 kB

URL GET HTTP/3
grixaign.top/img/dating/jessica.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x390, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (20200 bytes)
Hash
32015af3744ecf213e5d89661f763e88
258614fc256b6fac24fb952e4c0364ccfd309553
d9d561a628dfa01b112d7ab632da73d2270de5fae7549cc196ed0112fbbb9ebb

HTTP Headers

GET /img/dating/jessica.webp HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/webp
content-length: 20200
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-4ee8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x0l3NlAFprr4BdOO%2BrYjH8sco4D7seuH1usJRmwQnBEPhLA%2F8eTM7uPOIhdEHVwFJjlNrwnooJOhnU93342nVq79nFXT5pi3uThYwoW5TTRbb%2B82zlRDhgthohp4AXA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f24e4a712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=61&recv=26&lost=0&retrans=0&sent_bytes=40437&recv_bytes=6020&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=301&x=1", cfExtPri, cfHdrFlush;dur=11

grixaign.top/img/dating/melisa.webp

188.114.96.1

200 OK

33 kB

URL GET HTTP/3
grixaign.top/img/dating/melisa.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 554x414, Scaling: [none]x[none], YUV color, decoders should clamp
Size
33 kB (32782 bytes)
Hash
41c64b4dd274f6057d54efcc99fc9c27
dfabde2e691ff0f264258a0f3974a5d6a36d66ae
d31231e53199c4e75d6f82e839cdb38984b266121574c55ce85c1612f78b4278

HTTP Headers

GET /img/dating/melisa.webp HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/webp
content-length: 32782
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-800e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DZ%2BWc5Ntb1StEEymgnxUe9GuFVQNaEIUsprQBdap4DuJDCmIVIuMuQeVDYCK%2Fv6oF9rJESR8bqmjCj294Tq10JX3WY2F%2BtAMRLkIBUsxsKQpamUrdHRnTfm6jYJrPq8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f25e61712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=61&recv=26&lost=0&retrans=0&sent_bytes=40437&recv_bytes=6020&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=305&x=1", cfExtPri, cfHdrFlush;dur=27

grixaign.top/img/dating/tiffany.webp

188.114.96.1

200 OK

17 kB

URL GET HTTP/3
grixaign.top/img/dating/tiffany.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 507x500, Scaling: [none]x[none], YUV color, decoders should clamp
Size
17 kB (17412 bytes)
Hash
121e18066a90b04b590f94d59737fb63
85be91d1428a759286aa1b9cc827c978c522415d
3cfacc85bcfc651f7052c2cc7b378ae530f27b39e88ca4e58b67816f497bad30

HTTP Headers

GET /img/dating/tiffany.webp HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/webp
content-length: 17412
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-4404"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xC96voPVARhD%2B3u1oHO4RggRMkviOacSYaxqj8kO0CJLB%2B%2FvRjScUwbucoJ%2F%2Bp%2FobvxzcsxWW36yEVB4OfcCfZigz%2F69m5Tlouv7dqzkpoRTQPMKm7uGtiZFURmLoVs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f25e62712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=61&recv=26&lost=0&retrans=0&sent_bytes=40437&recv_bytes=6020&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=306&x=1", cfExtPri, cfHdrFlush;dur=50

grixaign.top/img/dating/jasmine.webp

188.114.96.1

200 OK

32 kB

URL GET HTTP/3
grixaign.top/img/dating/jasmine.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x620, Scaling: [none]x[none], YUV color, decoders should clamp
Size
32 kB (31474 bytes)
Hash
933dec2aaa8b66537ee5dbec726302b7
9d60a68e7a99263f101289bfb941c656f14d2333
03a5e38911a4cf7978c712bd809511e68327f909d5a5249df9bd75ae54f7897b

HTTP Headers

GET /img/dating/jasmine.webp HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/webp
content-length: 31474
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-7af2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aAU1eM9Iy7%2Bnt1H81njxscY2iBdidg50l16SzVQc8%2FI3zkky1CBLK%2B5idIVsmmyuPJ9la3Wi6Bc6BSB3x7DplOpgRtVxhtVh3uAU0ZV00mj%2Fdj2kuwiQANXMA8oBfds%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f25e64712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=61&recv=26&lost=0&retrans=0&sent_bytes=40437&recv_bytes=6020&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=307&x=1", cfExtPri, cfHdrFlush;dur=49

grixaign.top/js/_each-land-config.a12b95fb.js

188.114.96.1

200 OK

42 kB

URL GET HTTP/3
grixaign.top/js/_each-land-config.a12b95fb.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (41460 bytes)
Hash
6ab281e44ee56df6438a28112c975f32
e1ab37b44e6adb7cb779bc776b78c6d34ec4a710
5b18e5e5a46c30be8c22f3026e9fee5bd51b4e5f4be49bad03debab224a6d5a3

HTTP Headers

GET /js/_each-land-config.a12b95fb.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=75046
etag: W/"66f56515-12526"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2B6h7SK2p5yIj%2FiavF1AGlV2ZE%2Fkj0CGC0Gv8pp6qBFumEeY2UYaXVgIQBRgtle7jNyZv11sf0a2zD4Nkw5TvNNQh1SuIvCPoJLTtQKwhRzivlUeF4Bk5z684oSjjoM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f23e3a712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19942&sent=29&recv=15&lost=0&retrans=0&sent_bytes=16227&recv_bytes=3166&delivery_rate=29407&cwnd=12000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=285&x=1", cfExtPri, cfHdrFlush;dur=7

grixaign.top/js/survey-dating.4e867f97.js

188.114.96.1

200 OK

5.5 kB

URL GET HTTP/3
grixaign.top/js/survey-dating.4e867f97.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (13283), with no line terminators
Size
5.5 kB (5542 bytes)
Hash
cc18c36b70873d3e85056478312a7029
0c8bc9f9cb93d532222d1ec50f8a4a20214494b5
00cd64c8155ecc05a876914d57c46d6114e7aa2d8a5f198c512f47b0123dc271

HTTP Headers

GET /js/survey-dating.4e867f97.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-33e3"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ekdr03HXI43ZaneZphtv2YN6IRvdd6CKbZWjK4Cbw%2FJ0l4FXFhLCZ%2FRDntgtOVvernTDVPs1pVwoJP4LkgX9PErLzrvjypLSDlPqUKv7cx5GYEMlZ%2FEp%2FC2dAUWhxvs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f23e45712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20961&sent=46&recv=20&lost=0&retrans=0&sent_bytes=28427&recv_bytes=4241&delivery_rate=25308&cwnd=18000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=293&x=1", cfExtPri, cfHdrFlush;dur=19

my.rtmark.net/gid.js?userId=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint59:49:A1:C9:C3:99:98:FC:2D:E7:4A:9E:86:83:A6:DE:2E:C3:8A:B6
ValidityFri, 30 Aug 2024 01:00:45 GMT - Thu, 28 Nov 2024 01:00:44 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
c97769a9482cb863b2bbd31532e8a2cb
ad3495717a29a49611e0529d139e4469e8e8ba5e
fc051452df60815022f634bd3bb5d953dced2274ba42926407922ecdf5fbf6bf

HTTP Headers

GET /gid.js?userId=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://grixaign.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8; expires=Tue, 21 Oct 2025 00:08:50 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

grixaign.top/css/survey-dating.77b63812.css

188.114.96.1

200 OK

13 kB

URL GET HTTP/3
grixaign.top/css/survey-dating.77b63812.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
ASCII text, with very long lines (27787), with no line terminators
Size
13 kB (13311 bytes)
Hash
ee945ebf4de130e4e4c6f3c53d2f3733
bf062d5689ab9d5c5b2e6bd0c055416198f896ca
fc4662f6f7d5aac7cda0f7fc07c042c5334cb74a9fd6aea1526026be698cfc0d

HTTP Headers

GET /css/survey-dating.77b63812.css HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=27797
etag: W/"66f56515-6c95"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KspCSLRT5x%2B4OhrA2eyzazRB6rNH0IEjhNl%2Fda7Gl5C2KOfsVGBVOstawCU%2Bw5D5ab%2BwrwvFZVBLptpi9KFFnmXetedH2Cy9m%2BveaBL5KmQSlRfK0qyVrzc0S8ztUg8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f24e49712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=61&recv=26&lost=0&retrans=0&sent_bytes=40437&recv_bytes=6020&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=300&x=1", cfExtPri, cfHdrFlush;dur=12

grixaign.top/js/SurveyContainer.e2953ccc.js

188.114.96.1

200 OK

15 kB

URL GET HTTP/3
grixaign.top/js/SurveyContainer.e2953ccc.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (57298), with no line terminators
Size
15 kB (15393 bytes)
Hash
ac89d4ead0df295f23227a401509695d
e3be2e31b83c25ac5301112274abc065d4a63e92
1a0d3353433bae380dcbd40effbb01b63b1a5593017a591bf268ff3dc953229c

HTTP Headers

GET /js/SurveyContainer.e2953ccc.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=57301
etag: W/"66f56515-dfd5"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H7Q2hiOU5fdvNai4JBqeCydV0xvId8RHKSa3e%2B9RWNq69OvBJ2xP1sDqtPFysmC2NMkhf3u6txrInr%2BgRafTHTtNODzYp%2B405%2F4hWEn1rjkN4m0DkXsIKvfR2o8Bdgs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f47839712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18705&sent=356&recv=55&lost=0&retrans=0&sent_bytes=359739&recv_bytes=10146&delivery_rate=109241&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=645&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/_core-survey.51ef2056.js

188.114.96.1

200 OK

44 kB

URL GET HTTP/3
grixaign.top/js/_core-survey.51ef2056.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
44 kB (44282 bytes)
Hash
3ca9e28891a7aa9d49f69d652b17db74
24c614982727641a639443255cad9d76e1aba9d6
e28ddb16530d3ced764410f2cdc275c0b308a73edd31bd12de8a447fbdece9be

HTTP Headers

GET /js/_core-survey.51ef2056.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=156329
etag: W/"66f56515-262a9"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7fPHfWpVmKPWt2BfipsvOPrPj759yZUGWuX48fdiBusEeD4vXTykZnfx0mwrRxErm1ARvtJP%2F0%2BOYrJGRrGsMIoxBSlyvjd3DY6hDpHMVfUDQPz0lTf8o%2FRTzgQ%2BxLg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f23e43712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20961&sent=46&recv=20&lost=0&retrans=0&sent_bytes=28427&recv_bytes=4241&delivery_rate=25308&cwnd=18000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=293&x=1", cfExtPri, cfHdrFlush;dur=1

arleavannya.com/sync-metrics

139.45.197.248

200 OK

0 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
FingerprintC0:6A:AF:FC:8E:82:E4:C6:BD:B5:6C:BA:93:63:EC:28:9D:55:2F:8C
ValidityTue, 15 Oct 2024 19:07:58 GMT - Mon, 13 Jan 2025 19:07:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:50 GMT
content-length: 0
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

0 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
FingerprintC0:6A:AF:FC:8E:82:E4:C6:BD:B5:6C:BA:93:63:EC:28:9D:55:2F:8C
ValidityTue, 15 Oct 2024 19:07:58 GMT - Mon, 13 Jan 2025 19:07:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:50 GMT
content-length: 0
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

0 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
FingerprintC0:6A:AF:FC:8E:82:E4:C6:BD:B5:6C:BA:93:63:EC:28:9D:55:2F:8C
ValidityTue, 15 Oct 2024 19:07:58 GMT - Mon, 13 Jan 2025 19:07:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:50 GMT
content-length: 0
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

grixaign.top/js/v-utilities.js.a456b741.js

188.114.96.1

200 OK

1.6 kB

URL GET HTTP/3
grixaign.top/js/v-utilities.js.a456b741.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (2577), with no line terminators
Size
1.6 kB (1590 bytes)
Hash
1e2b0a0fc525d08a93a9d8213823fcb8
85b092acdde4cbf6f4302838fc0ca173b0999694
9a6425f5b6ae1755e9bbd2bc626301977ae333cfe6f3ffddcdb13946cc5de202

HTTP Headers

GET /js/v-utilities.js.a456b741.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-a11"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ePHcJZO2sH172osXPozDv99VbKy6whts1f4BPJsfaBoitQqTeJl0PxvN0fg9r3SSYd4qjVqrKo2O17MKwTGaJ8llYHSg76AAX4HmVNu9X6B2RsdbjM%2F9uRryL73hro%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f42805712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20040&sent=341&recv=43&lost=0&retrans=0&sent_bytes=351510&recv_bytes=8467&delivery_rate=169118&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=592&x=1", cfExtPri, cfHdrFlush;dur=0

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
FingerprintC0:6A:AF:FC:8E:82:E4:C6:BD:B5:6C:BA:93:63:EC:28:9D:55:2F:8C
ValidityTue, 15 Oct 2024 19:07:58 GMT - Mon, 13 Jan 2025 19:07:57 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1863
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: d94c489272c344569a95f027494d0bdf
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
FingerprintC0:6A:AF:FC:8E:82:E4:C6:BD:B5:6C:BA:93:63:EC:28:9D:55:2F:8C
ValidityTue, 15 Oct 2024 19:07:58 GMT - Mon, 13 Jan 2025 19:07:57 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 939
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 51817ebd1316fdc7fad3ab05c2f2d1c2
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
FingerprintC0:6A:AF:FC:8E:82:E4:C6:BD:B5:6C:BA:93:63:EC:28:9D:55:2F:8C
ValidityTue, 15 Oct 2024 19:07:58 GMT - Mon, 13 Jan 2025 19:07:57 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1090
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: a04d06e16b9d07e1bd71bde17102bdbb
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-do

139.45.197.248

200 OK

173 B

URL POST HTTP/2
arleavannya.com/sync-do
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
FingerprintC0:6A:AF:FC:8E:82:E4:C6:BD:B5:6C:BA:93:63:EC:28:9D:55:2F:8C
ValidityTue, 15 Oct 2024 19:07:58 GMT - Mon, 13 Jan 2025 19:07:57 GMT

File type
JSON text data
Size
173 B (173 bytes)
Hash
936b1a18d3f018b48c3109c3d3b8577f
0057d755b8814fa3569f103296e650948310fb48
51f2178ab43276de75ed90b4c0619fdd9a73fca7965e0bc81c7f60d32d85aa49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 151
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/json; charset=utf-8
content-length: 173
x-trace-id: 08ddafe0ca8fd13e506221e3560d4dc1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

grixaign.top/css/_core-survey.d3ac2ee0.css

188.114.96.1

200 OK

536 B

URL GET HTTP/3
grixaign.top/css/_core-survey.d3ac2ee0.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
ASCII text, with no line terminators
Size
536 B (536 bytes)
Hash
30d726a40ffe74d794b282ca1795b44c
b43155653a1b9cc8d257687df9a75e0f204db348
4916da6d6e00e0e6681cccaf9107eb45fdfc78fe2e476444623c30a64959b5e4

HTTP Headers

GET /css/_core-survey.d3ac2ee0.css HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=84
etag: W/"66f56515-54"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0svqiTffWXX2gbiJt3aOsuhuO4Ue4qHvZY56CuJrjrMUBK%2FDp1cFEjpGB3CqNpDelqx5bsFyLpwJe2qrj%2BX4fgMbk6gYuvZaCmAFIupL7X%2BD7%2FzVRHf06Ll%2FTvBIHx0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f24e47712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22100&sent=60&recv=25&lost=0&retrans=0&sent_bytes=40411&recv_bytes=5760&delivery_rate=49827&cwnd=24000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=299&x=1", cfExtPri, cfHdrFlush;dur=13

arleavannya.com/sync-metrics

139.45.197.248

200 OK

0 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
FingerprintC0:6A:AF:FC:8E:82:E4:C6:BD:B5:6C:BA:93:63:EC:28:9D:55:2F:8C
ValidityTue, 15 Oct 2024 19:07:58 GMT - Mon, 13 Jan 2025 19:07:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:51 GMT
content-length: 0
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL OPTIONS HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
FingerprintC0:6A:AF:FC:8E:82:E4:C6:BD:B5:6C:BA:93:63:EC:28:9D:55:2F:8C
ValidityTue, 15 Oct 2024 19:07:58 GMT - Mon, 13 Jan 2025 19:07:57 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 965
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:51 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 8f073e67254c5a74b3c234e091092f63
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=4f057d4b-dc2a-414d-8c24-5de8720b2c5a

185.49.145.45

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=4f057d4b-dc2a-414d-8c24-5de8720b2c5a
IP
185.49.145.45:443
ASN
#35415 Webzilla B.V.

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27
ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=4f057d4b-dc2a-414d-8c24-5de8720b2c5a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1498
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Mon, 21 Oct 2024 00:08:51 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://grixaign.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

grixaign.top/js/v-domparser.js.2f998fb8.js

188.114.96.1

200 OK

12 kB

URL GET HTTP/3
grixaign.top/js/v-domparser.js.2f998fb8.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (1720), with no line terminators
Size
12 kB (12541 bytes)
Hash
bacaf103248319bc704a58548d3d8e1e
c4dbf338d5cbc10c25ed32054e2e4099bbcb5287
2d7fedd370cd3164d6cdb12ae31333d04d34b69c84eb0d81dbe143e45ee6d495

HTTP Headers

GET /js/v-domparser.js.2f998fb8.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-6b8"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZaAJWbF27qKvnmyrkQml%2FLQFcm0%2Fz3lHm0nvExROl4E0yEWqvUja%2BpTeBRBW2GOmzsrBX5Im7lLickDV8y91H45XDT7QnJ6K9cw8W%2Bud4rqCFWDehwBnZW9G7hhDQkg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f4481b712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19018&sent=346&recv=50&lost=0&retrans=0&sent_bytes=353644&recv_bytes=9355&delivery_rate=765954&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=621&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/_rtc.18eb00dc.js

188.114.96.1

200 OK

13 kB

URL GET HTTP/3
grixaign.top/js/_rtc.18eb00dc.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (12222), with no line terminators
Size
13 kB (12741 bytes)
Hash
5c5f3060cd93784f5fa50afe6afc74d6
75e3b31d4f51eb81f248f6b839b6d72d914ab135
c95a1d56c4d585ba485463a4d4061e64b1e46d17f4b9e83cab0f95302cba65fe

HTTP Headers

GET /js/_rtc.18eb00dc.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-2fbe"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YXqp1CwFxjDLZ%2BUJBn1z8sLhoKERwPc4UXjgr5dJyFLueLJ7fCK1%2BLpDiLHGHkwu%2By1S96rm%2FbPSYMnKy1Gk%2B0o0CTkHOE7BnGYW3HhLmLUsQ8KufBfLoylxJt7S65g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f21e24712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19942&sent=14&recv=10&lost=0&retrans=0&sent_bytes=4122&recv_bytes=1993&delivery_rate=29407&cwnd=12000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=273&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/v-constants.js.23082895.js

188.114.96.1

200 OK

600 B

URL GET HTTP/3
grixaign.top/js/v-constants.js.23082895.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
ASCII text, with very long lines (664), with no line terminators
Size
600 B (600 bytes)
Hash
30f960371113252f177f1a13cc5e45ee
331255bde26c4b71483eb8345ca26bf37c7a352e
54ad95437640d5d44dc9d87117e4f031f8a9e3233b99462b5e792b045b510d4e

HTTP Headers

GET /js/v-constants.js.23082895.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-258"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F3PNhwBHYh7ICliD0FxIH1duQFzndmd7Br4CwVGifL5YJJfMMkJbr1NHyA5tHYOHKNq%2Fu3%2BtUTSCQGCiL0l1x3njufedeN11wpu0KY6wFXij0FxXezA%2BTX%2FCjx%2FoXas%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f47838712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18834&sent=354&recv=54&lost=0&retrans=0&sent_bytes=357715&recv_bytes=10100&delivery_rate=55472&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=642&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/v-index.mjs.50c8d69e.js

188.114.96.1

200 OK

35 kB

URL GET HTTP/3
grixaign.top/js/v-index.mjs.50c8d69e.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (35286), with no line terminators
Size
35 kB (35286 bytes)
Hash
5c080e9f349f6d33d5c403bc10184fe1
60f3e3a155ea4ece476a55514b2787c1fb8d4079
77475e9048319c715ea626739ad44bd16d6372dd0ec5c3584334edd3c38aa6d4

HTTP Headers

GET /js/v-index.mjs.50c8d69e.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56514-89d6"
last-modified: Thu, 26 Sep 2024 13:43:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PVlscKe3BM5Rd245afXbscncp37Zo6js2SV2ZWKzrX6CR%2BZN1Ed2FnE6RTQGGvPQUFq0Z7KW98RPItxr7PgQijMZ1dsoSxP2%2BIyrCWM3SSrDBT85SbmCp1nEMKSJizU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f40ff6712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20456&sent=324&recv=40&lost=0&retrans=0&sent_bytes=336234&recv_bytes=7943&delivery_rate=31604&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=582&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/sw/sw5953353.js?var=6993465&var_3=null&var_4=null&ymid=1029916&ab2_ttl=5184000000

188.114.96.1

200 OK

1.0 kB

URL GET HTTP/3
grixaign.top/sw/sw5953353.js?var=6993465&var_3=null&var_4=null&ymid=1029916&ab2_ttl=5184000000
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
ASCII text, with very long lines (1013), with no line terminators
Size
1.0 kB (1001 bytes)
Hash
b411ef08686b9f9bd80ca2321849f929
a3859bd6ec37ee82ce8b106f6117aa2b985c77c2
82cc1811d11b0054a19a2566d57752155decc712650498401b9dc8183db949c7

HTTP Headers

GET /sw/sw5953353.js?var=6993465&var_3=null&var_4=null&ymid=1029916&ab2_ttl=5184000000 HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: OAID=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8; syncedCookie=true; oaidts=1729469330; ID=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1321
etag: W/"66f56515-529"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xv42eGWE45y%2F%2FQvPOAvIXmHgCYquUyoSiPCpRKjPeTnBjkR3o60vB%2FXCM8U4kwRxXLyeMVU52HRZE8px0R%2B85enoUb3Q3lulnrc7fzk6Jvi2O8B9lYIsUpXFvaBjmY8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f538ba712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18382&sent=382&recv=60&lost=0&retrans=0&sent_bytes=387089&recv_bytes=10712&delivery_rate=728368&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=838&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/v-index.js.5b2ca3be.js

188.114.96.1

200 OK

41 kB

URL GET HTTP/3
grixaign.top/js/v-index.js.5b2ca3be.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (40985), with no line terminators
Size
41 kB (40985 bytes)
Hash
215cd3b327ba30435f9c0ff3ca47b922
6a04322915142458451f3ad8cd2d4f21a2b857c8
35d59eabc6466988a49bf79a938c60970d56358d939def8d16e6c930af0b2a72

HTTP Headers

GET /js/v-index.js.5b2ca3be.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40988
etag: W/"66f56515-a01c"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v1RHOXF%2F0Z7uOERal9VjnlT0bdaW8GE0kjRes8PlRklepXlnFhwsRptIAbqfM3fSRIFX69gWBAVr8zrHxhKjLPVGR%2F3vuVy90JalsdPYHNUo86w9QMJWFs9YRGSwGw4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f21e28712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19942&sent=20&recv=10&lost=0&retrans=0&sent_bytes=10217&recv_bytes=1993&delivery_rate=29407&cwnd=12000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=274&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/s-checkSessionStorageAvailable.ts.080f6a89.js

188.114.96.1

200 OK

330 B

URL GET HTTP/3
grixaign.top/js/s-checkSessionStorageAvailable.ts.080f6a89.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (338), with no line terminators
Size
330 B (330 bytes)
Hash
8da162f3faf910fd59af32a86469529f
72a9fdd9ef138c6b685377251e127ed6f379723e
64dcef87d8efc4cd1e9ec991238c62190a5578318f0e14997370003488b34ae3

HTTP Headers

GET /js/s-checkSessionStorageAvailable.ts.080f6a89.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56514-14a"
last-modified: Thu, 26 Sep 2024 13:43:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7TMjbVXv4rnEgb2wdoaFo3aTUYy4tHNI2dDDzCvh7LRT1PQf6zwO84yGef0A5p47%2FvdfpcwJH0CjYysrUp%2Fkv42srVDWSrYmD0qk7UPA%2BYongeWrmsGwuRV7KLwZlIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f22e2d712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19942&sent=26&recv=12&lost=0&retrans=0&sent_bytes=16148&recv_bytes=2463&delivery_rate=29407&cwnd=12000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=276&x=1", cfExtPri, cfHdrFlush;dur=16

grixaign.top/js/v-redux-toolkit.esm.js.61510496.js

188.114.96.1

200 OK

11 kB

URL GET HTTP/3
grixaign.top/js/v-redux-toolkit.esm.js.61510496.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (11319), with no line terminators
Size
11 kB (11319 bytes)
Hash
bcd7372f51c7e725335ac2b99f5669e1
2b15ed1e1a3762c3a5c99572e75fd0007ad2a8a0
40ff34e4603dfa933b0e2a1174b7a0e24c2311166bb1cf9ffc8b005f0245e1df

HTTP Headers

GET /js/v-redux-toolkit.esm.js.61510496.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-2c37"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A2kzN32uk1CG7IWLTSioAfgF0LxNcAkO7z6K7r%2FM9W98Kc%2FNCWUCj0x1gJ6BweOHzTKpH%2B78kZOJiTq13%2F2lTMXNLvjmHmXhGoUPXPyEdLwI26SL71rz8W0wUtKjOvk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f23e39712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19942&sent=29&recv=15&lost=0&retrans=0&sent_bytes=16227&recv_bytes=3166&delivery_rate=29407&cwnd=12000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=284&x=1", cfExtPri, cfHdrFlush;dur=8

grixaign.top/js/v-react-dom.production.min.js.e532a3ff.js

188.114.96.1

200 OK

129 kB

URL GET HTTP/3
grixaign.top/js/v-react-dom.production.min.js.e532a3ff.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
129 kB (129356 bytes)
Hash
c2cf402b45a2670a7c49fff904dae02e
f56f5968f7aa6eff91d85d7f11e97a46790dd684
6bcbf6c0a1c5a41aba18b241fe9ea09e935110665fada43402ffbc91de3e23e0

HTTP Headers

GET /js/v-react-dom.production.min.js.e532a3ff.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=129359
etag: W/"66f56514-1f94f"
last-modified: Thu, 26 Sep 2024 13:43:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNAyi7GCGf4NC4LBpPd9VKaALJOVX5jmaYXAAR9HLjB%2B94s%2FqN0fS0x3s1TPneB237mB2%2Fpj0wZ9DbK5kLIoCDRPJg%2BxwfrDY6tN2slUpMh3HHWlXO8t8UGP7%2FZW9JE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f23e41712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21815&sent=63&recv=27&lost=0&retrans=0&sent_bytes=42428&recv_bytes=6064&delivery_rate=74596&cwnd=36000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=313&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/v-html-to-dom.js.6f877ef8.js

188.114.96.1

200 OK

364 B

URL GET HTTP/3
grixaign.top/js/v-html-to-dom.js.6f877ef8.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (373), with no line terminators
Size
364 B (364 bytes)
Hash
f14b04e4feab67efa1c3575c73161991
701a0c774bfb9a3702e37dc659a3c0fd7f6f7cc7
ff0120f5a7cf6357292d94c7e59af7804e8c3521d1344f5cf53037705c61505d

HTTP Headers

GET /js/v-html-to-dom.js.6f877ef8.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-16c"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DOPrraDQ42oFF8yPbCIK7HtswfW3iRyg9Xe7D7ElkDkmvxRolFN0WALPPRsETnp10CQ3wcZYSRLVNJKqkVK7iaK%2BYvHLu86CYwEWG4YbbXKWPyFjf6R%2FvpJ8C5nEDD8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f47836712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18834&sent=355&recv=54&lost=0&retrans=0&sent_bytes=358776&recv_bytes=10100&delivery_rate=55472&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=643&x=1", cfExtPri, cfHdrFlush;dur=0

offpichuan.com/track?offer_id=5671&z=6993465&request_var=1029916&variable2=6886681538005880884&oaid=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8

139.45.197.237

200 OK

211 B

URL GET HTTP/2
offpichuan.com/track?offer_id=5671&z=6993465&request_var=1029916&variable2=6886681538005880884&oaid=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectoffpichuan.com
Fingerprint4D:F3:B0:78:77:90:06:E3:79:45:DA:AD:01:B5:3B:6E:26:E2:3D:14
ValiditySat, 12 Oct 2024 21:51:20 GMT - Fri, 10 Jan 2025 21:51:19 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
211 B (211 bytes)
Hash
e092a43b1aa8a8bfc876b4ef78da6dba
9de382c5ebbd32ea23a13e22561714dd23d3c033
529297edec00a32890eab725ebcd45ea68a28ff7be9a3ab3aa3b00be08643d67

HTTP Headers

GET /track?offer_id=5671&z=6993465&request_var=1029916&variable2=6886681538005880884&oaid=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8 HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/json
content-length: 211
x-trace-id: 783bd91a5ec65819e72b5156fb342e4b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://grixaign.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

afl3ua5u.xyz/css/main.css?v=4

104.21.58.242

200 OK

49 kB

URL GET HTTP/3
afl3ua5u.xyz/css/main.css?v=4
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type

Size
49 kB (49212 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /css/main.css?v=4 HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: text/css
last-modified: Thu, 26 Sep 2024 18:06:54 GMT
etag: W/"66f5a2be-c03c"
expires: Wed, 23 Oct 2024 05:26:04 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412958
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n4IKpZe4W32nvxVZRJbwVB%2BQ1qoMd6vCCMU0C4QVEV6ruexFTxGjd5JZK0BumfcavISuhrZfSBXFE9ohNXinVt1VdXWhyr0vUvN9sNBfkukRw9%2FuEW%2BdV8q6cOl2394%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03bfcbf956ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20042&sent=18&recv=13&lost=0&retrans=0&sent_bytes=4235&recv_bytes=3085&delivery_rate=33831&cwnd=12000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=308&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/s-storageService.js.05cc15a0.js

188.114.96.1

200 OK

2.2 kB

URL GET HTTP/3
grixaign.top/js/s-storageService.js.05cc15a0.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (2216), with no line terminators
Size
2.2 kB (2170 bytes)
Hash
9a7c9802374d489aa1db195f51c028ed
6332e54e537ad8ec610e40c475a16c327a942d6f
64e515da25882d407612d375e9c78b4ed7e561c805df3858f4b29c1737e16191

HTTP Headers

GET /js/s-storageService.js.05cc15a0.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-87a"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDvQhZDr4ceyRj%2B7e3DOguWqkKqeOLtxRDdAhdy8PuKPuA3Vx1mgKsBN44HYXp1%2FR4jaM3lhhzBMJcskv7oC29D5D%2BAffg%2BvOKtQcyYp8iTGMICdBm43KSYS8CoK5n4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f22e2b712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19942&sent=32&recv=18&lost=0&retrans=0&sent_bytes=16305&recv_bytes=3939&delivery_rate=29407&cwnd=12000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=288&x=1", cfExtPri, cfHdrFlush;dur=4

afl3ua5u.xyz/player/jw8_26/jwplayer.core.controls.js?v=2

104.21.58.242

200 OK

327 kB

URL GET HTTP/3
afl3ua5u.xyz/player/jw8_26/jwplayer.core.controls.js?v=2
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type

Size
327 kB (326903 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /player/jw8_26/jwplayer.core.controls.js?v=2 HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 09:09:34 GMT
etag: W/"660d1cce-4fcf7"
expires: Wed, 23 Oct 2024 05:26:06 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412956
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QIDXXcZ3yROCouuukR%2FF5aYFjKp6Xl3hFu02oipb%2FxUjgpIcoLONCTdd9ZeSIG9QQ%2BfLJG3oYmLyrDYutkaCedyn34pYIxS3j157Re2eRCuBluPG5FpJ%2B%2FXKFEZ0G4E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03c1ed4856ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20947&sent=149&recv=22&lost=0&retrans=0&sent_bytes=147944&recv_bytes=4474&delivery_rate=938159&cwnd=96000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=648&x=1", cfExtPri, cfHdrFlush;dur=0

afl3ua5u.xyz/player/jw8_26/provider.hlsjs.js?v=2

104.21.58.242

200 OK

423 kB

URL GET HTTP/3
afl3ua5u.xyz/player/jw8_26/provider.hlsjs.js?v=2
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type

Size
423 kB (422959 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /player/jw8_26/provider.hlsjs.js?v=2 HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 05 Apr 2024 14:57:50 GMT
etag: W/"6610116e-6742f"
expires: Wed, 23 Oct 2024 05:26:06 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412956
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4xHc1G%2FcBxUx3f9sfm8R4eumwpQFK%2BG5XquwP2SaNZCiRRGQzw66ErMXdX22DOq5PtM6jXuF4OSC%2B3c1Wxcf67Ryq5sG3Ds5D5OoySNmjL425LHtjZ%2BToGkmkzytKRU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03c1ed4b56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20947&sent=224&recv=22&lost=0&retrans=0&sent_bytes=237614&recv_bytes=4474&delivery_rate=938159&cwnd=96000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=649&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884

188.114.96.1

200 OK

13 kB

URL GET HTTP/2
grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
HTML document, ASCII text, with very long lines (13157), with no line terminators
Size
13 kB (13157 bytes)
Hash
82e8cfc3ed77851a66dbc2bb2dedba33
781a9c5839f254fc1f06b4d9a84413cf98bc9fc4
5ea20cf7b0221e6a0d6c24f605484ba9ff79c754f2fb94c69bb2c05c04f8b8e4

HTTP Headers

GET /dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884 HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://afl3ua5u.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 21 Oct 2024 00:08:49 GMT
content-type: text/html
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W0ARHnDGYTvE1RGDRcaEAnWUV6ojbrc6lznpeiM0aacFA4EJtwUiGoXlatFPjNs%2Bpn3ohvH3%2FVR5AyA7mlvYhz9%2FMAh%2B%2FKb1hIgZXwruII%2B1fcgoJulTPKDiakvg%2FY0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03efdc7856b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=21660&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3202&recv_bytes=1191&delivery_rate=262318&cwnd=254&unsent_bytes=0&cid=cd5780c838173c51&ts=111&x=0"
X-Firefox-Spdy: h2

ofklefkian.com/zone?&pub=0&zone_id=5953353&is_mobile=false&domain=grixaign.top&var=6993465&ymid=1029916&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
ofklefkian.com/zone?&pub=0&zone_id=5953353&is_mobile=false&domain=grixaign.top&var=6993465&ymid=1029916&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectofklefkian.com
Fingerprint47:EA:3F:9E:5E:DB:8F:FE:B9:5E:18:33:0D:56:DD:59:F9:EF:BF:6C
ValiditySat, 21 Sep 2024 05:26:27 GMT - Fri, 20 Dec 2024 05:26:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=5953353&is_mobile=false&domain=grixaign.top&var=6993465&ymid=1029916&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:51 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

afl3ua5u.xyz/js/xupload.js

104.21.58.242

200 OK

11 kB

URL GET HTTP/3
afl3ua5u.xyz/js/xupload.js
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
JavaScript source, ASCII text
Size
11 kB (10867 bytes)
Hash
2609e3a9490dcfe748407d3af317c472
af55b2b16e9190e09407f67ffae4ca705ea6f112
c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d

HTTP Headers

GET /js/xupload.js HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 04 Aug 2021 13:41:52 GMT
etag: W/"610a9920-2a73"
expires: Wed, 23 Oct 2024 05:26:04 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412958
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w060nZ5n%2B8CFa13H%2FtKkkmu1bekgBRO9B23Dp9ziFXdJGNJjzbSpzkw7AnraW2czXgLSfa9gZ0UEtxOUTrDFmqlAGEuBVUBCJOMx5GOkPH7UhKiecqBIb3Owtiehjaw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03bfcc0056ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20042&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16235&recv_bytes=3085&delivery_rate=33831&cwnd=12000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=312&x=1", cfExtPri, cfHdrFlush;dur=35

epededonemile.com/?fmon=1076462

3.164.230.98

302 Found

13 kB

URL GET HTTP/2
epededonemile.com/?fmon=1076462
IP
3.164.230.98:443
ASN
#0

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerAmazon
Subjectepededonemile.com
Fingerprint46:83:A9:71:37:5C:CA:E8:CC:04:0A:4C:B6:4D:C4:FF:85:97:F1:1B
ValidityTue, 08 Oct 2024 00:00:00 GMT - Thu, 06 Nov 2025 23:59:59 GMT

File type

Size
13 kB (13157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?fmon=1076462 HTTP/1.1
Host: epededonemile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://afl3ua5u.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://click-v4.exclkplat.com/click?i=gyXDpgc9jWk_0
date: Mon, 21 Oct 2024 00:08:48 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=c482233a-6b3d-46c8-b008-068c2a6cb1eb
x-cache: Miss from cloudfront
via: 1.1 c2eb9b44aa5080bf631af7c8ed97f7de.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: YPe1FJdou5JZUxWfw7IWWvWKq-1oMODKtfQs55FJAcSMBG3WSqdMiQ==
X-Firefox-Spdy: h2

grixaign.top/js/config/dict/cookie-consent-1.json?v=10

188.114.96.1

200 OK

6.8 kB

URL GET HTTP/3
grixaign.top/js/config/dict/cookie-consent-1.json?v=10
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators
Size
6.8 kB (6757 bytes)
Hash
4b2ff958e811a50d2f641818590b443d
6abae297812bb55fad869e953e7fdf7469cbe1ae
9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8

HTTP Headers

GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/json
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: W/"66f56515-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W5riwi01AnHcMgsfaBrW5p34C2uSMzOfRiqBX75quO%2Fm9nmaJTSFY9txb4NiW%2FI5KL7gqs7Q7KwQVuno90RCA%2B29xfMu9rIwuQlS4EaulpveDkFYMAirJpvRTWJdaEY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f38f4c712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20456&sent=318&recv=38&lost=0&retrans=0&sent_bytes=332476&recv_bytes=7484&delivery_rate=31604&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=566&x=1", cfExtPri, cfHdrFlush;dur=0

afl3ua5u.xyz/js/ls.js

104.21.58.242

200 OK

2.1 kB

URL GET HTTP/3
afl3ua5u.xyz/js/ls.js
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
JavaScript source, ASCII text, with very long lines (2079), with no line terminators
Size
2.1 kB (2063 bytes)
Hash
66b63b5fefbe179c0fd09e63c11b7e12
e657b7d46921bec0bcbd746339ccc03ef4690036
52eb05218aa889bcc3b78062d496c747a04db5126648bd3a57cf8c43e3039bf2

HTTP Headers

GET /js/ls.js HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 14 Feb 2023 11:28:54 GMT
etag: W/"63eb7076-80f"
expires: Wed, 23 Oct 2024 05:26:04 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412958
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yN3exQjvp5xhidFQy8XUTHpy4gMtTAN9vXltHb3Y0Um4TRjnbKEVDON9cMJbjdONbFnsIiX%2FnZtHhmyn%2FW%2B0jSnrri2plqkpdVZ6o8iKIlQioBysSdpL%2BAhGPkEjxIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03bfdc0456ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20042&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16235&recv_bytes=3085&delivery_rate=33831&cwnd=12000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=310&x=1", cfExtPri, cfHdrFlush;dur=37

afl3ua5u.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3

104.21.58.242

200 OK

38 B

URL GET HTTP/3
afl3ua5u.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
ASCII text, with no line terminators
Size
38 B (38 bytes)
Hash
d23662ee1251b9918b938629a6b2ed32
53b7c230569335c8ff5a1fc2158f49827d7a5e65
02f7674053ee078505ea4ebdbf2f1adf94cf761bbcbf54c4e09538656f6559a5

HTTP Headers

GET /js/dnsads.js?dfp=1&ad_code=2&adsrc=3 HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 38
last-modified: Mon, 13 Sep 2021 15:50:14 GMT
etag: "613f7336-26"
expires: Wed, 23 Oct 2024 05:26:04 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412958
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tRi5piC8bqu9tBQHzgPG%2BOVimkvLSw0hWNQRsjZDyTcCIAAqA1u4XIw6UrpqxEal5yA%2Bb%2Fl2Oj1RvxL0LUc3kL1OfUC%2FrKzJmfSk8GB6OvGRo8oBBruTWXL3nc8xmso%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03bfdc0d56ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20042&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16235&recv_bytes=3085&delivery_rate=33831&cwnd=12000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=312&x=1", cfExtPri, cfHdrFlush;dur=56

afl3ua5u.xyz/player/jw8/vast.js

104.21.58.242

200 OK

107 kB

URL GET HTTP/3
afl3ua5u.xyz/player/jw8/vast.js
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107114 bytes)
Hash
3cd85ca1814c3fd976764bf6b83b989d
90e931622205c6adfbc75cfe681563a127580f05
2e4fe3d8b3565a3f8b5ec0ecfe0e5f26a756401b6847dd475327793da41897f5

HTTP Headers

GET /player/jw8/vast.js HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Sep 2022 10:34:42 GMT
etag: W/"6319c542-1a26a"
expires: Wed, 23 Oct 2024 05:26:05 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412957
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nvGxF3MyO0G1ieEmYGoydBI%2BM%2BXU8r%2BmVqSrLCx4giKS8xtQBL54EVBBJQe1ukwVsrrbKGE%2BEMFgmK9xrXK6%2FKnAVu0uHVpz3Bn5fzpJ9HFUh8O1SesGUxRlHhTD%2Bvw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03c18d0156ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20371&sent=112&recv=18&lost=0&retrans=0&sent_bytes=108073&recv_bytes=3539&delivery_rate=1062245&cwnd=96000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=581&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/pfe/current/micro.tag.min.js?z=5953353&sw=/sw/sw5953353.js&var=6993465&var_3=null&var_4=null&ymid=1029916&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000

188.114.96.1

200 OK

27 kB

URL GET HTTP/3
grixaign.top/pfe/current/micro.tag.min.js?z=5953353&sw=/sw/sw5953353.js&var=6993465&var_3=null&var_4=null&ymid=1029916&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (27174), with no line terminators
Size
27 kB (27174 bytes)
Hash
75c26ccd65e96e912725399ff3ce66e9
d300939979d2048844dc5ac80c51ed8121126f4e
c9db5c92934b273ad485c58710d6fbc2d580c2923a99bb456b18cb5e1465f5cf

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=5953353&sw=/sw/sw5953353.js&var=6993465&var_3=null&var_4=null&ymid=1029916&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: W/"66f56515-6a26"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rq7x%2Bvbt%2FcaFkplf1FASDsneFvVxj4uwgkOLtKISlN1PqkDcc1MIHNkQq7lK6C7ZIBC%2F0p8L1hOgKKMKLe94jOaj2H6n2iRUzBpr5FauapWjLTFinLLTu7clKzgvMUA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f3ffe8712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18705&sent=370&recv=55&lost=0&retrans=0&sent_bytes=375717&recv_bytes=10146&delivery_rate=109241&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=647&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/v-possibleStandardNamesOptimized.js.11ece07d.js

188.114.96.1

200 OK

7.6 kB

URL GET HTTP/3
grixaign.top/js/v-possibleStandardNamesOptimized.js.11ece07d.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
ASCII text, with very long lines (7923), with no line terminators
Size
7.6 kB (7577 bytes)
Hash
40afcf9799eb216713f97fda40691fcb
638ab978d2f32ca129e5ac06eb541c71dd0f2a14
9724a018a83d7c934a763fa996f41e73586767e4cf9e1400f2fc5b5d56738b38

HTTP Headers

GET /js/v-possibleStandardNamesOptimized.js.11ece07d.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-1d99"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l6TujGoZCWp3iHgXyNwsX8D2YKGuaa7hC7kWQMUf%2F0jmZdCq%2BxwPVrJ2UQWQLb3wX5SytdzhID1d0KD3BOkTs6GPn1UnZGUbutYkQEe0GpujtIe%2BcDwSpf8z0Wn6O2o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f41fff712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20040&sent=337&recv=43&lost=0&retrans=0&sent_bytes=347683&recv_bytes=8467&delivery_rate=169118&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=591&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/pfe/current/stattag.js

188.114.96.1

200 OK

19 kB

URL GET HTTP/3
grixaign.top/pfe/current/stattag.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (19053), with no line terminators
Size
19 kB (19053 bytes)
Hash
3a74216e872211a9c770302bb7d4a63f
7e63556174a7d66eee407218e503ec0aae2c0f9e
03405209d89a927b81d53eb13968663069760776389c5400bb79d11bd9f78f78

HTTP Headers

GET /pfe/current/stattag.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8; syncedCookie=true; oaidts=1729469330; ID=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:51 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-4a6d"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2088
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NsUvKEcnbzXBX21SMkRqaxC50yp4k%2BGt90WY%2FSfHgAeBd3Gf0P%2BR1zc%2FXHFsPy3ccGzkilux5ozts9V4ypJ9yIQQ%2FESFmtdqM5yBHQmxORe4qxx6Ov4ODHuMpffxJUM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f74a0a712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18716&sent=384&recv=62&lost=0&retrans=0&sent_bytes=388153&recv_bytes=11071&delivery_rate=8575&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=1095&x=1", cfExtPri, cfHdrFlush;dur=0

afl3ua5u.xyz/js/bafsd.js

104.21.58.242

200 OK

14 kB

URL GET HTTP/3
afl3ua5u.xyz/js/bafsd.js
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
14 kB (13706 bytes)
Hash
c2432aca90e92e0370d2ded2545eb1fa
8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb
89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5

HTTP Headers

GET /js/bafsd.js HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 04 Oct 2024 05:52:43 GMT
etag: W/"66ff82ab-358a"
expires: Wed, 23 Oct 2024 05:26:04 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412958
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=72m8IWHZHrGjELznYCIsXpRC95qW3wEs97ebqiIghnP64%2FsFa7%2BHUkkiYG%2FFHtcBXvZ%2BrB5Rna81f%2BFxU3e1U%2FWvk4%2Ft0UhEGdNaYEUGKIsLstzqAohZcs1Jclk4jTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03bfdc0a56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20042&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16235&recv_bytes=3085&delivery_rate=33831&cwnd=12000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=314&x=1", cfExtPri, cfHdrFlush;dur=33

grixaign.top/js/v-dom-to-react.js.0eca2a35.js

188.114.96.1

200 OK

1.1 kB

URL GET HTTP/3
grixaign.top/js/v-dom-to-react.js.0eca2a35.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (1101), with no line terminators
Size
1.1 kB (1085 bytes)
Hash
d2987ee9af14ae718fd0c3094302dc2f
a2aae78e8167d9865380565f8162a5b993ea584f
1babafb7f6edb43624d1badc3cce24493cfff775f9d3e2cd1e2ecf15e0fb3ba7

HTTP Headers

GET /js/v-dom-to-react.js.0eca2a35.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56514-43d"
last-modified: Thu, 26 Sep 2024 13:43:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1KebxgxvzwwdEaJN8xGEEKUNryysS%2BR3Idddwdq9XcBxWsP8Ne9M5H1AGGNqelU50Y9KZZZOi4TaCrrOzuKmLzx3Z%2F5m137lSmUHiXTJqTyQrQWRTsr90fT1AqNxLMo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f45824712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19018&sent=348&recv=50&lost=0&retrans=0&sent_bytes=355077&recv_bytes=9355&delivery_rate=765954&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=626&x=1", cfExtPri, cfHdrFlush;dur=0

videothumbs.me/aeerjgxp0v11.jpg

172.67.138.198

200 OK

21 kB

URL GET HTTP/2
videothumbs.me/aeerjgxp0v11.jpg
IP
172.67.138.198:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectvideothumbs.me
FingerprintC1:4F:45:F9:18:0B:29:97:8B:ED:6F:9D:8C:05:3F:CB:88:3E:D2:BF
ValidityWed, 18 Sep 2024 10:33:09 GMT - Tue, 17 Dec 2024 10:33:08 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.32.100", baseline, precision 8, 720x405, components 3
Size
21 kB (21363 bytes)
Hash
a3fe30149938294522acf910b9c55063
9f4190ac58f716a88c76c98ad51994ea25b72ed0
5e447afd5da70f0a6022f72f23bbe25cc9a15cdea3513cc7114f3f5d90b84447

HTTP Headers

GET /aeerjgxp0v11.jpg HTTP/1.1
Host: videothumbs.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: image/jpeg
content-length: 21363
last-modified: Tue, 26 Dec 2023 07:44:19 GMT
etag: "658a8453-5373"
expires: Tue, 22 Oct 2024 04:44:40 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 826036
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2vP%2FZqRVYqcfn3CXGvGOUMmUWEmQ6Se6IFDSMGtGZv5%2B46W33HuTOiP62trf5%2Fr0OtM4AceuweVT38DwhJpgIN9ny%2Fwlgxk2S%2F5HDvUORMcku0Cn5BeBMiCwwfjpLfH7tA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03c3ab8a7129-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20171&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3280&recv_bytes=1172&delivery_rate=262113&cwnd=252&unsent_bytes=0&cid=094a9612406e6e0a&ts=40&x=0"
X-Firefox-Spdy: h2

grixaign.top/js/config/sd/sd-5671-en.js?v=10

188.114.96.1

200 OK

4.1 kB

URL GET HTTP/3
grixaign.top/js/config/sd/sd-5671-en.js?v=10
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
Unicode text, UTF-8 text, with very long lines (4277), with no line terminators
Size
4.1 kB (4149 bytes)
Hash
1f59b70ebc30bc43ba84355260a06076
ea967205dde6223bac1143068fc7925047142bb7
d359bae01b1422b545c2dc2d23a82a928f44b1b7d9871d674e1474a0324514c8

HTTP Headers

GET /js/config/sd/sd-5671-en.js?v=10 HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-1035"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tTu72ECFCaQ%2BqrqHFF1pi56T%2BlMzVkXbIYSTQcyS8AtUiC5PPocmcR2meM1dZkz2q%2BiC2m7M1M%2BLsSIBI8rstre92kNGlvnBxQsd20Oy4sq2GcwyniZjqlYs%2FUa8OJE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f34f1f712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20798&sent=315&recv=36&lost=0&retrans=0&sent_bytes=330489&recv_bytes=7114&delivery_rate=678399&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=530&x=1", cfExtPri, cfHdrFlush;dur=0

afl3ua5u.xyz/player/jw8_26/jwplayer.js?v=5.0.2

104.21.58.242

200 OK

111 kB

URL GET HTTP/3
afl3ua5u.xyz/player/jw8_26/jwplayer.js?v=5.0.2
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type

Size
111 kB (111441 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /player/jw8_26/jwplayer.js?v=5.0.2 HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 05 Apr 2024 14:58:43 GMT
etag: W/"661011a3-1b351"
expires: Wed, 23 Oct 2024 05:26:04 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412958
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jMuKguHfR8%2F1wdmi4gxHnKUMdg0qAZYC3L8wNZwEhSzv4wFL6byuU%2BP1d2hxGMjuhUgVQdNuIdjE44jxphORYyXM00QoB7ShWKqvOZbEipI7FGEUof6KqNcXGaO%2FSuY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03bfdc0c56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20042&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16235&recv_bytes=3085&delivery_rate=33831&cwnd=12000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=316&x=1", cfExtPri, cfHdrFlush;dur=31

afl3ua5u.xyz/favicon.ico

104.21.58.242

200 OK

1.2 kB

URL GET HTTP/3
afl3ua5u.xyz/favicon.ico
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
f7b404d04734d64575f577b506c22a06
485d344ea5ace3529dd472f3fadaa621f046eaf5
c53b6a1e519b835191c058325f17d0f3ea15e1507ca47313c94cc54b68741500

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: image/x-icon
last-modified: Mon, 02 Feb 2015 19:26:28 GMT
etag: W/"54cfcf64-47e"
expires: Wed, 23 Oct 2024 06:13:39 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 410103
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5uVovyojMPAgqNuvpxZz%2BYuDcG4LYMHP1qOd7YREImxJC1Pi2WKAVN%2F6xxwsjUOtNY%2FdwDZU18qNlZcVOGu%2F3Oxj6Ih0wQYEHFViV%2BC2KR4dgpprTjUKI%2BSExPelEuA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03c25d9356ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19904&sent=337&recv=28&lost=0&retrans=0&sent_bytes=369643&recv_bytes=5002&delivery_rate=3695328&cwnd=192000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=716&x=1", cfExtPri, cfHdrFlush;dur=0

afl3ua5u.xyz/js/jquery.js

104.21.58.242

200 OK

90 kB

URL GET HTTP/3
afl3ua5u.xyz/js/jquery.js
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /js/jquery.js HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
etag: W/"603e8adc-15d9d"
expires: Wed, 23 Oct 2024 05:26:04 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412958
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CcQzxw1%2FHi0P3DkyzTzGg9kzFk69m8FKPdaAHZoItOSoFSWWuDLqzzZnS2RuoDt5bHdkBgSqyo4Xcb02Upr4BqovuxKAmM%2FIoYYMw9%2BjqQ1IwIk7Gdu0lX%2B5dEI8yCs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03bfcbfc56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20042&sent=28&recv=13&lost=0&retrans=0&sent_bytes=16235&recv_bytes=3085&delivery_rate=33831&cwnd=12000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=310&x=1", cfExtPri, cfHdrFlush;dur=17

xkacs5av.xyz/js/cortega.js

104.21.38.193

200 OK

71 kB

URL GET HTTP/2
xkacs5av.xyz/js/cortega.js
IP
104.21.38.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectxkacs5av.xyz
FingerprintCC:29:21:8A:E6:DC:9D:2A:68:9E:2E:E7:93:31:26:D1:91:A7:76:D9
ValiditySun, 29 Sep 2024 07:00:37 GMT - Sat, 28 Dec 2024 07:00:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
71 kB (70989 bytes)
Hash
34d3cb60ba84e720c3fdeec227e4046b
cbc2bfb4513bf32f9ce018f48abed7c37299779f
9cdb7e206c84c7b7cb4396bbe124e745e9c8082946ecceb8209afbc1e4645362

HTTP Headers

GET /js/cortega.js HTTP/1.1
Host: xkacs5av.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 07:44:35 GMT
etag: W/"6704e2e3-1154d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2569
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gk22WuAa5ldQUbtLXv%2BP3c5AYDDGe0rlS6U7dFHx9sQLj7pHdKEZMjbxJqID5o%2Bp4W%2Bf6kaF34gmTsh4g21Hj%2FAFAVZwhT5ayun1OMcxg%2B1OI3FbOwqHrEKD4t4c4sA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03c02cde712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16490&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3275&recv_bytes=1151&delivery_rate=261089&cwnd=252&unsent_bytes=0&cid=e6fac29d359833dc&ts=42&x=0"
X-Firefox-Spdy: h2

grixaign.top/js/v-node.js.b3f20640.js

188.114.96.1

200 OK

6.3 kB

URL GET HTTP/3
grixaign.top/js/v-node.js.b3f20640.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
JavaScript source, ASCII text, with very long lines (6337), with no line terminators
Size
6.3 kB (6251 bytes)
Hash
cad18f25fb654d8320459306deb3f398
3cb93871b3502f69d69498464bba0f6ee4583f8b
a88bb2d09fd437789cb16ab10ed9ba7efe26277c3dad680e2bb42ddbcc4e86b8

HTTP Headers

GET /js/v-node.js.b3f20640.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56514-186b"
last-modified: Thu, 26 Sep 2024 13:43:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2FkdLEt4%2BwUGyqLerXBXeepx5Sy62VbqYhc5O3mwHvx0FXqueaSZ9YLwRWlZs4XslJHXuaQON8HWnJUx7RzLTMzq2BlRcGovUsBMpp11ewI25wnagDp3mk6iPJUSHwo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f41ffa712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20040&sent=333&recv=42&lost=0&retrans=0&sent_bytes=345172&recv_bytes=8235&delivery_rate=169118&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=583&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/v-attributes-to-props.js.5847b9cb.js

188.114.96.1

200 OK

702 B

URL GET HTTP/3
grixaign.top/js/v-attributes-to-props.js.5847b9cb.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
ASCII text, with very long lines (718), with no line terminators
Size
702 B (702 bytes)
Hash
811904250c1a0b2d2cf2752c7709a3fb
298882040b340e6651acca9f256e62eeb373b585
7f7cd4315254cbab3388b7ee99ea3bd65a455d89064c60228e69a2346827270c

HTTP Headers

GET /js/v-attributes-to-props.js.5847b9cb.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56514-2be"
last-modified: Thu, 26 Sep 2024 13:43:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JDMI1lDBbYnpLXlmxmGLIJxThSixlnHk47QUCZuZHn60HDNMKeAK%2BsDtI%2FlnYMHV9epdg6gudihB%2BaK8XixFD1pT0PTmjsOZQZDapm1n4NM82AtECBE%2BXldTYWQjmdA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f45827712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19018&sent=353&recv=53&lost=0&retrans=0&sent_bytes=356545&recv_bytes=10054&delivery_rate=765954&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=635&x=1", cfExtPri, cfHdrFlush;dur=0

offpichuan.com/rotate?zz=5473380;5473392;5473395;5473423;5473381;7044710&var=6993465&ymid=1029916&uid=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8

139.45.197.237

200 OK

2.8 kB

URL GET HTTP/2
offpichuan.com/rotate?zz=5473380;5473392;5473395;5473423;5473381;7044710&var=6993465&ymid=1029916&uid=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerLet's Encrypt
Subjectoffpichuan.com
Fingerprint4D:F3:B0:78:77:90:06:E3:79:45:DA:AD:01:B5:3B:6E:26:E2:3D:14
ValiditySat, 12 Oct 2024 21:51:20 GMT - Fri, 10 Jan 2025 21:51:19 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2785), with no line terminators
Size
2.8 kB (2751 bytes)
Hash
d9d1a6d9a037f0c6d7a85bdb123987d3
5c730000f82aa1c7d464e3664547bc860efde814
018c5598879951ef337425ab0a3ea1298fe9eaf16dafe71134d13f0774f33135

HTTP Headers

GET /rotate?zz=5473380;5473392;5473395;5473423;5473381;7044710&var=6993465&ymid=1029916&uid=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8 HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://grixaign.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 21 Oct 2024 00:08:51 GMT
content-type: application/javascript
x-trace-id: fba347aa0d349cdccd15ac40f420188f
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://grixaign.top
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=sf3ziqvbmp3wlq0s4vi3692s7wxfn9q8; expires=Tue, 21 Oct 2025 00:08:51 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

afl3ua5u.xyz/assets/css/jw8-theme.css?v=3.0.6

104.21.58.242

200 OK

25 kB

URL GET HTTP/3
afl3ua5u.xyz/assets/css/jw8-theme.css?v=3.0.6
IP
104.21.58.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Certificate
IssuerGoogle Trust Services
Subjectafl3ua5u.xyz
Fingerprint54:94:18:D4:D0:20:05:68:C3:61:1B:BD:AF:58:68:AB:C6:54:3A:B4
ValidityFri, 27 Sep 2024 15:02:07 GMT - Thu, 26 Dec 2024 15:02:06 GMT

File type
ASCII text, with very long lines (938), with CRLF line terminators
Size
25 kB (25250 bytes)
Hash
218f1af32c959506efe281f39309d9a5
948fbcdba4275e13fc3e469a04df2d727aabdf4a
5425c5e4dfa36e386ee465a9fe20f61290bcd377fe3fd950164c5c6e16301593

HTTP Headers

GET /assets/css/jw8-theme.css?v=3.0.6 HTTP/1.1
Host: afl3ua5u.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://afl3ua5u.xyz/brr/aeerjgxp0v11?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:42 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 15:50:39 GMT
etag: W/"660d7acf-62a2"
expires: Wed, 23 Oct 2024 05:26:05 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 412957
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=98HsM5XstpejZMQ8chvnSUbD7X13M01eLadUrr7%2FM8PNxlEyP7RsPLlkHH%2FJAZT6NDS8scSfiKN5%2F7LGOXZGIXQtVXDSP%2FEzg044r%2F%2BtJw9ECdxo32RlE1%2BZYdFpmrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d5d03c1ed4956ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20947&sent=143&recv=22&lost=0&retrans=0&sent_bytes=141775&recv_bytes=4474&delivery_rate=938159&cwnd=96000&unsent_bytes=0&cid=40a4cbbfcfad66c9&ts=640&x=1", cfExtPri, cfHdrFlush;dur=0

grixaign.top/js/s-checkLocalStorageAvailable.ts.f85cd6f6.js

188.114.96.1

200 OK

330 B

URL GET HTTP/3
grixaign.top/js/s-checkLocalStorageAvailable.ts.f85cd6f6.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (338), with no line terminators
Size
330 B (330 bytes)
Hash
32117b84efdd7689199f1f4d52e98f0f
1d4364d78491cb51a8c8e9bd1cc8510cdc81a8db
0f021caaf643542f3e291702d8995802dbc4fe04ee7d99a84c2472d3f9afdb1a

HTTP Headers

GET /js/s-checkLocalStorageAvailable.ts.f85cd6f6.js HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66f56515-14a"
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CVTkW2UlmfIVWSEYu45v9ri%2FoWCHb1Icqb23688jHM94UX9w%2FtJdYh0umXiFW%2BtgLB9Py9veKCxQedc%2FwpRvYW5QmEZAJRthT8o1iFZHJrcTudxgGNwfH%2BmZ9p4Z8u8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f22e34712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19942&sent=28&recv=14&lost=0&retrans=0&sent_bytes=16200&recv_bytes=2935&delivery_rate=29407&cwnd=12000&unsent_bytes=0&cid=163c45dc93d62e3a&ts=282&x=1", cfExtPri, cfHdrFlush;dur=10

grixaign.top/img/dating/map.webp

188.114.96.1

200 OK

19 kB

URL GET HTTP/3
grixaign.top/img/dating/map.webp
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grixaign.top/dating-survey.html?z=6993465&offer_id=5671&var=1029916&ymid=6886681538005880884
Certificate
IssuerGoogle Trust Services
Subjectgrixaign.top
FingerprintC6:F9:AD:CB:14:D4:42:8D:AC:05:73:9F:99:BE:1D:3A:AA:2C:02:F9
ValidityWed, 11 Sep 2024 21:01:43 GMT - Tue, 10 Dec 2024 21:01:42 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 580x580, Scaling: [none]x[none], YUV color, decoders should clamp
Size
19 kB (19442 bytes)
Hash
c0c1ccee54f80a107e8424ca1c3c72d2
191ad2c877f7904c22ec5c4e46262d97ff843a53
b2e5f5af4ce01433609251c3fb4e83c8bad2b9cd1ccd51d3d8249dd29f2d16de

HTTP Headers

GET /img/dating/map.webp HTTP/1.1
Host: grixaign.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://grixaign.top/css/survey-dating.77b63812.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 21 Oct 2024 00:08:50 GMT
content-type: image/webp
content-length: 19442
last-modified: Thu, 26 Sep 2024 13:43:49 GMT
vary: Accept-Encoding
etag: "66f56515-4bf2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2087
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O4K5aka8ML%2BFb3hhjiongl0yXJyHj1MpQySRbK4Yoq3xsiMGV4oLARbDnTr%2BBr6Qgnv7LEgzkyZgtd2Eh2HYWNVn8vjOpGCQCro6hbffVTKpdNQCCdJ918iPxeRliMI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d5d03f32f04712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21042&sent=295&recv=33&lost=0&retrans=0&sent_bytes=309804&recv_bytes=6587&delivery_rate=962887&cwnd=186300&unsent_bytes=0&cid=163c45dc93d62e3a&ts=443&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (52)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by