marith.xyz Open in urlscan Pro
2606:4700:3035::6815:2145 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://marith.xyz/
Effective URL:
https://marith.xyz/
Submission: On January 29 via api (January 29th 2022, 1:46:15 am UTC) from US — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 10 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3035::6815:2145, located in United States and belongs to CLOUDFLARENET, US. The main domain is marith.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 2nd 2021. Valid for: a year.

This is the only time marith.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3035::6815:2145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	165.22.198.175 165.22.198.175	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
5	45.133.44.24 45.133.44.24	7018 (ATT-INTER...) (ATT-INTERNET4)
2	168.119.25.22 168.119.25.22	24940 (HETZNER-AS) (HETZNER-AS)
1	88.198.136.234 88.198.136.234	24940 (HETZNER-AS) (HETZNER-AS)
3	85.10.217.30 85.10.217.30	24940 (HETZNER-AS) (HETZNER-AS)
2 2	2a01:4f8:c0:2... 2a01:4f8:c0:2306::1	24940 (HETZNER-AS) (HETZNER-AS)
13	7

2 2606:4700:3035::6815:2145 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

marith.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 165.22.198.175 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

network-site.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 45.133.44.24 (Philadelphia, United States)

ASN7018 (ATT-INTERNET4, US)

sw.wpush.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.wpushsdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.jnkstff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 168.119.25.22 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.22.25.119.168.clients.your-server.de

nereserv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ntvpinp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.136.234 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-136-234.clients.your-server.de

notification.tubecup.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.10.217.30 (Munich, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 85-10-217-30.clients.your-server.de

static.bookmsg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:c0:2306::1 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)

puwpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	bookmsg.com static.bookmsg.com — Cisco Umbrella Rank: 50721	3 KB
3	wpushsdk.com js.wpushsdk.com — Cisco Umbrella Rank: 34210	37 KB
2	puwpush.com 2 redirects puwpush.com — Cisco Umbrella Rank: 30720	544 B
2	marith.xyz 1 redirects marith.xyz	12 KB
1	tubecup.net notification.tubecup.net — Cisco Umbrella Rank: 8577	193 B
1	ntvpinp.com ntvpinp.com — Cisco Umbrella Rank: 38906	6 KB
1	nereserv.com nereserv.com — Cisco Umbrella Rank: 38957	193 B
1	jnkstff.com js.jnkstff.com — Cisco Umbrella Rank: 124610	339 B
1	wpush.org sw.wpush.org — Cisco Umbrella Rank: 85908	25 KB
1	network-site.xyz network-site.xyz	15 KB
13	10

	Domain	Requested by
3	static.bookmsg.com
3	js.wpushsdk.com	sw.wpush.org js.wpushsdk.com
2	puwpush.com	2 redirects
2	marith.xyz	1 redirects
1	notification.tubecup.net
1	ntvpinp.com	js.wpushsdk.com
1	nereserv.com	js.wpushsdk.com
1	js.jnkstff.com	js.wpushsdk.com
1	sw.wpush.org	marith.xyz
1	network-site.xyz	marith.xyz
13	10

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-12-02` - `2022-12-01`	a year	crt.sh
network-site.xyz R3	`2022-01-28` - `2022-04-28`	3 months	crt.sh
sw.wpush.org R3	`2022-01-11` - `2022-04-11`	3 months	crt.sh
js.wpushsdk.com R3	`2022-01-16` - `2022-04-16`	3 months	crt.sh
js.jnkstff.com R3	`2021-12-17` - `2022-03-17`	3 months	crt.sh
notification.tubecup.net R3	`2021-11-30` - `2022-02-28`	3 months	crt.sh
bookmsg.com R3	`2022-01-19` - `2022-04-19`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://marith.xyz/
Frame ID: 21945E114D40F5346E5464D3AF3A2607
Requests: 12 HTTP requests in this frame

Frame: https://static.bookmsg.com/creatives/SG/SG_2b05828f1853b06660d931ef6e0ed27f23543bcd.webp
Frame ID: 258F144759CAB7958480E96B001D1706
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Video Catalog

Page URL History Show full URLs

http://marith.xyz/ HTTP 301
https://marith.xyz/ Page URL

Page Statistics

13
Requests

85 %
HTTPS

29 %
IPv6

10
Domains

10
Subdomains

7
IPs

3
Countries

98 kB
Transfer

242 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://marith.xyz/ HTTP 301
https://marith.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://puwpush.com/popunder/in/show/?mid=498098918&pid=0&site=native-push-adult&sc=SE&usage_type=DCH&subid=784638506&sid=983940115&cid=10342&price=0&is_cpm=1&cpm=0.2475&ecpm=0.2475&crid=&crtid=8e4f323bf604fc61ecb4f0310da6d366&tcid=6353&out_id=1&ver=2.20.9&ver_c=&refdom=marith.xyz&hostname=auc-inpage-hz-4&site_id=316353&spot_id=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=2022-01-29&is_native=3&auction_queue=0&burl=http%3A%2F%2Ftcimp.zog.link%2Fin%2Fwin%3Fkatds_ep%3DcLQzlUSns9xRFgTixD2EGv2hb2vBt9kEJI5wgpIucvYxyReId7VftdgypRuoSoM4VSrFYrsFvoUIL4Y41CxOZeSmbXha2EN5olAsbM0NwjXKDjbJuYM6Tp4LEjTVbnKBbrJ1LZ95fCERMPcDg1ge-TdneMTnc8Paex4PcfeakhAUbhuc-d02Ze3SunI44KqgGDF42iKcETX-81Nbwa_I1DwZdo3qLpK_E8ehthpMTSpL61W-ruSfJbjdYmbWDrL5hfmzfn-d267lW7I2s6onxHhgF3FArqtREDNrNis7dTW3XW_SEYzgXLpt6hv7cEB9TBH0ZQ&pop_winurl=&ip=217.64.151.31&testab=0&px_id=316353&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=&pop_type=1&space_id=1546&url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp&cpa=2a9207b7-1a54-43da-89b2-484f50be3405&mlf=1&format=default-r-d&mlc=1 HTTP 302
https://static.bookmsg.com/creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp

Request Chain 14

https://puwpush.com/popunder/in/show/?mid=498098918&pid=0&site=native-push-adult&sc=SE&usage_type=DCH&subid=784638506&sid=983940115&cid=10555&price=0&is_cpm=1&cpm=0.2971&ecpm=0.2971&crid=&crtid=beafd1aa954d20e973500baa3fb59a15&tcid=6353&out_id=0&ver=2.20.9&ver_c=&refdom=marith.xyz&hostname=auc-inpage-hz-4&site_id=316353&spot_id=0&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=2022-01-29&is_native=3&auction_queue=0&burl=https%3A%2F%2Fi884.info%2Fnotify-rtb%3FsubId%3D2%26uuid%3Dc6674c50-4b77-4bc6-a271-8f14c87ba617&pop_winurl=&ip=217.64.151.31&testab=0&px_id=316353&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=&pop_type=1&space_id=1546&url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_2b05828f1853b06660d931ef6e0ed27f23543bcd_icon.webp&cpa=3b375b5b-52ab-4c19-abfd-bc076e3bb2ee&mlf=1&format=default-r-d HTTP 302
https://static.bookmsg.com/creatives/SG/SG_2b05828f1853b06660d931ef6e0ed27f23543bcd_icon.webp

13 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
marith.xyz/
Redirect Chain

http://marith.xyz/
https://marith.xyz/

21 KB
11 KB

192ms
118ms

Document
text/html

2606:4700:3035::6815:2145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://marith.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.8
Resource Hash: 44af8ef8dbc0c4ecb9569a88bdd714f34ec5d730ced897c87f073a314c12624d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 29 Jan 2022 01:46:10 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vfWBrM4byWN2Ov4sOkisXkBrLP15JlFH6oXELu6nUF4Mewa82Oc5ox5Tl6gT90lPAwLChHpfhlzaUd%2BQsP8g2tx8rZfdkCNxetWXvKZNbw50xNbF5WZndkxb%2BN%2FDqj57AHYbudWcw%2FFU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6d4ec90a1cf95a13-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date: Sat, 29 Jan 2022 01:46:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 29 Jan 2022 02:46:10 GMT
Location: https://marith.xyz/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TZZjNonGvoqfISrUkQAoT1cRXhpeDDxIcrhkDtRT3UowMxoA2m3oPUHGGydE6UZQtL5vBFxLN%2FQShf%2BOSklKyiZMM3RirIWMvaoVxc6mSbgBvcsy%2Faqkt0hXuew6dnMhDsV5IiYtdXpX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6d4ec90958de83ac-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 my3dsnbvgu5ha3ddf43domi Show response
network-site.xyz/code/ 14 KB
15 KB 97ms
33ms Script
application/javascript 165.22.198.175
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://network-site.xyz/code/my3dsnbvgu5ha3ddf43domi

Requested by

Host: marith.xyz
URL: https://marith.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.22.198.175 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

90fb6a091ccf65019431937fbae422f823a664304e8da1ce3cfdb7eea779c7d3

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 29 Jan 2022 01:46:11 GMT
server: nginx
content-security-policy: img-src https: data:; upgrade-insecure-requests
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=UTF-8

GET
H2 200 main.js Show response
sw.wpush.org/script/ 75 KB
25 KB 33ms
6ms Script
application/javascript 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://sw.wpush.org/script/main.js?promo=24303&tcid=6353&src=784638506
Requested by: Host: marith.xyz
URL: https://marith.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 638341870e326a881a8599ca76a53d916752f6d1170bd6f22236e5947eadedbf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 01:46:11 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 13:25:45 GMT
server: nginx/1.18.0
etag: W/"611d0a59-12a35"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 29 Jan 2022 02:46:11 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6d7a3c4abc9aeaa895a16fc1aa55b0acc107a183e815fac4d9415631e8349e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 npush.js Show response
js.wpushsdk.com/npc/sdk/wpu/ 91 KB
30 KB 29ms
7ms Script
application/javascript 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Requested by: Host: sw.wpush.org
URL: https://sw.wpush.org/script/main.js?promo=24303&tcid=6353&src=784638506
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 2e790a7264a6f4513f509764e1a64638c91961b8e58641e6260baa0c9e56990b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 01:46:11 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 09:32:34 GMT
server: nginx/1.18.0
etag: W/"61309a32-16a1b"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 29 Jan 2022 02:46:11 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 6353.php Show response
js.jnkstff.com/npc/anpc/ 130 B
339 B 48ms
7ms XHR
text/html 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jnkstff.com/npc/anpc/6353.php
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.16.1 / PHP/7.1.28
Resource Hash: 0b1cd689e19af8510babc1f044c468f6e178d637b160de038f4d3fc7348cfc2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 01:46:11 GMT
content-encoding: gzip
server: nginx/1.16.1
x-powered-by: PHP/7.1.28
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
expires: Sat, 29 Jan 2022 02:46:11 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 csub.js Show response
js.wpushsdk.com/npc/sdk/wpu/ 24 KB
6 KB 7ms
6ms Script
application/javascript 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpushsdk.com/npc/sdk/wpu/csub.js
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 192bad20a3c04a4374533f3ee81317bc64b7a2f10299cbced4d86fecac8eebb2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 01:46:11 GMT
content-encoding: gzip
last-modified: Mon, 24 Jan 2022 12:24:48 GMT
server: nginx/1.18.0
etag: W/"61ee9a90-6128"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sat, 29 Jan 2022 02:46:11 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 dip Show response
nereserv.com/in/ 0
193 B 50ms
11ms XHR
text/plain 168.119.25.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://nereserv.com/in/dip?wl=1&event_id=1d58d744-c73a-48e9-ba91-1f096c886312&subid=784638506&sid=983940115&spot_id=0&created_at=2022-01-29&timezone=0&ver=2.20.9&is_native=1&site=native-push
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 168.119.25.22 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.22.25.119.168.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jan 2022 01:46:11 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 0

GET
H2 200 multy Show response
ntvpinp.com/in/ 6 KB
6 KB 464ms
389ms XHR
application/json 168.119.25.22
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ntvpinp.com/in/multy?wl=1&event_id=1d58d744-c73a-48e9-ba91-1f096c886312&subid=784638506&sid=983940115&spot_id=0&created_at=2022-01-29&timezone=0&ver=2.20.9&is_native=1&cid=0&tcid=6353&site=native-push&screen_resolution=1600x1200&tw=0&format=default-r-d&adblock=0&testab=0
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 168.119.25.22 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.22.25.119.168.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: f5688e6b8a97d5f46b7ec10ee974b27a5718f1a0942ac79bc633f8ea9cc06bc9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jan 2022 01:46:11 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
content-type: application/json
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 6002

GET
H2 200 styles.css
js.wpushsdk.com/npc/sdk/push/ 2 KB
1 KB 7ms
6ms Stylesheet
text/css 45.133.44.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpushsdk.com/npc/sdk/push/styles.css
Requested by: Host: sw.wpush.org
URL: https://sw.wpush.org/script/main.js?promo=24303&tcid=6353&src=784638506
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 1530691d7096753c4a33ff3d11be983fbec896774cffe9a3555c2c81e6f18906

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 01:46:11 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 20:33:19 GMT
server: nginx/1.18.0
etag: W/"5f10b98f-843"
content-type: text/css
access-control-allow-origin: *
expires: Sat, 29 Jan 2022 02:46:11 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 subscription-offers
notification.tubecup.net/in/ 0
193 B 47ms
16ms Image
text/plain 88.198.136.234
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fmarith.xyz%2F&tcid=6353&spot_id=0&site=tcpublisher&source_id=784638506
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.198.136.234 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88-198-136-234.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 29 Jan 2022 01:46:11 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 0

GET
H2 200 SG_2b05828f1853b06660d931ef6e0ed27f23543bcd.webp
static.bookmsg.com/creatives/SG/ Frame 258F 2 KB
2 KB 44ms
9ms Image
image/webp 85.10.217.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/SG/SG_2b05828f1853b06660d931ef6e0ed27f23543bcd.webp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.10.217.30 Munich, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: 85-10-217-30.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: b99f00c37babd03643c50c3432678687a642153e0a8d57a19ebfd3bf90d6c03d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 01:46:11 GMT
last-modified: Mon, 30 Nov 2020 08:59:25 GMT
server: nginx/1.18.0
etag: "5fc4b46d-73a"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 1850

GET
H2

200

US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp
static.bookmsg.com/creatives/US/
Redirect Chain

https://puwpush.com/popunder/in/show/?mid=498098918&pid=0&site=native-push-adult&sc=SE&usage_type=DCH&subid=784638506&sid=983940115&cid=10342&price=0&is_cpm=1&cpm=0.2475&ecpm=0.2475&crid=&crtid=8e4...
https://static.bookmsg.com/creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp

578 B
734 B

9ms
9ms

Image
image/webp

85.10.217.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp
Protocol: H2
Server: 85.10.217.30 Munich, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: 85-10-217-30.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: 4e9ca917e9a46f53938c71b97d74f1b8f462a66d53252c8715c4e50bd89dfe34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://marith.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 01:46:11 GMT
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
server: nginx/1.18.0
etag: "5fbd178c-242"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 578

Redirect headers

pragma: no-cache
date: Sat, 29 Jan 2022 01:46:11 GMT
server: nginx/1.16.0
access-control-allow-origin: *
vary: Origin
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 0

GET
DATA 200
OK truncated
/ Frame 258F 692 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c55477bf59eb7492347a8ddf46d0c1fe1d5d3cae02d74e514cca631af3ef65f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 258F 862 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e1ca32c4b05ca52e5b8bd614b431294310129c02f7408808367d5d2b244ddb3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

SG_2b05828f1853b06660d931ef6e0ed27f23543bcd_icon.webp
static.bookmsg.com/creatives/SG/ Frame 258F
Redirect Chain

https://puwpush.com/popunder/in/show/?mid=498098918&pid=0&site=native-push-adult&sc=SE&usage_type=DCH&subid=784638506&sid=983940115&cid=10555&price=0&is_cpm=1&cpm=0.2971&ecpm=0.2971&crid=&crtid=bea...
https://static.bookmsg.com/creatives/SG/SG_2b05828f1853b06660d931ef6e0ed27f23543bcd_icon.webp

542 B
698 B

9ms
9ms

Image
image/webp

85.10.217.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/SG/SG_2b05828f1853b06660d931ef6e0ed27f23543bcd_icon.webp
Protocol: H2
Server: 85.10.217.30 Munich, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: 85-10-217-30.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: 6325c875f65edbb526bb04d5f0ef14ceeeaeec2991426ca1d62f8e9588dcca28

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 01:46:11 GMT
last-modified: Mon, 30 Nov 2020 08:59:25 GMT
server: nginx/1.18.0
etag: "5fc4b46d-21e"
content-type: image/webp
cache-control: public, max-age=315360000
accept-ranges: bytes
content-length: 542

Redirect headers

pragma: no-cache
date: Sat, 29 Jan 2022 01:46:11 GMT
server: nginx/1.16.0
access-control-allow-origin: *
vary: Origin
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/SG/SG_2b05828f1853b06660d931ef6e0ed27f23543bcd_icon.webp
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 0

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.network-site.xyz/	1970-01-20 01:13:32	Name: uuid Value: ed0f7f9a-698e-460a-a321-a2a5ebff7db9
			marith.xyz/	1970-01-20 01:56:44	Name: ab_referer Value: https%3A%2F%2Fmarith.xyz%2F

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	Message: The script has an unsupported MIME type ('text/html').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

js.jnkstff.com
js.wpushsdk.com
marith.xyz
nereserv.com
network-site.xyz
notification.tubecup.net
ntvpinp.com
puwpush.com
static.bookmsg.com
sw.wpush.org
165.22.198.175
168.119.25.22
2606:4700:3035::6815:2145
2a01:4f8:c0:2306::1
45.133.44.24
85.10.217.30
88.198.136.234
0b1cd689e19af8510babc1f044c468f6e178d637b160de038f4d3fc7348cfc2e
1530691d7096753c4a33ff3d11be983fbec896774cffe9a3555c2c81e6f18906
192bad20a3c04a4374533f3ee81317bc64b7a2f10299cbced4d86fecac8eebb2
1e1ca32c4b05ca52e5b8bd614b431294310129c02f7408808367d5d2b244ddb3
2e790a7264a6f4513f509764e1a64638c91961b8e58641e6260baa0c9e56990b
44af8ef8dbc0c4ecb9569a88bdd714f34ec5d730ced897c87f073a314c12624d
4e9ca917e9a46f53938c71b97d74f1b8f462a66d53252c8715c4e50bd89dfe34
6325c875f65edbb526bb04d5f0ef14ceeeaeec2991426ca1d62f8e9588dcca28
638341870e326a881a8599ca76a53d916752f6d1170bd6f22236e5947eadedbf
90fb6a091ccf65019431937fbae422f823a664304e8da1ce3cfdb7eea779c7d3
9c55477bf59eb7492347a8ddf46d0c1fe1d5d3cae02d74e514cca631af3ef65f
b6d7a3c4abc9aeaa895a16fc1aa55b0acc107a183e815fac4d9415631e8349e6
b99f00c37babd03643c50c3432678687a642153e0a8d57a19ebfd3bf90d6c03d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f5688e6b8a97d5f46b7ec10ee974b27a5718f1a0942ac79bc633f8ea9cc06bc9

marith.xyz Open in urlscan Pro 2606:4700:3035::6815:2145 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

85 %HTTPS

29 %IPv6

10 Domains

10 Subdomains

7 IPs

3 Countries

98 kBTransfer

242 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

marith.xyz Open in urlscan Pro
2606:4700:3035::6815:2145 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

29 %
IPv6

10
Domains

10
Subdomains

7
IPs

3
Countries

98 kB
Transfer

242 kB
Size

2
Cookies

13 HTTP transactions
3 data transactions