urlscan.io logo urlscan.io
SecurityTrails logo

wy.remockdazzle.com Open in urlscan Pro
212.117.186.4  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://washingtontelegraph2.xyz/event_bc2b7640-a8e5-00ac-5b76-b58144d5506d_7_0_2008?payload=jtdcjtiyacuymiuzqsuymnhtbc5yzxhzcnyu...
Effective URL: https://wy.remockdazzle.com/iXQzcryAbuoALrWqA/73828/?md=eyJ0dmMiOjAsImEiOjYxMjYsInMiOiIxNjAweDEyMDAiLCJiIjoiMTYwMHgxMjAwIiwi...
Submission: On May 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 17 domains to perform 21 HTTP transactions. The main IP is 212.117.186.4, located in Luxembourg, Luxembourg and belongs to SERVERS-COM, US. The main domain is wy.remockdazzle.com. The Cisco Umbrella rank of the primary domain is 365222.
TLS certificate: Issued by R3 on February 23rd 2024. Valid for: 3 months.
This is the only time wy.remockdazzle.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 7 173.214.240.15 15317 (SERVEREL-AS)
1 2a00:1450:400... 15169 (GOOGLE)
6 6 199.182.164.180 15317 (SERVEREL-AS)
2 2 2a02:b4a:1:8:... 39572 (ADVANCEDH...)
4 45.133.44.33 39572 (ADVANCEDH...)
2 2 178.63.248.53 24940 (HETZNER-AS)
2 88.198.55.100 24940 (HETZNER-AS)
2 5 104.19.129.76 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a02:b4a:1:8:... 39572 (ADVANCEDH...)
2 2 2600:9000:223... 16509 (AMAZON-02)
4 212.117.186.4 7979 (SERVERS-COM)
2 23.109.170.227 7979 (SERVERS-COM)
21 8
7    173.214.240.15 (United States)

ASN15317 (SERVEREL-AS, US)
PTR: 173.214.240.15.serverel.net
washingtontelegraph2.xyz
freetrckr.com
towerstop4.xyz
gamesspring4.xyz
1    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
6    199.182.164.180 (United States)

ASN15317 (SERVEREL-AS, US)
PTR: 180.164.182.199.serverel.net
xml.cpcmart.com
xml.pushking.net
xml.ppctraffic.co
2    2a02:b4a:1:8::9308:1 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
niaget.xyz
4    45.133.44.33 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
i.wmgtr.com
2    178.63.248.53 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: psh6.1push.io
g0-g3t-msg.net
2    88.198.55.100 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: cdn10.1push.io
cdn4image.com
5    104.19.129.76 (None, )

ASN13335 (CLOUDFLARENET, US)
c.mgid.com
s-img.mgid.com
2    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a02:b4a:1:8::9314:1 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
niaget.xyz
2    2600:9000:223e:de00:c:ec06:7100:93a1 (United States)

ASN16509 (AMAZON-02, US)
my.okueroskynt.com
4    212.117.186.4 (Luxembourg, Luxembourg)

ASN7979 (SERVERS-COM, US)
wy.remockdazzle.com
2    23.109.170.227 (Netherlands)

ASN7979 (SERVERS-COM, US)
swapsprediet.top
Apex Domain
Subdomains		 Transfer
5 mgid.com
c.mgid.com — Cisco Umbrella Rank: 6371
s-img.mgid.com — Cisco Umbrella Rank: 9345
55 KB
4 remockdazzle.com
wy.remockdazzle.com — Cisco Umbrella Rank: 365222
8 KB
4 wmgtr.com
i.wmgtr.com — Cisco Umbrella Rank: 25080
54 KB
4 towerstop4.xyz
towerstop4.xyz
3 KB
3 pushking.net
xml.pushking.net — Cisco Umbrella Rank: 81414
2 KB
3 niaget.xyz
niaget.xyz
470 B
2 swapsprediet.top
swapsprediet.top
677 B
2 okueroskynt.com
my.okueroskynt.com — Cisco Umbrella Rank: 604253
1 KB
2 gstatic.com
fonts.gstatic.com
31 KB
2 cdn4image.com
cdn4image.com — Cisco Umbrella Rank: 6763
18 KB
2 g0-g3t-msg.net
g0-g3t-msg.net — Cisco Umbrella Rank: 14596
1 KB
2 cpcmart.com
xml.cpcmart.com — Cisco Umbrella Rank: 950596
243 B
1 ppctraffic.co
xml.ppctraffic.co — Cisco Umbrella Rank: 906827
121 B
1 gamesspring4.xyz
gamesspring4.xyz
112 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
1 KB
1 freetrckr.com
freetrckr.com
337 B
1 washingtontelegraph2.xyz
washingtontelegraph2.xyz
120 B
21 17
Domain Requested by
4 wy.remockdazzle.com towerstop4.xyz
wy.remockdazzle.com
4 i.wmgtr.com towerstop4.xyz
4 towerstop4.xyz 1 redirects towerstop4.xyz
3 s-img.mgid.com towerstop4.xyz
3 xml.pushking.net 3 redirects
3 niaget.xyz 3 redirects
2 swapsprediet.top wy.remockdazzle.com
2 my.okueroskynt.com 2 redirects
2 fonts.gstatic.com fonts.googleapis.com
2 c.mgid.com 2 redirects
2 cdn4image.com towerstop4.xyz
2 g0-g3t-msg.net 2 redirects
2 xml.cpcmart.com 2 redirects
1 xml.ppctraffic.co 1 redirects
1 gamesspring4.xyz 1 redirects
1 fonts.googleapis.com towerstop4.xyz
1 freetrckr.com 1 redirects
1 washingtontelegraph2.xyz 1 redirects
21 18

This site contains no links.

Subject Issuer Validity Valid
homepig4.xyz
R3		 2024-04-08 -
2024-07-07		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
i.wmgtr.com
R3		 2024-04-20 -
2024-07-19		 3 months crt.sh
mgid.com
E1		 2024-03-10 -
2024-06-08		 3 months crt.sh
cdn4image.com
R3		 2024-03-17 -
2024-06-15		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
wy.remockdazzle.com
R3		 2024-02-23 -
2024-05-23		 3 months crt.sh
swapsprediet.top
R3		 2024-04-30 -
2024-07-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://wy.remockdazzle.com/iXQzcryAbuoALrWqA/73828/?md=eyJ0dmMiOjAsImEiOjYxMjYsInMiOiIxNjAweDEyMDAiLCJiIjoiMTYwMHgxMjAwIiwiciI6IiIsInEiOiJodHRwczovL3d5LnJlbW9ja2RhenpsZS5jb20vaWxwanNEZ0NIalBrNWFvL21qd0dXP3BhcmFtXzQ9NDk3MjQ4JnBhcmFtXzU9d2tiMG5wMXRsNHJ2ajgwMWppc3JuNTk0IiwiaCI6NTA2OCwibCI6ImRlLURFIiwidCI6LTEyMCwieiI6NTg4MSwiayI6MCwidSI6IjY3N2FiMGMwZDUyMmI4NDk0ZDE2MDgiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiJub3QgaW4gaWZyYW1lIiwiZSI6IjlxejduZmdhNXJsYm1payIsIm8iOnRydWUsIm0iOjE3MTQ2MDgwNjU2NTMsInRzIjowLCJwciI6MSwiZG0iOjgsImhjIjoxNywiYmwiOjEsImJjIjoyLCJ2diI6IkludGVsIEluYy4iLCJ2ciI6IkludGVsIElyaXMgT3BlbkdMIEVuZ2luZSIsImFjIjowLCJjdCI6InVua25vd24iLCJjZXQiOiI0ZyIsImNkbG0iOi0xLCJjZGwiOjEwLCJjcnR0IjowLCJ0bXMiOjEsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkifQ&pdc=7jW3xZ8qkmLvV3EyF1KRnbdjuP1FQbgvprn0PWbe2IQ&param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
Frame ID: 74FA86D42528182D608A262B1FBF76B8
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://washingtontelegraph2.xyz/event_bc2b7640-a8e5-00ac-5b76-b58144d5506d_7_0_2008?payload=jtdcjtiyacuymiuz... HTTP 307
    https://washingtontelegraph2.xyz/event_bc2b7640-a8e5-00ac-5b76-b58144d5506d_7_0_2008?payload=jtdcjtiyacuymiuz... HTTP 302
    https://freetrckr.com/bid?id=2000&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=0&ch=1 HTTP 302
    https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJT... Page URL
  2. https://xml.cpcmart.com/click?s=1&tid=337&sid=9488db0efbfe99179eda04261fbc13c4&rnd=403341442 HTTP 302
    https://niaget.xyz/dsp/ph/clcm?aid=12073690874328402030&mid=0&t=1714608062&s=1054234&sid=212 HTTP 302
    https://my.okueroskynt.com/a1532d5a-0649-4f9a-8910-48b1a86fecc3?source_id=497248&reason_id=dch&format=p... HTTP 307
    https://my.okueroskynt.com/a1532d5a-0649-4f9a-8910-48b1a86fecc3/2?source_id=497248&reason_id=dch&format... HTTP 302
    https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594 Page URL
  3. https://wy.remockdazzle.com/iXQzcryAbuoALrWqA/73828/?md=eyJ0dmMiOjAsImEiOjYxMjYsInMiOiIxNjAweDEyMDAiLCJi... Page URL

Page Statistics

21
Requests

76 %
HTTPS

38 %
IPv6

17
Domains

18
Subdomains

8
IPs

5
Countries

169 kB
Transfer

208 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://washingtontelegraph2.xyz/event_bc2b7640-a8e5-00ac-5b76-b58144d5506d_7_0_2008?payload=jtdcjtiyacuymiuzqsuymnhtbc5yzxhzcnyuy29tjtiyjtjdjtiydsuymiuzqsu1qiuymjq2ny0zm2fjmwrmzdeyytzmogzlotnlmtdjmtjkmzdhndnjzc0zodi1ltaumdawndy5jtiyjtjdjtiyndy3lwuzzgjkzmqyztcxmtk3zgrkmzg5zju3y...~311~...yndbvzwrfcmv4x2f1jtiyjtde&if=1 HTTP 307
    https://washingtontelegraph2.xyz/event_bc2b7640-a8e5-00ac-5b76-b58144d5506d_7_0_2008?payload=jtdcjtiyacuymiuzqsuymnhtbc5yzxhzcnyuy29tjtiyjtjdjtiydsuymiuzqsu1qiuymjq2ny0zm2fjmwrmzdeyytzmogzlotnlmtdjmtjkmzdhndnjzc0zodi1ltaumdawndy5jtiyjtjdjtiyndy3lwuzzgjkzmqyztcxmtk3zgrkmzg5zju3y...~311~...yndbvzwrfcmv4x2f1jtiyjtde&if=1 HTTP 302
    https://freetrckr.com/bid?id=2000&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=0&ch=1 HTTP 302
    https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D Page URL
  2. https://xml.cpcmart.com/click?s=1&tid=337&sid=9488db0efbfe99179eda04261fbc13c4&rnd=403341442 HTTP 302
    https://niaget.xyz/dsp/ph/clcm?aid=12073690874328402030&mid=0&t=1714608062&s=1054234&sid=212 HTTP 302
    https://my.okueroskynt.com/a1532d5a-0649-4f9a-8910-48b1a86fecc3?source_id=497248&reason_id=dch&format=push&zone_id=212&browser=Chrome&country=DE&mode=dsp HTTP 307
    https://my.okueroskynt.com/a1532d5a-0649-4f9a-8910-48b1a86fecc3/2?source_id=497248&reason_id=dch&format=push&zone_id=212&browser=Chrome&country=DE&mode=dsp HTTP 302
    https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594 Page URL
  3. https://wy.remockdazzle.com/iXQzcryAbuoALrWqA/73828/?md=eyJ0dmMiOjAsImEiOjYxMjYsInMiOiIxNjAweDEyMDAiLCJiIjoiMTYwMHgxMjAwIiwiciI6IiIsInEiOiJodHRwczovL3d5LnJlbW9ja2RhenpsZS5jb20vaWxwanNEZ0NIalBrNWFvL21qd0dXP3BhcmFtXzQ9NDk3MjQ4JnBhcmFtXzU9d2tiMG5wMXRsNHJ2ajgwMWppc3JuNTk0IiwiaCI6NTA2OCwibCI6ImRlLURFIiwidCI6LTEyMCwieiI6NTg4MSwiayI6MCwidSI6IjY3N2FiMGMwZDUyMmI4NDk0ZDE2MDgiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiJub3QgaW4gaWZyYW1lIiwiZSI6IjlxejduZmdhNXJsYm1payIsIm8iOnRydWUsIm0iOjE3MTQ2MDgwNjU2NTMsInRzIjowLCJwciI6MSwiZG0iOjgsImhjIjoxNywiYmwiOjEsImJjIjoyLCJ2diI6IkludGVsIEluYy4iLCJ2ciI6IkludGVsIElyaXMgT3BlbkdMIEVuZ2luZSIsImFjIjowLCJjdCI6InVua25vd24iLCJjZXQiOiI0ZyIsImNkbG0iOi0xLCJjZGwiOjEwLCJjcnR0IjowLCJ0bXMiOjEsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkifQ&pdc=7jW3xZ8qkmLvV3EyF1KRnbdjuP1FQbgvprn0PWbe2IQ&param_4=497248&param_5=wkb0np1tl4rvj801jisrn594 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://washingtontelegraph2.xyz/event_bc2b7640-a8e5-00ac-5b76-b58144d5506d_7_0_2008?payload=jtdcjtiyacuymiuzqsuymnhtbc5yzxhzcnyuy29tjtiyjtjdjtiydsuymiuzqsu1qiuymjq2ny0zm2fjmwrmzdeyytzmogzlotnlmtdjmtjkmzdhndnjzc0zodi1ltaumdawndy5jtiyjtjdjtiyndy3lwuzzgjkzmqyztcxmtk3zgrkmzg5zju3y...~311~...yndbvzwrfcmv4x2f1jtiyjtde&if=1 HTTP 307
  • https://washingtontelegraph2.xyz/event_bc2b7640-a8e5-00ac-5b76-b58144d5506d_7_0_2008?payload=jtdcjtiyacuymiuzqsuymnhtbc5yzxhzcnyuy29tjtiyjtjdjtiydsuymiuzqsu1qiuymjq2ny0zm2fjmwrmzdeyytzmogzlotnlmtdjmtjkmzdhndnjzc0zodi1ltaumdawndy5jtiyjtjdjtiyndy3lwuzzgjkzmqyztcxmtk3zgrkmzg5zju3y...~311~...yndbvzwrfcmv4x2f1jtiyjtde&if=1 HTTP 302
  • https://freetrckr.com/bid?id=2000&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=0&ch=1 HTTP 302
  • https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Request Chain 2
  • https://towerstop4.xyz/event_9199d964-05d5-18e4-3b02-846805ac7183_5_2470_2000?payload=aHR0cHMlM0ElMkYlMkZ4bWwuY3BjbWFydC5jb20lMkZpY29uJTNGc2lkJTNEOTQ4OGRiMGVmYmZlOTkxNzllZGEwNDI2MWZiYzEzYzQlMjZybmQlM0Q5ODMwNzE0NjM%3D&t=1714608062905&rnd=931186932&i=1 HTTP 302
  • https://xml.cpcmart.com/icon?sid=9488db0efbfe99179eda04261fbc13c4&rnd=983071463 HTTP 302
  • https://niaget.xyz/dsp/ph/icm?aid=12073690874328402030&mid=0&sid=212&t=1714608062&subid=497248 HTTP 302
  • https://i.wmgtr.com/cic/ro-l3vLkHUZBrNFQep11PEhFdWCDcDG8.png
Request Chain 3
  • https://gamesspring4.xyz/event_9199d964-05d5-18e4-3b02-846805ac7183_101_2177_2000?payload=aHR0cHMlM0ElMkYlMkZ4bWwucHVzaGtpbmcubmV0JTJGaWNvbiUzRnNpZCUzRDljOTE5MzEwMjdjNDIwMzliN2YxZDM2MmRjY2MwODUxJTI2cm5kJTNENTEzMjA3MDkw&t=1714608062905&rnd=526537516&i=1 HTTP 302
  • https://xml.pushking.net/icon?sid=9c91931027c42039b7f1d362dccc0851&rnd=513207090 HTTP 302
  • https://g0-g3t-msg.net/icn/KaVy9PilJLPIXs9VpwSFdFYEcIeW1HNKbXlH9xbblyB9xFmD0zvIp7sKwQYxk_-CnKMqYCRuprGKzyXJd01cri9yk-4VCDu_xl4E8Ji0fxcOPna5ZBV6-2bZgRPGBmkjIwXZfnDQ_oagcUvH2_SgGggbfugnvGz0oq24jmdbM37uGLapy3QCtn3zGI-5HVfFJSaWeshVynQIepkEmfkA5pbIKI8_dKNx5ZrIr-2-w-0ulWc4Ag99lAbj-V2u1XDJK-exWvDfD77orSKo49BYexKEKVxemZBor0ioTe0FrCe9b9Xsche_7R9YYN4g66-S4Qr92c8zT5JQcn6JWpKszWfIbrYIzlZxnQC4kgNes2NyU8NoqeDY3QQjVFmyynl6tjgfH_6tBOeqBHzIdDzgIF8ap4HUbmUKjyf4MfgvediMKzGTIwca_hpJaKC6tDJAJ9Fq_CI1VsXQgXHSYLHvYL_jmQsGkRyJRIYSYhsJ6JGAWrGXp8HQLrYQP-eH3Y10haqHXv5gSV1MgFPfCLGV2Pazwli6RQQWnD7QjSnhlFBUeR2xpPoCcLfTL8DT-fsB2F-ISCi5jZH06NxTmkQ7XIDvclFAjveLsOEc_t05y3q4pa9y HTTP 307
  • https://g0-g3t-msg.net/icn/KaVy9PilJLPIXs9VpwSFdFYEcIeW1HNKbXlH9xbblyB9xFmD0zvIp7sKwQYxk_-CnKMqYCRuprGKzyXJd01cri9yk-4VCDu_xl4E8Ji0fxcOPna5ZBV6-2bZgRPGBmkjIwXZfnDQ_oagcUvH2_SgGggbfugnvGz0oq24jmdbM37uGLapy3QCtn3zGI-5HVfFJSaWeshVynQIepkEmfkA5pbIKI8_dKNx5ZrIr-2-w-0ulWc4Ag99lAbj-V2u1XDJK-exWvDfD77orSKo49BYexKEKVxemZBor0ioTe0FrCe9b9Xsche_7R9YYN4g66-S4Qr92c8zT5JQcn6JWpKszWfIbrYIzlZxnQC4kgNes2NyU8NoqeDY3QQjVFmyynl6tjgfH_6tBOeqBHzIdDzgIF8ap4HUbmUKjyf4MfgvediMKzGTIwca_hpJaKC6tDJAJ9Fq_CI1VsXQgXHSYLHvYL_jmQsGkRyJRIYSYhsJ6JGAWrGXp8HQLrYQP-eH3Y10haqHXv5gSV1MgFPfCLGV2Pazwli6RQQWnD7QjSnhlFBUeR2xpPoCcLfTL8DT-fsB2F-ISCi5jZH06NxTmkQ7XIDvclFAjveLsOEc_t05y3q4pa9y?wch=6632d7bf HTTP 301
  • https://cdn4image.com/crlib/a8f4/ba/50f621d33aeb664eaa06199cb6_icon.webp
Request Chain 5
  • https://xml.pushking.net/icon?sid=1d6f992946b63e6bfcaeb70d394d66c1&rnd=513207090 HTTP 302
  • https://c.mgid.com/c?pv=2&v=0|0|0|FCZd6TEVXKIP1YXsiiWa3bMM5fDFvxo-7eDriNCb0oTNSe_RKJw7FGYIDEFp9DXlT7Yjim-xUWGVXYTAlDWdupRCjJeBnd71pUaTFV1rmoU*&cid=1581047&f=1&h2=vlJ0RdnMYFlD0pCQy6adPr34VSSXngwQxw0sa3waNFuj1nvnkZoft55UIPsv-QNw&rid=103b8084-0817-11ef-a8d3-c84bd68370c0&psid=880450&iub=aHR0cHM6Ly9zLWltZy5tZ2lkLmNvbS9nLzE4OTI0Mzg5LzMyOHgzMjgvLS9hSFIwY0RvdkwyTnNMbWx0WjJodmMzUnpMbU52YlM5cGJXZG9MMmx0WVdkbEwyWmxkR05vTDJGeVh6RTZNU3hqWDJacGJHd3NaVjl6YUdGeWNHVnVPakV3TUN4bVgycHdaeXhuWDNoNVgyTmxiblJsY2l4eFgyRjFkRzg2WjI5dlpDeDNYemsyTUN4NFh6UXhOU3g1WHpJMU15OW9kSFJ3T2k4dmFXMW5hRzl6ZEhNdVkyOXRMM1F2TWpBeU5DMHdNeTgzTVRrMk56TXZOVGs1WVdVNE1UY3lZMlZoT1dRNFlqVTFPREV5WmpZek5XUmpNalUyTWpndWFuQm4ud2VicD92PTE3MTQ2MDgwNjIteV9HTUVvNVNFcWJ6Y2tiRVBhME9TYmhrcTZuMWVXQUdKemZnSS1kci02TQ== HTTP 301
  • https://s-img.mgid.com/g/18924389/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1My9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyNC0wMy83MTk2NzMvNTk5YWU4MTcyY2VhOWQ4YjU1ODEyZjYzNWRjMjU2MjguanBn.webp?v=1714608062-y_GMEo5SEqbzckbEPa0OSbhkq6n1eWAGJzfgI-dr-6M
Request Chain 7
  • https://xml.pushking.net/icon?sid=a0e6ce32c35086dae1ddb9dfbbb3e8a5&rnd=513207090 HTTP 302
  • https://c.mgid.com/c?pv=2&v=0|0|0|FCZd6TEVXKIP1YXsiiWa3dGivNTFe4mU-_Ty9bc5tAtdoTxMSo8tDJ1t3dnDqn2ST7Yjim-xUWGVXYTAlDWduvRvW7Mg3JveXrdgoI2xEb8*&cid=1423484&f=1&h2=vlJ0RdnMYFlD0pCQy6adPr34VSSXngwQxw0sa3waNFv6mDCoxoPPqZrNI72vn8Jc&rid=103b5d3a-0817-11ef-8988-c84bd6836428&psid=880450&iub=aHR0cHM6Ly9zLWltZy5tZ2lkLmNvbS9nLzE4OTI0Mzg5LzMyOHgzMjgvLS9hSFIwY0RvdkwyTnNMbWx0WjJodmMzUnpMbU52YlM5cGJXZG9MMmx0WVdkbEwyWmxkR05vTDJGeVh6RTZNU3hqWDJacGJHd3NaVjl6YUdGeWNHVnVPakV3TUN4bVgycHdaeXhuWDNoNVgyTmxiblJsY2l4eFgyRjFkRzg2WjI5dlpDeDNYemsyTUN4NFh6UXhOU3g1WHpJMU15OW9kSFJ3T2k4dmFXMW5hRzl6ZEhNdVkyOXRMM1F2TWpBeU5DMHdNeTgzTVRrMk56TXZOVGs1WVdVNE1UY3lZMlZoT1dRNFlqVTFPREV5WmpZek5XUmpNalUyTWpndWFuQm4ud2VicD92PTE3MTQ2MDgwNjIteV9HTUVvNVNFcWJ6Y2tiRVBhME9TYmhrcTZuMWVXQUdKemZnSS1kci02TQ== HTTP 301
  • https://s-img.mgid.com/g/18924389/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1My9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyNC0wMy83MTk2NzMvNTk5YWU4MTcyY2VhOWQ4YjU1ODEyZjYzNWRjMjU2MjguanBn.webp?v=1714608062-y_GMEo5SEqbzckbEPa0OSbhkq6n1eWAGJzfgI-dr-6M
Request Chain 9
  • https://xml.ppctraffic.co/icon?sid=b7a6e4612767ec0758365f0872173df7&rnd=859530774 HTTP 302
  • https://niaget.xyz/dsp/ph/icm?aid=540649172823918688&mid=0&sid=212&t=1714608062&subid=600580 HTTP 302
  • https://i.wmgtr.com/cic/o3I8cL6SJapQCB3EMZCRH_G6ZwxYTN9A.png
Request Chain 15
  • https://xml.cpcmart.com/click?s=1&tid=337&sid=9488db0efbfe99179eda04261fbc13c4&rnd=403341442 HTTP 302
  • https://niaget.xyz/dsp/ph/clcm?aid=12073690874328402030&mid=0&t=1714608062&s=1054234&sid=212 HTTP 302
  • https://my.okueroskynt.com/a1532d5a-0649-4f9a-8910-48b1a86fecc3?source_id=497248&reason_id=dch&format=push&zone_id=212&browser=Chrome&country=DE&mode=dsp HTTP 307
  • https://my.okueroskynt.com/a1532d5a-0649-4f9a-8910-48b1a86fecc3/2?source_id=497248&reason_id=dch&format=push&zone_id=212&browser=Chrome&country=DE&mode=dsp HTTP 302
  • https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js
towerstop4.xyz/
Redirect Chain
  • http://washingtontelegraph2.xyz/event_bc2b7640-a8e5-00ac-5b76-b58144d5506d_7_0_2008?payload=jtdcjtiyacuymiuzqsuymnhtbc5yzxhzcnyuy29tjtiyjtjdjtiydsuymiuzqsu1qiuymjq2ny0zm2fjmwrmzdeyytzmogzlotnlmtdjm...
  • https://washingtontelegraph2.xyz/event_bc2b7640-a8e5-00ac-5b76-b58144d5506d_7_0_2008?payload=jtdcjtiyacuymiuzqsuymnhtbc5yzxhzcnyuy29tjtiyjtjdjtiydsuymiuzqsu1qiuymjq2ny0zm2fjmwrmzdeyytzmogzlotnlmtdj...
  • https://freetrckr.com/bid?id=2000&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=0&ch=1
  • https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
173.214.240.15 , United States, ASN15317 (SERVEREL-AS, US),
Reverse DNS
173.214.240.15.serverel.net
Software
nginx /
Resource Hash
6b35f43a65a915a82eb020a5a39743aabf0987b27cac5e32124381c78aabf2bf

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html
date
Thu, 02 May 2024 00:01:02 GMT
server
nginx

Redirect headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-WoW64, Sec-CH-UA-Bitness, Sec-CH-UA-Model
date
Thu, 02 May 2024 00:01:02 GMT
location
https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
server
nginx
css
fonts.googleapis.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aaf2f58682f990cd6895432eeb0e77ef17a2a17c797d38838520c9d87a220b66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://towerstop4.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 02 May 2024 00:01:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 01 May 2024 22:30:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 02 May 2024 00:01:03 GMT
ro-l3vLkHUZBrNFQep11PEhFdWCDcDG8.png
i.wmgtr.com/cic/
Redirect Chain
  • https://towerstop4.xyz/event_9199d964-05d5-18e4-3b02-846805ac7183_5_2470_2000?payload=aHR0cHMlM0ElMkYlMkZ4bWwuY3BjbWFydC5jb20lMkZpY29uJTNGc2lkJTNEOTQ4OGRiMGVmYmZlOTkxNzllZGEwNDI2MWZiYzEzYzQlMjZybmQ...
  • https://xml.cpcmart.com/icon?sid=9488db0efbfe99179eda04261fbc13c4&rnd=983071463
  • https://niaget.xyz/dsp/ph/icm?aid=12073690874328402030&mid=0&sid=212&t=1714608062&subid=497248
  • https://i.wmgtr.com/cic/ro-l3vLkHUZBrNFQep11PEhFdWCDcDG8.png
19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.wmgtr.com/cic/ro-l3vLkHUZBrNFQep11PEhFdWCDcDG8.png
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H2
Server
45.133.44.33 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
088fdc0e75285ef42652c5d6fe08dab857e12ced28a4f06a7e1d132abb69e5ad
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://towerstop4.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

expires
Thu, 02 May 2024 23:01:03 GMT
date
Thu, 02 May 2024 00:01:03 GMT
content-encoding
gzip
server
nginx/1.19.0
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=82800
x-content-type-option
nosniff
x-xss-protection
1; mode=block
x-proxy-cache
HIT

Redirect headers

location
https://i.wmgtr.com/cic/ro-l3vLkHUZBrNFQep11PEhFdWCDcDG8.png
date
Thu, 02 May 2024 00:01:03 GMT
accept-ch
Sec-CH-UA-Platform-Version
server
nginx/1.18.0
content-length
0
50f621d33aeb664eaa06199cb6_icon.webp
cdn4image.com/crlib/a8f4/ba/
Redirect Chain
  • https://gamesspring4.xyz/event_9199d964-05d5-18e4-3b02-846805ac7183_101_2177_2000?payload=aHR0cHMlM0ElMkYlMkZ4bWwucHVzaGtpbmcubmV0JTJGaWNvbiUzRnNpZCUzRDljOTE5MzEwMjdjNDIwMzliN2YxZDM2MmRjY2MwODUxJTI...
  • https://xml.pushking.net/icon?sid=9c91931027c42039b7f1d362dccc0851&rnd=513207090
  • https://g0-g3t-msg.net/icn/KaVy9PilJLPIXs9VpwSFdFYEcIeW1HNKbXlH9xbblyB9xFmD0zvIp7sKwQYxk_-CnKMqYCRuprGKzyXJd01cri9yk-4VCDu_xl4E8Ji0fxcOPna5ZBV6-2bZgRPGBmkjIwXZfnDQ_oagcUvH2_SgGggbfugnvGz0oq24jmdbM3...
  • https://g0-g3t-msg.net/icn/KaVy9PilJLPIXs9VpwSFdFYEcIeW1HNKbXlH9xbblyB9xFmD0zvIp7sKwQYxk_-CnKMqYCRuprGKzyXJd01cri9yk-4VCDu_xl4E8Ji0fxcOPna5ZBV6-2bZgRPGBmkjIwXZfnDQ_oagcUvH2_SgGggbfugnvGz0oq24jmdbM3...
  • https://cdn4image.com/crlib/a8f4/ba/50f621d33aeb664eaa06199cb6_icon.webp
3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn4image.com/crlib/a8f4/ba/50f621d33aeb664eaa06199cb6_icon.webp
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H2
Server
88.198.55.100 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cdn10.1push.io
Software
nginx /
Resource Hash
9d922dde540face183df1aedc617e63c1eaecdfbab3000401599d506fa23bc48
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Thu, 02 May 2024 00:01:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 26 Feb 2024 00:00:49 GMT
server
nginx
x-amz-request-id
17CB82D58B3DA48D
etag
"a8f4ba50f621d33aeb664eaa06199cb6"
vary
Origin, Accept-Encoding
content-type
image/webp
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
2942
x-amz-id-2
85ebb05efe78391063ac513f717094331d4795ed1eae884c17cb828cd91dbfae
x-xss-protection
1; mode=block
expires
Thu, 09 May 2024 00:01:03 GMT

Redirect headers

location
https://cdn4image.com/crlib/a8f4/ba/50f621d33aeb664eaa06199cb6_icon.webp
date
Thu, 02 May 2024 00:01:03 GMT
referrer-policy
no-referrer
accept-ch
Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
server
Angie
content-length
0
EvEw7U-ynNK_ZNpuj-kq5Oh_oU0qz210.png
i.wmgtr.com/cim/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.wmgtr.com/cim/EvEw7U-ynNK_ZNpuj-kq5Oh_oU0qz210.png
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.33 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
09b6eef900c7a8e24be9cc14b88713900d71a2d45687f788ef2075536703d0ae
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://towerstop4.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 02 May 2024 23:01:03 GMT
date
Thu, 02 May 2024 00:01:03 GMT
content-encoding
gzip
server
nginx/1.19.0
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=82800
x-content-type-option
nosniff
x-xss-protection
1; mode=block
x-proxy-cache
HIT
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1My9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyNC0wMy83M...
s-img.mgid.com/g/18924389/328x328/-/
Redirect Chain
  • https://xml.pushking.net/icon?sid=1d6f992946b63e6bfcaeb70d394d66c1&rnd=513207090
  • https://c.mgid.com/c?pv=2&v=0|0|0|FCZd6TEVXKIP1YXsiiWa3bMM5fDFvxo-7eDriNCb0oTNSe_RKJw7FGYIDEFp9DXlT7Yjim-xUWGVXYTAlDWdupRCjJeBnd71pUaTFV1rmoU*&cid=1581047&f=1&h2=vlJ0RdnMYFlD0pCQy6adPr34VSSXngwQxw0...
  • https://s-img.mgid.com/g/18924389/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1M...
28 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/18924389/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1My9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyNC0wMy83MTk2NzMvNTk5YWU4MTcyY2VhOWQ4YjU1ODEyZjYzNWRjMjU2MjguanBn.webp?v=1714608062-y_GMEo5SEqbzckbEPa0OSbhkq6n1eWAGJzfgI-dr-6M
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H3
Server
104.19.129.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b9858e7f5ba1c0d910a2d38826342a3a93801bb3bdf7c215ccee5e809ed0518

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://towerstop4.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Thu, 02 May 2024 00:01:03 GMT
cf-cache-status
HIT
last-modified
Mon, 18 Mar 2024 19:46:40 GMT
x-mg-request-uuid
615eac39-5708-4cbf-a1f5-caac7f3614dd
server
cloudflare
age
3339660
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
87d3bc0cfa032bf8-FRA
content-length
28560
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Thu, 02 May 2024 00:01:03 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-mg-request-uuid
dd1451fd-6b84-4340-bb4c-2298a9b1a488
server
cloudflare
location
https://s-img.mgid.com/g/18924389/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1My9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyNC0wMy83MTk2NzMvNTk5YWU4MTcyY2VhOWQ4YjU1ODEyZjYzNWRjMjU2MjguanBn.webp?v=1714608062-y_GMEo5SEqbzckbEPa0OSbhkq6n1eWAGJzfgI-dr-6M
cf-ray
87d3bc0cd9ee2bf8-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzI6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3XzEwMjAseF80MTUseV8yNTMvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjQtMDMvN...
s-img.mgid.com/g/18924389/453x227/-/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/18924389/453x227/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzI6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3XzEwMjAseF80MTUseV8yNTMvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjQtMDMvNzE5NjczLzU5OWFlODE3MmNlYTlkOGI1NTgxMmY2MzVkYzI1NjI4LmpwZw.webp?v=1714608062-OQQU-ScHcAALpmjxOPVNJbs027K5q0_-9pBFdJusVmY
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.129.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5d75a5666973cc4b9c4eca95b9eea032c972315910436bda3ab0ea25fe724b3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://towerstop4.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 00:01:03 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
x-mg-request-uuid
a6bd9753-495a-4737-936f-b8aed6727844
age
3816863
alt-svc
h3=":443"; ma=86400
content-length
25516
last-modified
Mon, 18 Mar 2024 19:46:40 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
87d3bc0a08be2bf8-FRA
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1My9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyNC0wMy83M...
s-img.mgid.com/g/18924389/328x328/-/
Redirect Chain
  • https://xml.pushking.net/icon?sid=a0e6ce32c35086dae1ddb9dfbbb3e8a5&rnd=513207090
  • https://c.mgid.com/c?pv=2&v=0|0|0|FCZd6TEVXKIP1YXsiiWa3dGivNTFe4mU-_Ty9bc5tAtdoTxMSo8tDJ1t3dnDqn2ST7Yjim-xUWGVXYTAlDWduvRvW7Mg3JveXrdgoI2xEb8*&cid=1423484&f=1&h2=vlJ0RdnMYFlD0pCQy6adPr34VSSXngwQxw0...
  • https://s-img.mgid.com/g/18924389/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1M...
28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/18924389/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1My9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyNC0wMy83MTk2NzMvNTk5YWU4MTcyY2VhOWQ4YjU1ODEyZjYzNWRjMjU2MjguanBn.webp?v=1714608062-y_GMEo5SEqbzckbEPa0OSbhkq6n1eWAGJzfgI-dr-6M
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H3
Server
104.19.129.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b9858e7f5ba1c0d910a2d38826342a3a93801bb3bdf7c215ccee5e809ed0518
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://towerstop4.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Thu, 02 May 2024 00:01:03 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
x-mg-request-uuid
615eac39-5708-4cbf-a1f5-caac7f3614dd
age
3339660
alt-svc
h3=":443"; ma=86400
content-length
28560
last-modified
Mon, 18 Mar 2024 19:46:40 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
cf-ray
87d3bc0cfa032bf8-FRA

Redirect headers

date
Thu, 02 May 2024 00:01:03 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-mg-request-uuid
3c18f033-88a9-41be-9b2e-ce3aee29dde5
server
cloudflare
location
https://s-img.mgid.com/g/18924389/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3Xzk2MCx4XzQxNSx5XzI1My9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyNC0wMy83MTk2NzMvNTk5YWU4MTcyY2VhOWQ4YjU1ODEyZjYzNWRjMjU2MjguanBn.webp?v=1714608062-y_GMEo5SEqbzckbEPa0OSbhkq6n1eWAGJzfgI-dr-6M
cf-ray
87d3bc0cd9f02bf8-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
d8257d547a143fac4be263c46e_image.webp
cdn4image.com/crlib/3d37/37/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn4image.com/crlib/3d37/37/d8257d547a143fac4be263c46e_image.webp
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.198.55.100 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cdn10.1push.io
Software
nginx /
Resource Hash
964f0c79be3abcc1f43fe9d1e8a323fba9198aaa07baf0ec937651957217643d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://towerstop4.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 00:01:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 27 Jun 2023 10:00:21 GMT
server
nginx
x-amz-request-id
17CB8035BFDDE13B
etag
"3d3737d8257d547a143fac4be263c46e"
vary
Origin, Accept-Encoding
content-type
image/webp
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
14204
x-amz-id-2
40a43d2c9d2b6d319ebefd93964ade5bec11229f915b93e85e9be7e90beb3b47
x-xss-protection
1; mode=block
expires
Thu, 09 May 2024 00:01:03 GMT
o3I8cL6SJapQCB3EMZCRH_G6ZwxYTN9A.png
i.wmgtr.com/cic/
Redirect Chain
  • https://xml.ppctraffic.co/icon?sid=b7a6e4612767ec0758365f0872173df7&rnd=859530774
  • https://niaget.xyz/dsp/ph/icm?aid=540649172823918688&mid=0&sid=212&t=1714608062&subid=600580
  • https://i.wmgtr.com/cic/o3I8cL6SJapQCB3EMZCRH_G6ZwxYTN9A.png
21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.wmgtr.com/cic/o3I8cL6SJapQCB3EMZCRH_G6ZwxYTN9A.png
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H2
Server
45.133.44.33 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
b42b0f659f2f8919dd8f2454164894c640aba98cfd4e81367815bdec226ae21c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://towerstop4.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

expires
Thu, 02 May 2024 23:01:03 GMT
date
Thu, 02 May 2024 00:01:03 GMT
content-encoding
gzip
server
nginx/1.19.0
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=82800
x-content-type-option
nosniff
x-xss-protection
1; mode=block
x-proxy-cache
HIT

Redirect headers

location
https://i.wmgtr.com/cic/o3I8cL6SJapQCB3EMZCRH_G6ZwxYTN9A.png
date
Thu, 02 May 2024 00:01:03 GMT
accept-ch
Sec-CH-UA-Platform-Version
server
nginx/1.18.0
content-length
0
4oQ3Um7LUyarUjD2cpjJmQLuTtgjcvYz.png
i.wmgtr.com/cim/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.wmgtr.com/cim/4oQ3Um7LUyarUjD2cpjJmQLuTtgjcvYz.png
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.33 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
6bd9cd7785446537c145de6313a125d7c728bfd9add3f1628e547ad167cdb558
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://towerstop4.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 02 May 2024 23:01:03 GMT
date
Thu, 02 May 2024 00:01:03 GMT
content-encoding
gzip
server
nginx/1.19.0
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=82800
x-content-type-option
nosniff
x-xss-protection
1; mode=block
x-proxy-cache
HIT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://towerstop4.xyz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 27 Apr 2024 00:45:23 GMT
x-content-type-options
nosniff
age
429340
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 27 Apr 2025 00:45:23 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://towerstop4.xyz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 13:27:43 GMT
x-content-type-options
nosniff
age
124400
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Apr 2025 13:27:43 GMT
favicon.ico
towerstop4.xyz/ 		548 B
245 B 		Other
General
Check archive.org
Download Go to
Full URL
https://towerstop4.xyz/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
173.214.240.15 , United States, ASN15317 (SERVEREL-AS, US),
Reverse DNS
173.214.240.15.serverel.net
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 00:01:03 GMT
content-encoding
gzip
server
nginx
content-type
text/html
event_9199d964-05d5-18e4-3b02-846805ac7183_5_0_2000
towerstop4.xyz/ 		116 B
207 B 		Script
General
Check archive.org
Download Go to
Full URL
https://towerstop4.xyz/event_9199d964-05d5-18e4-3b02-846805ac7183_5_0_2000?payload=JTdCJTIyaCUyMiUzQSUyMnhtbC5jcGNtYXJ0LmNvbSUyMiUyQyUyMnUlMjIlM0ElNUIlMjIzMzctOTQ4OGRiMGVmYmZlOTkxNzllZGEwNDI2MWZiYzEzYzQtMjQ3MC0wLjAwMDEyMiUyMiU1RCU3RA%3D%3D&t=1714608062905&rnd=723331613&js=1&io=0&h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA==&if=0
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
173.214.240.15 , United States, ASN15317 (SERVEREL-AS, US),
Reverse DNS
173.214.240.15.serverel.net
Software
nginx /
Resource Hash
d626160a6d499c5cb86d50cc7784c7176907b8e16af1880a126c91b9bd10ac6b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 00:01:04 GMT
content-encoding
gzip
server
nginx
content-type
application/javascript
mjwGW
wy.remockdazzle.com/ilpjsDgCHjPk5ao/
Redirect Chain
  • https://xml.cpcmart.com/click?s=1&tid=337&sid=9488db0efbfe99179eda04261fbc13c4&rnd=403341442
  • https://niaget.xyz/dsp/ph/clcm?aid=12073690874328402030&mid=0&t=1714608062&s=1054234&sid=212
  • https://my.okueroskynt.com/a1532d5a-0649-4f9a-8910-48b1a86fecc3?source_id=497248&reason_id=dch&format=push&zone_id=212&browser=Chrome&country=DE&mode=dsp
  • https://my.okueroskynt.com/a1532d5a-0649-4f9a-8910-48b1a86fecc3/2?source_id=497248&reason_id=dch&format=push&zone_id=212&browser=Chrome&country=DE&mode=dsp
  • https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
Requested by
Host: towerstop4.xyz
URL: https://towerstop4.xyz/event_9199d964-05d5-18e4-3b02-846805ac7183_5_0_2000?payload=JTdCJTIyaCUyMiUzQSUyMnhtbC5jcGNtYXJ0LmNvbSUyMiUyQyUyMnUlMjIlM0ElNUIlMjIzMzctOTQ4OGRiMGVmYmZlOTkxNzllZGEwNDI2MWZiYzEzYzQtMjQ3MC0wLjAwMDEyMiUyMiU1RCU3RA%3D%3D&t=1714608062905&rnd=723331613&js=1&io=0&h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA==&if=0
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
212.117.186.4 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
54aea5f77f9095c5cb6e0e37211a84d6a8faed539e90e24adf511d89dd2b2b97
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-ch
sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 02 May 2024 00:01:05 GMT
Keep-Alive
timeout=20
Server
nginx
Strict-Transport-Security
max-age=1
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff

Redirect headers

cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
0
date
Thu, 02 May 2024 00:01:05 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
pragma
no-cache
server
nginx
via
1.1 f8f9f25f837c0ce4e62b6d917642b56a.cloudfront.net (CloudFront)
x-amz-cf-id
HKbefzmUSJnawGWRUxa38KtBKAHMlQ1UqtImg7Jj25-zV6aQIPlQmA==
x-amz-cf-pop
FRA56-P4
x-cache
Miss from cloudfront
/
swapsprediet.top/cuid/ 		32 B
677 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://swapsprediet.top/cuid/?f=https%3A%2F%2Fwy.remockdazzle.com
Requested by
Host: wy.remockdazzle.com
URL: https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
23.109.170.227 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
410c12c0b4a950de30b296695a83cc017fc9ee984bf1d35f464e8e43ee57dbb7
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://wy.remockdazzle.com/
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 02 May 2024 00:01:05 GMT
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
Server
nginx
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/json
Access-Control-Allow-Origin
https://wy.remockdazzle.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Keep-Alive
timeout=20
Content-Length
32
Access-Control-Allow-Headers
content-type, megageocheckolololo, x-forwarded-for
/
swapsprediet.top/cuid/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://swapsprediet.top/cuid/?f=https%3A%2F%2Fwy.remockdazzle.com
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
23.109.170.227 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://wy.remockdazzle.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type, megageocheckolololo, x-forwarded-for
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://wy.remockdazzle.com
Access-Control-Max-Age
600
Connection
keep-alive
Content-Length
0
Date
Thu, 02 May 2024 00:01:05 GMT
Keep-Alive
timeout=20
Server
nginx
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
favicon.ico
wy.remockdazzle.com/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://wy.remockdazzle.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
212.117.186.4 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-full-version
"124.0.6367.78"
sec-ch-ua-platform-version
"10.0.0"
Referer
https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
sec-ch-ua-full-version-list
"Chromium";v="124.0.6367.78", "Google Chrome";v="124.0.6367.78", "Not-A.Brand";v="99.0.0.0"
sec-ch-ua-model
""
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 02 May 2024 00:01:05 GMT
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Apr 2024 12:32:19 GMT
Server
nginx
ETag
"6630e4d3-57e"
Content-Type
application/octet-stream
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=20
Content-Length
1406
Expires
Fri, 03 May 2024 00:01:05 GMT
Primary Request /
wy.remockdazzle.com/iXQzcryAbuoALrWqA/73828/ 		52 B
483 B 		Document
General
Check archive.org
Download Go to
Full URL
https://wy.remockdazzle.com/iXQzcryAbuoALrWqA/73828/?md=eyJ0dmMiOjAsImEiOjYxMjYsInMiOiIxNjAweDEyMDAiLCJiIjoiMTYwMHgxMjAwIiwiciI6IiIsInEiOiJodHRwczovL3d5LnJlbW9ja2RhenpsZS5jb20vaWxwanNEZ0NIalBrNWFvL21qd0dXP3BhcmFtXzQ9NDk3MjQ4JnBhcmFtXzU9d2tiMG5wMXRsNHJ2ajgwMWppc3JuNTk0IiwiaCI6NTA2OCwibCI6ImRlLURFIiwidCI6LTEyMCwieiI6NTg4MSwiayI6MCwidSI6IjY3N2FiMGMwZDUyMmI4NDk0ZDE2MDgiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiJub3QgaW4gaWZyYW1lIiwiZSI6IjlxejduZmdhNXJsYm1payIsIm8iOnRydWUsIm0iOjE3MTQ2MDgwNjU2NTMsInRzIjowLCJwciI6MSwiZG0iOjgsImhjIjoxNywiYmwiOjEsImJjIjoyLCJ2diI6IkludGVsIEluYy4iLCJ2ciI6IkludGVsIElyaXMgT3BlbkdMIEVuZ2luZSIsImFjIjowLCJjdCI6InVua25vd24iLCJjZXQiOiI0ZyIsImNkbG0iOi0xLCJjZGwiOjEwLCJjcnR0IjowLCJ0bXMiOjEsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkifQ&pdc=7jW3xZ8qkmLvV3EyF1KRnbdjuP1FQbgvprn0PWbe2IQ&param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
Requested by
Host: wy.remockdazzle.com
URL: https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
212.117.186.4 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-full-version
"124.0.6367.78"
sec-ch-ua-full-version-list
"Chromium";v="124.0.6367.78", "Google Chrome";v="124.0.6367.78", "Not-A.Brand";v="99.0.0.0"
sec-ch-ua-mobile
?0
sec-ch-ua-model
""
sec-ch-ua-platform
"Win32"
sec-ch-ua-platform-version
"10.0.0"

Response headers

Accept-ch
sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 02 May 2024 00:01:05 GMT
Keep-Alive
timeout=20
Server
nginx
Strict-Transport-Security
max-age=1
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
favicon.ico
wy.remockdazzle.com/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://wy.remockdazzle.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
212.117.186.4 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-full-version
"124.0.6367.78"
sec-ch-ua-platform-version
"10.0.0"
Referer
https://wy.remockdazzle.com/iXQzcryAbuoALrWqA/73828/?md=eyJ0dmMiOjAsImEiOjYxMjYsInMiOiIxNjAweDEyMDAiLCJiIjoiMTYwMHgxMjAwIiwiciI6IiIsInEiOiJodHRwczovL3d5LnJlbW9ja2RhenpsZS5jb20vaWxwanNEZ0NIalBrNWFvL21qd0dXP3BhcmFtXzQ9NDk3MjQ4JnBhcmFtXzU9d2tiMG5wMXRsNHJ2ajgwMWppc3JuNTk0IiwiaCI6NTA2OCwibCI6ImRlLURFIiwidCI6LTEyMCwieiI6NTg4MSwiayI6MCwidSI6IjY3N2FiMGMwZDUyMmI4NDk0ZDE2MDgiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiJub3QgaW4gaWZyYW1lIiwiZSI6IjlxejduZmdhNXJsYm1payIsIm8iOnRydWUsIm0iOjE3MTQ2MDgwNjU2NTMsInRzIjowLCJwciI6MSwiZG0iOjgsImhjIjoxNywiYmwiOjEsImJjIjoyLCJ2diI6IkludGVsIEluYy4iLCJ2ciI6IkludGVsIElyaXMgT3BlbkdMIEVuZ2luZSIsImFjIjowLCJjdCI6InVua25vd24iLCJjZXQiOiI0ZyIsImNkbG0iOi0xLCJjZGwiOjEwLCJjcnR0IjowLCJ0bXMiOjEsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkifQ&pdc=7jW3xZ8qkmLvV3EyF1KRnbdjuP1FQbgvprn0PWbe2IQ&param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
sec-ch-ua-full-version-list
"Chromium";v="124.0.6367.78", "Google Chrome";v="124.0.6367.78", "Not-A.Brand";v="99.0.0.0"
sec-ch-ua-model
""
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 02 May 2024 00:01:05 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Apr 2024 12:32:19 GMT
Server
nginx
ETag
"6630e4d3-57e"
Content-Type
application/octet-stream
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Length
1406
Expires
Fri, 03 May 2024 00:01:05 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Domain/Path Name / Value
.mgid.com/ Name: __cf_bm
Value: 3bVUDA4a0piVMXKse6JMuWK5k6AHc91PtD1kj1WDwWg-1714608063-1.0.1.1-TPCXtAGIWhpD8FTT5DEqKoXaik5I3oIlG3aRmKWffFxqOVC71tKezBswmDwvIXuVfLfjTW9rEMSCum7vD9TlYw
.my.okueroskynt.com/ Name: a1532d5a-0649-4f9a-8910-48b1a86fecc3-v4
Value: Xeh3BFx9sM9P_3nRbIEB-mipRQd2bTyFpyDxjPNvwU8
.my.okueroskynt.com/ Name: voluum-cid-v4
Value: %7B%22cid%22%3A%22wkb0np1tl4rvj801jisrn594%22%2C%22caid%22%3A%22a1532d5a-0649-4f9a-8910-48b1a86fecc3%22%7D
wy.remockdazzle.com/ Name: GL_UI4
Value: eJw9jU1OwzAYRPOfFprASDkAR0hcCuoScQiWkWN%2FTk0Tu3JMIm6PhQSrGY3e6EVRlDQPiNdij%2FSLn%2FDEuxcpOR%2FO7VkyodirEnQ8HRULM1OKYa%2BX3vNhIp9ht8zc%2Bd6vGQ4jGXJa9MJKqvAYqL%2FlauxmMuSD40ZWyOdATBXKwdltIdekyAyfCcX7xdmQ%2Bcw%2FrUPasefQtQk9bpHYpUnrO5Qf2shwrA9Iurauiwj3t4l7Zd3ca1nEyEfHJSF%2Bw05wT6N13yglLVdvb4CdZP%2FP%2F3rTrWtRSFq1CHLrL%2BR%2BACEiT0k%3D
wy.remockdazzle.com/ Name: GL_GI10
Value: eJwNyE0KwjAUReG8O4gIZnCx27BUpeDYH1xHjEGK%2BBJei%2BDuzeDwwXHOodsQU2U4Df1hHPt9YzhSXsT1RiTl6p7tE%2FVHsUCYBkpqTQyXYnl3jun9KJoJnbluqxaLS6ZUL8RSPIj52TnK12%2F%2F%2BmwX7w%3D%3D
.swapsprediet.top/ Name: a97fa794a0f9
Value: 677ab0c0d522b8494d1608

7 Console Messages

Source Level URL
Text
other warning URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://towerstop4.xyz/sw_8dbf3c91-de1f-a886-5d9c-9e5cfe7c62ff_5_0_2000.js?h=JTdCJTIycmMlMjIlM0EwJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://towerstop4.xyz/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://wy.remockdazzle.com/ilpjsDgCHjPk5ao/mjwGW?param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
javascript warning URL: https://wy.remockdazzle.com/iXQzcryAbuoALrWqA/73828/?md=eyJ0dmMiOjAsImEiOjYxMjYsInMiOiIxNjAweDEyMDAiLCJiIjoiMTYwMHgxMjAwIiwiciI6IiIsInEiOiJodHRwczovL3d5LnJlbW9ja2RhenpsZS5jb20vaWxwanNEZ0NIalBrNWFvL21qd0dXP3BhcmFtXzQ9NDk3MjQ4JnBhcmFtXzU9d2tiMG5wMXRsNHJ2ajgwMWppc3JuNTk0IiwiaCI6NTA2OCwibCI6ImRlLURFIiwidCI6LTEyMCwieiI6NTg4MSwiayI6MCwidSI6IjY3N2FiMGMwZDUyMmI4NDk0ZDE2MDgiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiJub3QgaW4gaWZyYW1lIiwiZSI6IjlxejduZmdhNXJsYm1payIsIm8iOnRydWUsIm0iOjE3MTQ2MDgwNjU2NTMsInRzIjowLCJwciI6MSwiZG0iOjgsImhjIjoxNywiYmwiOjEsImJjIjoyLCJ2diI6IkludGVsIEluYy4iLCJ2ciI6IkludGVsIElyaXMgT3BlbkdMIEVuZ2luZSIsImFjIjowLCJjdCI6InVua25vd24iLCJjZXQiOiI0ZyIsImNkbG0iOi0xLCJjZGwiOjEwLCJjcnR0IjowLCJ0bXMiOjEsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkifQ&pdc=7jW3xZ8qkmLvV3EyF1KRnbdjuP1FQbgvprn0PWbe2IQ&param_4=497248&param_5=wkb0np1tl4rvj801jisrn594
Message:
Scripts may close only the windows that were opened by them.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.mgid.com
cdn4image.com
fonts.googleapis.com
fonts.gstatic.com
freetrckr.com
g0-g3t-msg.net
gamesspring4.xyz
i.wmgtr.com
my.okueroskynt.com
niaget.xyz
s-img.mgid.com
swapsprediet.top
towerstop4.xyz
washingtontelegraph2.xyz
wy.remockdazzle.com
xml.cpcmart.com
xml.ppctraffic.co
xml.pushking.net
104.19.129.76
173.214.240.15
178.63.248.53
199.182.164.180
212.117.186.4
23.109.170.227
2600:9000:223e:de00:c:ec06:7100:93a1
2a00:1450:4001:800::2003
2a00:1450:4001:806::200a
2a02:b4a:1:8::9308:1
2a02:b4a:1:8::9314:1
45.133.44.33
88.198.55.100
088fdc0e75285ef42652c5d6fe08dab857e12ced28a4f06a7e1d132abb69e5ad
09b6eef900c7a8e24be9cc14b88713900d71a2d45687f788ef2075536703d0ae
410c12c0b4a950de30b296695a83cc017fc9ee984bf1d35f464e8e43ee57dbb7
54aea5f77f9095c5cb6e0e37211a84d6a8faed539e90e24adf511d89dd2b2b97
5b9858e7f5ba1c0d910a2d38826342a3a93801bb3bdf7c215ccee5e809ed0518
6b35f43a65a915a82eb020a5a39743aabf0987b27cac5e32124381c78aabf2bf
6bd9cd7785446537c145de6313a125d7c728bfd9add3f1628e547ad167cdb558
927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d
964f0c79be3abcc1f43fe9d1e8a323fba9198aaa07baf0ec937651957217643d
9d922dde540face183df1aedc617e63c1eaecdfbab3000401599d506fa23bc48
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e
aaf2f58682f990cd6895432eeb0e77ef17a2a17c797d38838520c9d87a220b66
b42b0f659f2f8919dd8f2454164894c640aba98cfd4e81367815bdec226ae21c
c5d75a5666973cc4b9c4eca95b9eea032c972315910436bda3ab0ea25fe724b3
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d626160a6d499c5cb86d50cc7784c7176907b8e16af1880a126c91b9bd10ac6b
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615