urlscan.io logo urlscan.io
SecurityTrails logo

noeblithre.com Open in urlscan Pro
95.211.163.23  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://trk.bubblewaves.online/aff_c?source=2&offer_id=174&aff_click_id=&aff_id=2&aff_sub=2&aff_sub2=2&aff_sub3=2&aff_sub4=&aff...
Effective URL: https://noeblithre.com/click.php?key=0r0hpl1w1u2v72m6ncvn&visitor_id=782093178932305994&cost=0.001856&zoneid=6118780&ca...
Submission: On February 15 via manual from UA — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 5 countries across 10 domains to perform 21 HTTP transactions. The main IP is 95.211.163.23, located in Netherlands and belongs to . The main domain is noeblithre.com.
TLS certificate: Issued by R3 on January 28th 2024. Valid for: 3 months.
This is the only time noeblithre.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 52.210.174.128 16509 (AMAZON-02)
2 172.67.181.222 ()
1 2a00:1450:400... 15169 (GOOGLE)
7 139.45.197.251 9002 (RETN-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 139.45.197.238 9002 (RETN-AS)
3 139.45.195.8 9002 (RETN-AS)
1 3 72.247.153.171 ()
1 37.48.68.71 60781 (LEASEWEB-...)
1 95.211.163.23 ()
21 10
1    52.210.174.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-174-128.eu-west-1.compute.amazonaws.com
trk.bubblewaves.online
2    172.67.181.222 (United States)

ASN- ()
ok.battletrain.xyz
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
7    139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)
humsoolt.net
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)
ellcurvth.com
3    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
3    72.247.153.171 (Düsseldorf, Germany)

ASN- ()
PTR: a72-247-153-171.deploy.static.akamaitechnologies.com
ak.ocoaksib.com
1    37.48.68.71 (Amsterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
datatechone.com
1    95.211.163.23 (Netherlands)

ASN- ()
noeblithre.com
Apex Domain
Subdomains		 Transfer
7 humsoolt.net
humsoolt.net
35 KB
3 ocoaksib.com
ak.ocoaksib.com — Cisco Umbrella Rank: 89440
16 KB
3 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 9876
2 KB
2 battletrain.xyz
ok.battletrain.xyz
3 KB
1 noeblithre.com
noeblithre.com
39 KB
1 datatechone.com
datatechone.com — Cisco Umbrella Rank: 36259
468 B
1 ellcurvth.com
ellcurvth.com
2 KB
1 gstatic.com
fonts.gstatic.com
16 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 48
721 B
1 bubblewaves.online
trk.bubblewaves.online
2 KB
21 10
Domain Requested by
7 humsoolt.net ok.battletrain.xyz
humsoolt.net
3 ak.ocoaksib.com 1 redirects ellcurvth.com
ak.ocoaksib.com
3 my.rtmark.net ok.battletrain.xyz
ellcurvth.com
ak.ocoaksib.com
2 ok.battletrain.xyz ok.battletrain.xyz
1 noeblithre.com
1 datatechone.com ak.ocoaksib.com
1 ellcurvth.com ok.battletrain.xyz
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com ok.battletrain.xyz
1 trk.bubblewaves.online 1 redirects
21 10

This site contains no links.

Subject Issuer Validity Valid
battletrain.xyz
GTS CA 1P5		 2024-01-15 -
2024-04-14		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
humsoolt.net
R3		 2024-01-07 -
2024-04-06		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
ellcurvth.com
R3		 2024-02-02 -
2024-05-02		 3 months crt.sh
rtmark.net
R3		 2023-12-23 -
2024-03-22		 3 months crt.sh
ak.hetaruwg.com
R3		 2024-02-08 -
2024-05-08		 3 months crt.sh
datatechone.com
Sectigo RSA Domain Validation Secure Server CA		 2023-12-10 -
2024-12-23		 a year crt.sh
noeblithre.com
R3		 2024-01-28 -
2024-04-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://noeblithre.com/click.php?key=0r0hpl1w1u2v72m6ncvn&visitor_id=782093178932305994&cost=0.001856&zoneid=6118780&campaignid=7936736&device=desktop&browser=chrome&os=windows&osversion=win10&country=DE&language=de&isp=cloudflare%20inc.&user_activity=high&countryname=DE&c=XKfWUT0MY0sFNGX7wv4fBX5iV2s=
Frame ID: C47127DA911D15C75AE89A06653FD32D
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

VPN herunterladen

Page URL History Show full URLs

  1. http://trk.bubblewaves.online/aff_c?source=2&offer_id=174&aff_click_id=&aff_id=2&aff_sub=2&aff_sub2=2&aff_... HTTP 302
    https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76 Page URL
  2. https://ellcurvth.com/afu.php?zoneid=2674730 Page URL
  3. https://ak.ocoaksib.com/4/6118780/?var=2674730&btz=&bto= Page URL
  4. https://ak.ocoaksib.com/?z=6118780&syncedCookie=true&rhd=false HTTP 302
    https://noeblithre.com/click.php?key=0r0hpl1w1u2v72m6ncvn&visitor_id=782093178932305994&cost=0.0018... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

21
Requests

90 %
HTTPS

20 %
IPv6

10
Domains

10
Subdomains

10
IPs

5
Countries

112 kB
Transfer

265 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://trk.bubblewaves.online/aff_c?source=2&offer_id=174&aff_click_id=&aff_id=2&aff_sub=2&aff_sub2=2&aff_sub3=2&aff_sub4=&aff_sub5=&aff_unique1=&aff_unique2=&aff_unique3=&name=fallback&url= HTTP 302
    https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76 Page URL
  2. https://ellcurvth.com/afu.php?zoneid=2674730 Page URL
  3. https://ak.ocoaksib.com/4/6118780/?var=2674730&btz=&bto= Page URL
  4. https://ak.ocoaksib.com/?z=6118780&syncedCookie=true&rhd=false HTTP 302
    https://noeblithre.com/click.php?key=0r0hpl1w1u2v72m6ncvn&visitor_id=782093178932305994&cost=0.001856&zoneid=6118780&campaignid=7936736&device=desktop&browser=chrome&os=windows&osversion=win10&country=DE&language=de&isp=cloudflare%20inc.&user_activity=high&countryname=DE&c=XKfWUT0MY0sFNGX7wv4fBX5iV2s= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://trk.bubblewaves.online/aff_c?source=2&offer_id=174&aff_click_id=&aff_id=2&aff_sub=2&aff_sub2=2&aff_sub3=2&aff_sub4=&aff_sub5=&aff_unique1=&aff_unique2=&aff_unique3=&name=fallback&url= HTTP 302
  • https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ok.battletrain.xyz/ee/
Redirect Chain
  • http://trk.bubblewaves.online/aff_c?source=2&offer_id=174&aff_click_id=&aff_id=2&aff_sub=2&aff_sub2=2&aff_sub3=2&aff_sub4=&aff_sub5=&aff_unique1=&aff_unique2=&aff_unique3=&name=fallback&url=
  • https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.181.222 , United States, ASN (),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash
b4a96f59fe4a743fb67402d9257cc757c1fe17e168df386ba85897554acc7ed7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85604fe5ecee9107-FRA
content-encoding
br
content-type
text/html
date
Thu, 15 Feb 2024 20:31:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SqlwGuIAZBK2mWU30cJwE6Pm%2Fv6LsQqla29z6ZV%2FnUruoZBkEPM%2Fi6lrbEYOGqu4RnQbuRPoiYww9Vt%2BfKPJivafMhPXQpqn0UFpgSSNnS%2B7ZJrJcEmqnhP7yT7PAmlwPuWTTk4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.4.16

Redirect headers

Access-Control-Allow-Headers
Tune-SDK-Version
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
259
Content-Type
text/html; charset=iso-8859-1
Date
Thu, 15 Feb 2024 20:31:01 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Location
https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
P3p
CP="NOI CUR OUR NOR INT"
Pragma
no-cache
Server
nginx
Tracking_id
1028c1a1b3beff9737033ae523cf76
X-Request-Id
0b0cd17b3f62a5e03de69da7b04bd97c
X-Robots-Tag
noindex, nofollow
css
fonts.googleapis.com/ 		402 B
721 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Fredoka+One
Requested by
Host: ok.battletrain.xyz
URL: https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ca76180c2133d7d13de82a1b213bb4d0d1556d2cfd8c5fea78032f3724ec951f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ok.battletrain.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 15 Feb 2024 20:31:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 15 Feb 2024 20:27:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 15 Feb 2024 20:31:02 GMT
icons.css
ok.battletrain.xyz/ee/ 		1 KB
714 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok.battletrain.xyz/ee/icons.css
Requested by
Host: ok.battletrain.xyz
URL: https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.181.222 , United States, ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
e15d7dddb9141d182250dde30a83b2c1c18796c175468d1b0de7aa9b5924c6d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:31:02 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 29 May 2019 14:15:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5423
etag
W/"5cee93ed-46a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TCPtJ4IH6o%2Fk1gBD%2FGLmYPKdJelpiu7j1x3aXJcAdxuGnlkgmDjog5HzskmIAS0M5vsOPHs3rbtH1yIdT4QaNtzmIGPT6EOyhOuZ%2BH11FjklreimawTlai7Zebf%2FKXDWnsRiwWA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85604fe77fa79107-FRA
alt-svc
h3=":443"; ma=86400
tag.min.js
humsoolt.net/pfe/current/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://humsoolt.net/pfe/current/tag.min.js?z=2674728&t=standalone&ymid=1028c1a1b3beff9737033ae523cf76&var=2
Requested by
Host: ok.battletrain.xyz
URL: https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
429a3d1aacb01159ca3622c9d53df69dcc827e678aa49ebc281a8b5cd91cff91

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ok.battletrain.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 20:31:02 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 16:04:19 GMT
server
nginx
etag
W/"65cce483-386a"
content-type
application/javascript
cache-control
no-cache
access-control-allow-credentials
true
1543246333.woff
ok.battletrain.xyz/ee/ 		0
0
k3kUo8kEI-tA1RRcTZGmTlHGCac.woff2
fonts.gstatic.com/s/fredokaone/v14/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/fredokaone/v14/k3kUo8kEI-tA1RRcTZGmTlHGCac.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fredoka+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9986c62b19bce3791c4c103a4aa87c91d22d9e1c9f252f7f802ea26d3405769
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ok.battletrain.xyz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 13 Feb 2024 06:52:36 GMT
x-content-type-options
nosniff
age
221906
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15596
x-xss-protection
0
last-modified
Mon, 20 Mar 2023 20:35:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Feb 2025 06:52:36 GMT
standalone.min.js
humsoolt.net/pfe/current/ 		69 KB
27 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://humsoolt.net/pfe/current/standalone.min.js?v=3.1.484
Requested by
Host: humsoolt.net
URL: https://humsoolt.net/pfe/current/tag.min.js?z=2674728&t=standalone&ymid=1028c1a1b3beff9737033ae523cf76&var=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ok.battletrain.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 20:31:02 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 16:04:19 GMT
server
nginx
etag
W/"65cce483-11544"
content-type
application/javascript
access-control-allow-origin
https://ok.battletrain.xyz
cache-control
no-cache
access-control-allow-credentials
true
zone
humsoolt.net/ 		908 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://humsoolt.net/zone?pub=0&zone_id=2674728&is_mobile=false&domain=ok.battletrain.xyz&var=2&ymid=1028c1a1b3beff9737033ae523cf76&var_3=&tg=0&sw=3.1.484&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=
Requested by
Host: humsoolt.net
URL: https://humsoolt.net/pfe/current/tag.min.js?z=2674728&t=standalone&ymid=1028c1a1b3beff9737033ae523cf76&var=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
b075a9a7e66d2d2a6f989982ad9e661207e12a5684002e3ce19325ecd4514a6f
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ok.battletrain.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-trace-id
f4d1c436852247e7d63d6ec9726b7ca6
date
Thu, 15 Feb 2024 20:31:02 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ok.battletrain.xyz
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
908
custom
humsoolt.net/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://humsoolt.net/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://ok.battletrain.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://ok.battletrain.xyz
access-control-max-age
86400
content-length
0
content-type
text/plain; charset=utf-8
date
Thu, 15 Feb 2024 20:31:02 GMT
server
nginx
custom
humsoolt.net/ 		39 B
333 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://humsoolt.net/custom
Requested by
Host: ok.battletrain.xyz
URL: https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://ok.battletrain.xyz/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
714ff36800b3c837c4fb0d821a955ded
date
Thu, 15 Feb 2024 20:31:02 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ok.battletrain.xyz
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
39
custom
humsoolt.net/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://humsoolt.net/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://ok.battletrain.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://ok.battletrain.xyz
access-control-max-age
86400
content-length
0
content-type
text/plain; charset=utf-8
date
Thu, 15 Feb 2024 20:31:02 GMT
server
nginx
custom
humsoolt.net/ 		39 B
333 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://humsoolt.net/custom
Requested by
Host: ok.battletrain.xyz
URL: https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://ok.battletrain.xyz/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
5987bdfa8e0558140df68ede64aa1b69
date
Thu, 15 Feb 2024 20:31:02 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ok.battletrain.xyz
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
39
afu.php
ellcurvth.com/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ellcurvth.com/afu.php?zoneid=2674730
Requested by
Host: ok.battletrain.xyz
URL: https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://ok.battletrain.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf8
date
Thu, 15 Feb 2024 20:31:02 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
link
<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://ak.ocoaksib.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
pragma
no-cache
server
nginx
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff
x-trace-id
c38e922612ee62a81af20b303afdbf0c
gid.js
my.rtmark.net/ 		65 B
546 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=bfae909396234bad8f88e4d289a1e9c2&zoneId=2674728&checkDuplicate=true&ymid=1028c1a1b3beff9737033ae523cf76&var=2
Requested by
Host: ok.battletrain.xyz
URL: https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ok.battletrain.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:31:02 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ok.battletrain.xyz
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
1543246333.ttf
ok.battletrain.xyz/ee/ 		0
0
img.gif
my.rtmark.net/ 		43 B
504 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=9bbcff0649a94f3bb9fb6afe29f0b058
Requested by
Host: ellcurvth.com
URL: https://ellcurvth.com/afu.php?zoneid=2674730
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:31:02 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
https://ellcurvth.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
/
ak.ocoaksib.com/4/6118780/ 		33 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ak.ocoaksib.com/4/6118780/?var=2674730&btz=&bto=
Requested by
Host: ellcurvth.com
URL: https://ellcurvth.com/afu.php?zoneid=2674730
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
72.247.153.171 Düsseldorf, Germany, ASN (),
Reverse DNS
a72-247-153-171.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
03f73d1a2b5dd0fbda8fc45eb3678f4ee856a132f62a1825c51ab0ea7772d89e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding, favicon
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
* *
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
13327
content-type
text/html; charset=utf8
date
Thu, 15 Feb 2024 20:31:02 GMT
expires
Thu, 15 Feb 2024 20:31:02 GMT
link
<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma
no-cache
timing-allow-origin
*
vary
Accept-Encoding
x-trace-id
144989bb0ea3ba84c5ee2c30e959179d
sftouch
ak.ocoaksib.com/ 		2 B
539 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://ak.ocoaksib.com/sftouch?userId=9efc24ed7e494bf98e6fc49ceffbb39f&z=6118780&p_rid=89d262e5-5733-471b-9c93-39db70297b83&p_src=sf&branchId=150041&rb=6-TQBUNiMEXTMR5yq1LcQVYZ8wZSnw9xi1YokBxXPfZW7QE6cQRsQuI850lXqiZRYIGBDvphA4wjHtY8SlPrIaNVPLC6gJYX6FteEdu9M5077GLPKd7ilxgqVT4PD5e5dmFlN16GAvnViZDQ5HdZZh5ub7F3qYkna-w_tG3G1LcTdD9E1_aMCJ7h0Yxi_CohluTKFHAQaza9Nb-iOCaOhfZ1wr7gd6mwOsk2pUEQRakbI55F9vJs7BXwuSE3ejfhbiv_Y54SYnBjR0XnWN3R3DhSS3NW1HaBV-jZZrB71A3iRu_3DIETmA==
Requested by
Host: ak.ocoaksib.com
URL: https://ak.ocoaksib.com/4/6118780/?var=2674730&btz=&bto=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
72.247.153.171 Düsseldorf, Germany, ASN (),
Reverse DNS
a72-247-153-171.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ak.ocoaksib.com/4/6118780/?var=2674730&btz=&bto=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=1
date
Thu, 15 Feb 2024 20:31:02 GMT
x-content-type-options
nosniff
content-length
2
x-trace-id
652dbc11a5544d6930f2479a98768ade
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain
access-control-allow-origin
https://ak.ocoaksib.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires
Thu, 15 Feb 2024 20:31:02 GMT
img.gif
my.rtmark.net/ 		43 B
490 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=9efc24ed7e494bf98e6fc49ceffbb39f&z=6118780&p_rid=89d262e5-5733-471b-9c93-39db70297b83&p_src=sf
Requested by
Host: ak.ocoaksib.com
URL: https://ak.ocoaksib.com/4/6118780/?var=2674730&btz=&bto=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ak.ocoaksib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 20:31:02 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
add
datatechone.com/log/ 		2 B
468 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=89d262e5-5733-471b-9c93-39db70297b83
Requested by
Host: ak.ocoaksib.com
URL: https://ak.ocoaksib.com/4/6118780/?var=2674730&btz=&bto=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.48.68.71 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx/1.19.10 /
Resource Hash

Request headers

Referer
https://ak.ocoaksib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 15 Feb 2024 20:31:02 GMT
Server
nginx/1.19.10
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://ak.ocoaksib.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length
2
Primary Request click.php
noeblithre.com/
Redirect Chain
  • https://ak.ocoaksib.com/?z=6118780&syncedCookie=true&rhd=false
  • https://noeblithre.com/click.php?key=0r0hpl1w1u2v72m6ncvn&visitor_id=782093178932305994&cost=0.001856&zoneid=6118780&campaignid=7936736&device=desktop&browser=chrome&os=windows&osversion=win10&coun...
73 KB
39 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://noeblithre.com/click.php?key=0r0hpl1w1u2v72m6ncvn&visitor_id=782093178932305994&cost=0.001856&zoneid=6118780&campaignid=7936736&device=desktop&browser=chrome&os=windows&osversion=win10&country=DE&language=de&isp=cloudflare%20inc.&user_activity=high&countryname=DE&c=XKfWUT0MY0sFNGX7wv4fBX5iV2s=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
95.211.163.23 , Netherlands, ASN (),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
af5bb643328ca8cc59b67a3f6dc7c5c7aeec99cbe8de26be8109c4eef6475082

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://ak.ocoaksib.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 15 Feb 2024 20:30:57 GMT
Server
nginx/1.16.0
Transfer-Encoding
chunked

Redirect headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://ak.ocoaksib.com
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store
content-length
0
date
Thu, 15 Feb 2024 20:31:02 GMT
expires
Thu, 15 Feb 2024 20:31:02 GMT
link
<https://noeblithre.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location
https://noeblithre.com/click.php?key=0r0hpl1w1u2v72m6ncvn&visitor_id=782093178932305994&cost=0.001856&zoneid=6118780&campaignid=7936736&device=desktop&browser=chrome&os=windows&osversion=win10&country=DE&language=de&isp=cloudflare inc.&user_activity=high&countryname=DE&c=XKfWUT0MY0sFNGX7wv4fBX5iV2s=
pragma
no-cache
referrer-policy
no-referrer
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff
x-trace-id
6640fe88e365a098009297aa3e0897e9
truncated
/ 		52 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
55b39e0443cb0436fd8ee4c860ba541685d8ea440f1d2769ed382375b942696f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/jpeg

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ok.battletrain.xyz
URL
https://ok.battletrain.xyz/ee/1543246333.woff
Domain
ok.battletrain.xyz
URL
https://ok.battletrain.xyz/ee/1543246333.ttf

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Domain/Path Name / Value
my.rtmark.net/ Name: ID
Value: bfae909396234bad8f88e4d289a1e9c2
ellcurvth.com/ Name: OAID
Value: 9bbcff0649a94f3bb9fb6afe29f0b058
ellcurvth.com/ Name: oaidts
Value: 1708029062
ak.ocoaksib.com/ Name: oaidts
Value: 1708029062
ak.ocoaksib.com/ Name: OAID
Value: bfae909396234bad8f88e4d289a1e9c2
ak.ocoaksib.com/ Name: syncedCookie
Value: true
noeblithre.com/ Name: uclick
Value: h9b4xisy9r
noeblithre.com/ Name: uclickhash
Value: h9b4xisy9r-h9b4xisy9r-duqq-y9tw8n-k2sy0-2t8p46-2tlpqe-234b1e

5 Console Messages

Source Level URL
Text
other warning URL: https://ok.battletrain.xyz/ee/?sid=2&cid=1028c1a1b3beff9737033ae523cf76
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ellcurvth.com/partitial/5578752/?var=2674730&ab2r=0&prfrev=false&rhd=false&sf=1
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ellcurvth.com/partitial/5578752/?var=2674730&ab2r=0&prfrev=false&rhd=false&sf=1
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ak.ocoaksib.com/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&sf=1
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ak.ocoaksib.com/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&sf=1
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.