r.secprf2.com Open in urlscan Pro
63.33.119.172 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://m.witskies.click/c/c/140/0.1028066272671182
Effective URL:
https://r.secprf2.com/v2/go?t=dtcp7%3Ac%2F3l5.7rfd8d7ualbr7c2mccdi0k5p1301483%26v%3Di8e5%3D1e%26r%3Dt4%22131169+2agg4t...
Submission: On June 21 via api (June 21st 2024, 6:24:08 am UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 7 domains to perform 16 HTTP transactions. The main IP is 63.33.119.172, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is r.secprf2.com. The Cisco Umbrella rank of the primary domain is 186604.
TLS certificate: Issued by R3 on May 14th 2024. Valid for: 3 months.

This is the only time r.secprf2.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	173.255.213.46 173.255.213.46	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
4	139.45.196.64 139.45.196.64	9002 (RETN-AS) (RETN-AS)
2 8	139.45.197.242 139.45.197.242	9002 (RETN-AS) (RETN-AS)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1 1	18.196.11.62 18.196.11.62	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:235... 2600:9000:2359:2200:11:23c:6240:93a1	16509 (AMAZON-02) (AMAZON-02)
1 3	63.33.119.172 63.33.119.172	16509 (AMAZON-02) (AMAZON-02)
16	5

2 173.255.213.46 (Fremont, United States) 2 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 173-255-213-46.ip.linodeusercontent.com

m.witskies.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.45.196.64 (United Kingdom)

ASN9002 (RETN-AS, GB)

leikovoleikamarada.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 139.45.197.242 (United Kingdom) 2 redirects

ASN9002 (RETN-AS, GB)

pivonoms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.11.62 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-11-62.eu-central-1.compute.amazonaws.com

de.tracksolutionspartners.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2359:2200:11:23c:6240:93a1 (United States)

ASN16509 (AMAZON-02, US)

ad.sfhkjgd2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.33.119.172 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-119-172.eu-west-1.compute.amazonaws.com

r.secprf2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	pivonoms.net 2 redirects pivonoms.net — Cisco Umbrella Rank: 612010	17 KB
4	leikovoleikamarada.com leikovoleikamarada.com — Cisco Umbrella Rank: 186127	14 KB
3	secprf2.com 1 redirects r.secprf2.com — Cisco Umbrella Rank: 186604	3 KB
2	sfhkjgd2.com ad.sfhkjgd2.com	3 KB
2	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 8833	982 B
2	witskies.click 2 redirects m.witskies.click	616 B
1	tracksolutionspartners.com 1 redirects de.tracksolutionspartners.com	471 B
16	7

	Domain	Requested by
8	pivonoms.net	2 redirects leikovoleikamarada.com pivonoms.net
4	leikovoleikamarada.com	leikovoleikamarada.com
3	r.secprf2.com	1 redirects ad.sfhkjgd2.com
2	ad.sfhkjgd2.com
2	my.rtmark.net	leikovoleikamarada.com pivonoms.net
2	m.witskies.click	2 redirects
1	de.tracksolutionspartners.com	1 redirects
16	7

This site contains no links.

Subject Issuer	Validity	Valid
leikovoleikamarada.com R3	`2024-04-24` - `2024-07-23`	3 months	crt.sh
pivonoms.net R3	`2024-05-28` - `2024-08-26`	3 months	crt.sh
rtmark.net R3	`2024-05-11` - `2024-08-09`	3 months	crt.sh
ad.sfhkjgd2.com Amazon RSA 2048 M03	`2023-11-03` - `2024-12-01`	a year	crt.sh
linksprf.com R3	`2024-05-14` - `2024-08-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://r.secprf2.com/v2/go?t=dtcp7%3Ac%2F3l5.7rfd8d7ualbr7c2mccdi0k5p1301483%26v%3Di8e5%3D1e%26r%3Dt4%22131169+2agg4t2%260p1%3Da0108010%3D6%3F6cal7%2F2od.6e0b4o2e8a5tfk6ce%2Fes4t5h&e=1&ai=63b09b5c0fbc4b35851f49de5680d449&sct=0&ct=1718951043817&cu=ad7c22d76b0a47288f57f563ece74c5d&cs=9bfa9622f96e7b8e8f67be86ca53b7af
Frame ID: 77D7C465F7B10E7F25F0B1193591DD0C
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Please wait

Page URL History Show full URLs

http://m.witskies.click/c/c/140/0.1028066272671182 HTTP 307
https://m.witskies.click/c/c/140/0.1028066272671182 HTTP 302
https://m.witskies.click/c/c/159/145?__m2888__=1&sc=140_0&__ot__=0 HTTP 302
https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741 Page URL
https://pivonoms.net/?z=7632762&syncedCookie=true&rhd=false HTTP 302
https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x Page URL
https://pivonoms.net/?z=6118780&syncedCookie=true&rhd=false HTTP 302
https://de.tracksolutionspartners.com/smartlinks/ZiNrdlFDW8OhjUucAnhbzXH4?ts=PA&tsAcc=POP&isp=cloudflare%20inc.&co... HTTP 302
https://ad.sfhkjgd2.com/?finalUrl=https%3A%2F%2Fr.secprf2.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3... Page URL
https://ad.sfhkjgd2.com/ Page URL
https://r.secprf2.com/v1/redirect?type=linkId&id=69380199c4c44706b12c4bd64efa533f&api_key=74a4a421... HTTP 302
https://r.secprf2.com/v2/go?t=dtcp7%3Ac%2F3l5.7rfd8d7ualbr7c2mccdi0k5p1301483%26v%3Di8e5%3D1e%26r%... Page URL

Page Statistics

16
Requests

100 %
HTTPS

14 %
IPv6

7
Domains

7
Subdomains

5
IPs

4
Countries

35 kB
Transfer

65 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://m.witskies.click/c/c/140/0.1028066272671182 HTTP 307
https://m.witskies.click/c/c/140/0.1028066272671182 HTTP 302
https://m.witskies.click/c/c/159/145?__m2888__=1&sc=140_0&__ot__=0 HTTP 302
https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741 Page URL
https://pivonoms.net/?z=7632762&syncedCookie=true&rhd=false HTTP 302
https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x Page URL
https://pivonoms.net/?z=6118780&syncedCookie=true&rhd=false HTTP 302
https://de.tracksolutionspartners.com/smartlinks/ZiNrdlFDW8OhjUucAnhbzXH4?ts=PA&tsAcc=POP&isp=cloudflare%20inc.&cost=0.001580&paid=827903278980534677&device=desktop&region=he&zoneId=6118780&browser=chrome&carrier=?&country=DE&bannerId=20840790&language=de&osVersion=win10&subZoneId=0&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/126.0.0.0%20Safari/537.36&campaignId=8125761&browserVersion=126&connectionType=broadband&operatingSystem=windows HTTP 302
https://ad.sfhkjgd2.com/?finalUrl=https%3A%2F%2Fr.secprf2.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3D69380199c4c44706b12c4bd64efa533f%26api_key%3D74a4a421b5980ddf355e8dc566996020%26site_id%3D75318b1361f84b5b932b0588e292c691%26dch%3Dfeed%26ad_t%3Dadvertiser%26yk_tag%3D3cc3546f-4592-46e4-a141-cee51e6d237f&postTo=ad.sfhkjgd2.com&clickId=3cc3546f-4592-46e4-a141-cee51e6d237f&setBlankReferer=true Page URL
https://ad.sfhkjgd2.com/ Page URL
https://r.secprf2.com/v1/redirect?type=linkId&id=69380199c4c44706b12c4bd64efa533f&api_key=74a4a421b5980ddf355e8dc566996020&site_id=75318b1361f84b5b932b0588e292c691&dch=feed&ad_t=advertiser&yk_tag=3cc3546f-4592-46e4-a141-cee51e6d237f HTTP 302
https://r.secprf2.com/v2/go?t=dtcp7%3Ac%2F3l5.7rfd8d7ualbr7c2mccdi0k5p1301483%26v%3Di8e5%3D1e%26r%3Dt4%22131169+2agg4t2%260p1%3Da0108010%3D6%3F6cal7%2F2od.6e0b4o2e8a5tfk6ce%2Fes4t5h&e=1&ai=63b09b5c0fbc4b35851f49de5680d449&sct=0&ct=1718951043817&cu=ad7c22d76b0a47288f57f563ece74c5d&cs=9bfa9622f96e7b8e8f67be86ca53b7af Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://m.witskies.click/c/c/140/0.1028066272671182 HTTP 307
https://m.witskies.click/c/c/140/0.1028066272671182 HTTP 302
https://m.witskies.click/c/c/159/145?__m2888__=1&sc=140_0&__ot__=0 HTTP 302
https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741

Request Chain 5

https://pivonoms.net/?z=7632762&syncedCookie=true&rhd=false HTTP 302
https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x

Request Chain 11

https://pivonoms.net/?z=6118780&syncedCookie=true&rhd=false HTTP 302
https://de.tracksolutionspartners.com/smartlinks/ZiNrdlFDW8OhjUucAnhbzXH4?ts=PA&tsAcc=POP&isp=cloudflare%20inc.&cost=0.001580&paid=827903278980534677&device=desktop&region=he&zoneId=6118780&browser=chrome&carrier=?&country=DE&bannerId=20840790&language=de&osVersion=win10&subZoneId=0&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/126.0.0.0%20Safari/537.36&campaignId=8125761&browserVersion=126&connectionType=broadband&operatingSystem=windows HTTP 302
https://ad.sfhkjgd2.com/?finalUrl=https%3A%2F%2Fr.secprf2.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3D69380199c4c44706b12c4bd64efa533f%26api_key%3D74a4a421b5980ddf355e8dc566996020%26site_id%3D75318b1361f84b5b932b0588e292c691%26dch%3Dfeed%26ad_t%3Dadvertiser%26yk_tag%3D3cc3546f-4592-46e4-a141-cee51e6d237f&postTo=ad.sfhkjgd2.com&clickId=3cc3546f-4592-46e4-a141-cee51e6d237f&setBlankReferer=true

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

link Show response
leikovoleikamarada.com/
Redirect Chain

http://m.witskies.click/c/c/140/0.1028066272671182
https://m.witskies.click/c/c/140/0.1028066272671182
https://m.witskies.click/c/c/159/145?__m2888__=1&sc=140_0&__ot__=0
https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741

30 KB
13 KB

78ms
25ms

Document
text/html

139.45.196.64
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.196.64 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

7e395315f38db415983dfd202208f0f44bc728479f103cd7827c61e781aad2fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf8
date: Fri, 21 Jun 2024 06:24:02 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff
x-trace-id: 8d2275c14b609e0e3b807247509ded9a

Redirect headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 0
Date: Fri, 21 Jun 2024 06:24:02 GMT
Location: https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741
Server: nginx/1.18.0

POST
H2 200 sftouch
pivonoms.net/ 0
0 56ms
14ms Ping
text/plain 139.45.197.242
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pivonoms.net/sftouch?userId=008082ae3b55404aed030ba1d1909eb9&z=7632762&p_rid=b02fc014-3251-46d6-a8ba-e928549087ae&p_src=sf&branchId=0&rb=tK9e6F9uNI9RRwyhip3DrZ_0mq1kh1JyosfJSMncKhY9mniRV-lctTbTAHs7voG51xEcZ2ZM_RVW6Awke8K2rkj3iyKn9pCN_IQeN5gO5VfqsSFlGDcIN7i9650s6V1S7GgWzvjGHacPCuClUA_bWo1syAKiVPjMdgNHUimryBhAuyxLM9W6ot501VJumgmuDOE_REEiBBDIjMaC82UACb2TDKAa4POcvK_4iEhoY4e7KM1Ga4NnHoegvzSC2Srd1Ldc-Gb2aHD7KfxHEtxIiqx_fCnOx_X1YIKDd-aUyl63ZAsgI47rHA8jUHs2zI6pyAipUD3qFXE=
Requested by: Host: leikovoleikamarada.com
URL: https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.242 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://leikovoleikamarada.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

GET
H2 200 img.gif
my.rtmark.net/ 43 B
491 B 54ms
13ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=008082ae3b55404aed030ba1d1909eb9&z=7632762&p_rid=b02fc014-3251-46d6-a8ba-e928549087ae&p_src=sf

Requested by

Host: leikovoleikamarada.com
URL: https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://leikovoleikamarada.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 06:24:02 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

POST
H2 200 add Show response
leikovoleikamarada.com/log/ 12 B
390 B 15ms
15ms XHR
application/json 139.45.196.64
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://leikovoleikamarada.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=b02fc014-3251-46d6-a8ba-e928549087ae

Requested by

Host: leikovoleikamarada.com
URL: https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.196.64 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "126.0.6478.114"
Content-Type: text/plain;charset=UTF-8
Referer: https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.114", "Google Chrome";v="126.0.6478.114"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 06:24:02 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leikovoleikamarada.com
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
content-length: 12

GET
H2 204 favicon.ico
leikovoleikamarada.com/ 0
150 B 14ms
14ms Other
text/plain 139.45.196.64
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://leikovoleikamarada.com/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.196.64 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "126.0.6478.114"
Referer: https://leikovoleikamarada.com/link?z=7632760&var=145&ymid=25fe9a95b7394680b1943eff53413741
sec-ch-ua-bitness: "64"
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.114", "Google Chrome";v="126.0.6478.114"
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Fri, 21 Jun 2024 06:24:02 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
server: nginx
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

/ Show response
pivonoms.net/4/6118780/
Redirect Chain

https://pivonoms.net/?z=7632762&syncedCookie=true&rhd=false
https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x

30 KB
13 KB

30ms
30ms

Document
text/html

139.45.197.242
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.242 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

05e0b7c7e4e4569059c56779b83a165a55b0d06c995368707dd8d670464883df

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Content-Type: application/x-www-form-urlencoded
Origin: https://leikovoleikamarada.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf8
date: Fri, 21 Jun 2024 06:24:02 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff
x-trace-id: 36905edc8c3df747a39a05fddb4e5b4a

Redirect headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://leikovoleikamarada.com
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
content-length: 0
date: Fri, 21 Jun 2024 06:24:02 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://pivonoms.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location: https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x
pragma: no-cache
referrer-policy: no-referrer
server: nginx
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff
x-trace-id: e152ad16b9bc3826bf8b274bf7fad21a

GET
H2 204 favicon.ico
leikovoleikamarada.com/ 0
0 0ms
0ms Other
text/plain 139.45.196.64
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://leikovoleikamarada.com/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.196.64 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "126.0.6478.114"
Referer: https://leikovoleikamarada.com/afu.php?zoneid=7632762&var=7632762&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false&ab2r=0&sf=1&os=win32&os_version=10.0.0&is_mobile=false&browser_version=126.0.6478.114
sec-ch-ua-bitness: "64"
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.114", "Google Chrome";v="126.0.6478.114"
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Fri, 21 Jun 2024 06:24:02 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
server: nginx
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 sftouch
pivonoms.net/ 2 B
603 B 14ms
14ms Ping
text/plain 139.45.197.242
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pivonoms.net/sftouch?userId=008082b8bbb04a58fcecfe95f3668482&z=6118780&p_rid=c1ef443b-83c6-42cb-a329-3a94f89b5d44&p_src=sf&branchId=0&rb=Dw2QKIP7sy_c29cQHO-NHAdOjLgjxQX9oc2xX2kW-2b10NFJjXukCONkzI2bdcZIr4VPLTbyb04OJEkR3zjgYM-Jw2scDDftdrfpKrzUBzRej3ibb8P6-b7L0qhiOrY_b9XfoyXcMUAEg0ikAXqXpySQktwQu0bW2ryM5dS9HonSRC823YWc9STG4TiphDX7tVOo00ljbjObTjYsaw84JIaI1pTlQVCDJq7ifGS9EkjgEat8IFag5vp3sPOQEyh5bE4AZ_snNV28Fd98k_ypKoHGcJWzTvDu4kyoExwgvkozMRvW

Requested by

Host: pivonoms.net
URL: https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.242 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "126.0.6478.114"
Referer: https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x
sec-ch-ua-bitness: "64"
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.114", "Google Chrome";v="126.0.6478.114"
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 06:24:02 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-length: 2
x-trace-id: 905165f4d475caab63f0ec45eb3b12cb
pragma: no-cache
server: nginx
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: https://pivonoms.net
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 img.gif
my.rtmark.net/ 43 B
491 B 48ms
16ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=008082b8bbb04a58fcecfe95f3668482&z=6118780&p_rid=c1ef443b-83c6-42cb-a329-3a94f89b5d44&p_src=sf

Requested by

Host: pivonoms.net
URL: https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://pivonoms.net/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 06:24:02 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

POST
H2 200 add Show response
pivonoms.net/log/ 12 B
383 B 15ms
15ms XHR
application/json 139.45.197.242
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pivonoms.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=c1ef443b-83c6-42cb-a329-3a94f89b5d44

Requested by

Host: pivonoms.net
URL: https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.242 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "126.0.6478.114"
Content-Type: text/plain;charset=UTF-8
Referer: https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.114", "Google Chrome";v="126.0.6478.114"
sec-ch-ua-bitness: "64"
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 21 Jun 2024 06:24:02 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://pivonoms.net
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
content-length: 12

GET
H2 204 favicon.ico
pivonoms.net/ 0
150 B 15ms
14ms Other
text/plain 139.45.197.242
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pivonoms.net/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.242 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "126.0.6478.114"
Referer: https://pivonoms.net/4/6118780/?var=7632762&btz=Europe/Berlin&bto=-120&bar=x
sec-ch-ua-bitness: "64"
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.114", "Google Chrome";v="126.0.6478.114"
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Fri, 21 Jun 2024 06:24:02 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
server: nginx
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

302

/ Show response
ad.sfhkjgd2.com/
Redirect Chain

https://pivonoms.net/?z=6118780&syncedCookie=true&rhd=false
https://de.tracksolutionspartners.com/smartlinks/ZiNrdlFDW8OhjUucAnhbzXH4?ts=PA&tsAcc=POP&isp=cloudflare%20inc.&cost=0.001580&paid=827903278980534677&device=desktop&region=he&zoneId=6118780&browser...
https://ad.sfhkjgd2.com/?finalUrl=https%3A%2F%2Fr.secprf2.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3D69380199c4c44706b12c4bd64efa533f%26api_key%3D74a4a421b5980ddf355e8dc566996020%26site_id%3D75318b...

1 KB
2 KB

100ms
18ms

Document
text/html

2600:9000:2359:2200:11:23c:6240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.sfhkjgd2.com/?finalUrl=https%3A%2F%2Fr.secprf2.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3D69380199c4c44706b12c4bd64efa533f%26api_key%3D74a4a421b5980ddf355e8dc566996020%26site_id%3D75318b1361f84b5b932b0588e292c691%26dch%3Dfeed%26ad_t%3Dadvertiser%26yk_tag%3D3cc3546f-4592-46e4-a141-cee51e6d237f&postTo=ad.sfhkjgd2.com&clickId=3cc3546f-4592-46e4-a141-cee51e6d237f&setBlankReferer=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2359:2200:11:23c:6240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: bf6daa61982d676ae1ca6e811be4f99341d936c350dd56bdec9911b8c0c1a2c9

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Content-Type: application/x-www-form-urlencoded
Origin: https://pivonoms.net
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-arch: "x86"
sec-ch-ua-bitness: "64"
sec-ch-ua-full-version: "126.0.6478.114"
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.114", "Google Chrome";v="126.0.6478.114"
sec-ch-ua-mobile: ?0
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

cache-control: No-Store, No-Cache, max-age=0
content-length: 1387
content-type: text/html
date: Fri, 21 Jun 2024 06:24:03 GMT
server: CloudFront
vary: Origin
via: 1.1 ea1aadbeedf1001a86f79fc729fb39e0.cloudfront.net (CloudFront)
x-amz-cf-id: wMc11TEo3_13Q5lN6YcJgjtqCPPR_iNL1ijzjwT3D5TAcsWclpEBDw==
x-amz-cf-pop: FRA60-P10
x-cache: LambdaGeneratedResponse from cloudfront

Redirect headers

cache-control: No-Store, No-Cache, max-age=0
content-length: 0
content-type: application/octet-stream
date: Fri, 21 Jun 2024 06:24:03 GMT
location: https://ad.sfhkjgd2.com/?finalUrl=https%3A%2F%2Fr.secprf2.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3D69380199c4c44706b12c4bd64efa533f%26api_key%3D74a4a421b5980ddf355e8dc566996020%26site_id%3D75318b1361f84b5b932b0588e292c691%26dch%3Dfeed%26ad_t%3Dadvertiser%26yk_tag%3D3cc3546f-4592-46e4-a141-cee51e6d237f&postTo=ad.sfhkjgd2.com&clickId=3cc3546f-4592-46e4-a141-cee51e6d237f&setBlankReferer=true
server: awselb/2.0

GET
H2 204 favicon.ico
pivonoms.net/ 0
0 0ms
0ms Other
text/plain 139.45.197.242
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pivonoms.net/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.242 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "126.0.6478.114"
Referer: https://pivonoms.net/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&ab2r=0&sf=1&os=win32&os_version=10.0.0&is_mobile=false&browser_version=126.0.6478.114
sec-ch-ua-bitness: "64"
sec-ch-ua-full-version-list: "Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.114", "Google Chrome";v="126.0.6478.114"
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Fri, 21 Jun 2024 06:24:02 GMT
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
server: nginx
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 302 /
ad.sfhkjgd2.com/ 1 KB
2 KB 19ms
19ms Document
text/html 2600:9000:2359:2200:11:23c:6240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.sfhkjgd2.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2359:2200:11:23c:6240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Content-Type: application/x-www-form-urlencoded
Origin: null
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: No-Store, No-Cache, max-age=0
content-length: 1426
content-type: text/html
date: Fri, 21 Jun 2024 06:24:03 GMT
server: CloudFront
via: 1.1 ea1aadbeedf1001a86f79fc729fb39e0.cloudfront.net (CloudFront)
x-amz-cf-id: 0pdiPC18A8VhgieqHmwfwSAke89ZYD2WYgubv0ajGop89jMbyu7roQ==
x-amz-cf-pop: FRA60-P10
x-cache: LambdaGeneratedResponse from cloudfront

GET
H2

200

Primary Request go Show response
r.secprf2.com/v2/
Redirect Chain

https://r.secprf2.com/v1/redirect?type=linkId&id=69380199c4c44706b12c4bd64efa533f&api_key=74a4a421b5980ddf355e8dc566996020&site_id=75318b1361f84b5b932b0588e292c691&dch=feed&ad_t=advertiser&yk_tag=3...
https://r.secprf2.com/v2/go?t=dtcp7%3Ac%2F3l5.7rfd8d7ualbr7c2mccdi0k5p1301483%26v%3Di8e5%3D1e%26r%3Dt4%22131169+2agg4t2%260p1%3Da0108010%3D6%3F6cal7%2F2od.6e0b4o2e8a5tfk6ce%2Fes4t5h&e=1&ai=63b09b5c...

1 KB
2 KB

30ms
30ms

Document
text/html

63.33.119.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.secprf2.com/v2/go?t=dtcp7%3Ac%2F3l5.7rfd8d7ualbr7c2mccdi0k5p1301483%26v%3Di8e5%3D1e%26r%3Dt4%22131169+2agg4t2%260p1%3Da0108010%3D6%3F6cal7%2F2od.6e0b4o2e8a5tfk6ce%2Fes4t5h&e=1&ai=63b09b5c0fbc4b35851f49de5680d449&sct=0&ct=1718951043817&cu=ad7c22d76b0a47288f57f563ece74c5d&cs=9bfa9622f96e7b8e8f67be86ca53b7af

Requested by

Host: ad.sfhkjgd2.com
URL: https://ad.sfhkjgd2.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

63.33.119.172 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-119-172.eu-west-1.compute.amazonaws.com

Software

Resource Hash

34c83fefadc67aad001eea7e9f85c75619139ff307dabee3ac062583221b0f4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://ad.sfhkjgd2.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-length: 1442
content-type: text/html;charset=UTF-8
date: Fri, 21 Jun 2024 06:24:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

content-length: 0
date: Fri, 21 Jun 2024 06:24:03 GMT
location: /v2/go?t=dtcp7%3Ac%2F3l5.7rfd8d7ualbr7c2mccdi0k5p1301483%26v%3Di8e5%3D1e%26r%3Dt4%22131169+2agg4t2%260p1%3Da0108010%3D6%3F6cal7%2F2od.6e0b4o2e8a5tfk6ce%2Fes4t5h&e=1&ai=63b09b5c0fbc4b35851f49de5680d449&sct=0&ct=1718951043817&cu=ad7c22d76b0a47288f57f563ece74c5d&cs=9bfa9622f96e7b8e8f67be86ca53b7af
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 404 favicon.ico
r.secprf2.com/ 1 KB
1 KB 32ms
31ms Other
text/html 63.33.119.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r.secprf2.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

63.33.119.172 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-119-172.eu-west-1.compute.amazonaws.com

Software

Resource Hash

8a29823167609b7a9e17751cf424ad3a59c541ca6bc3fbc917537ba445b7b9e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://r.secprf2.com/v2/go?t=dtcp7%3Ac%2F3l5.7rfd8d7ualbr7c2mccdi0k5p1301483%26v%3Di8e5%3D1e%26r%3Dt4%22131169+2agg4t2%260p1%3Da0108010%3D6%3F6cal7%2F2od.6e0b4o2e8a5tfk6ce%2Fes4t5h&e=1&ai=63b09b5c0fbc4b35851f49de5680d449&sct=0&ct=1718951043817&cu=ad7c22d76b0a47288f57f563ece74c5d&cs=9bfa9622f96e7b8e8f67be86ca53b7af
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-language: en
date: Fri, 21 Jun 2024 06:24:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1085
content-type: text/html;charset=utf-8

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.de.tracksolutionspartners.com/smartlinks	1970-01-20 21:30:37	Name: clkLink-106264 Value: 1
.witskies.click/	1970-01-21 07:05:11	Name: uk Value: 92ec9a25b19d496bb688f07bcf973b19
leikovoleikamarada.com/	1970-01-21 06:14:47	Name: OAID Value: 008082ae3b55404aed030ba1d1909eb9
leikovoleikamarada.com/	1970-01-21 06:14:47	Name: oaidts Value: 1718951042
leikovoleikamarada.com/	1970-01-21 06:14:47	Name: allcnt Value: 1
my.rtmark.net/	1970-01-21 06:14:47	Name: ID Value: 008082ae3b55404aed030ba1d1909eb9
pivonoms.net/	1970-01-21 06:14:47	Name: oaidts Value: 1718951042
pivonoms.net/	1970-01-21 06:14:47	Name: OAID Value: 008082ae3b55404aed030ba1d1909eb9
pivonoms.net/	1970-01-20 21:39:15	Name: syncedCookie Value: true
.secprf2.com/	1970-01-21 06:14:47	Name: ykuid Value: 4a8e132e887f44468a68ebee5fc195be
r.secprf2.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 06CFC6744D1A957AC5F6F243FC190C6C

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://r.secprf2.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.sfhkjgd2.com
de.tracksolutionspartners.com
leikovoleikamarada.com
m.witskies.click
my.rtmark.net
pivonoms.net
r.secprf2.com
139.45.195.8
139.45.196.64
139.45.197.242
173.255.213.46
18.196.11.62
2600:9000:2359:2200:11:23c:6240:93a1
63.33.119.172
05e0b7c7e4e4569059c56779b83a165a55b0d06c995368707dd8d670464883df
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
34c83fefadc67aad001eea7e9f85c75619139ff307dabee3ac062583221b0f4f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
7e395315f38db415983dfd202208f0f44bc728479f103cd7827c61e781aad2fa
8a29823167609b7a9e17751cf424ad3a59c541ca6bc3fbc917537ba445b7b9e5
bf6daa61982d676ae1ca6e811be4f99341d936c350dd56bdec9911b8c0c1a2c9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7

r.secprf2.com Open in urlscan Pro 63.33.119.172 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

100 %HTTPS

14 %IPv6

7 Domains

7 Subdomains

5 IPs

4 Countries

35 kBTransfer

65 kBSize

11 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

11 Cookies

1 Console Messages

Security Headers

Indicators

r.secprf2.com Open in urlscan Pro
63.33.119.172 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

14 %
IPv6

7
Domains

7
Subdomains

5
IPs

4
Countries

35 kB
Transfer

65 kB
Size

11
Cookies

16 HTTP transactions
0 data transactions