ww1.exact-offer.xyz Open in urlscan Pro
199.59.243.225 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://1698091620062.monthlyjisit.co.uk/
Effective URL:
http://ww1.exact-offer.xyz/
Submission: On November 08 via api (November 8th 2023, 10:40:42 pm UTC) from US — Scanned from US

Summary HTTP 25 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 5 countries across 14 domains to perform 25 HTTP transactions. The main IP is 199.59.243.225, located in United States and belongs to AMAZON-02, US. The main domain is ww1.exact-offer.xyz.

This is the only time ww1.exact-offer.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 3	172.104.190.11 172.104.190.11	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
2 3	51.68.81.31 51.68.81.31	16276 (OVH) (OVH)
2 2	34.147.1.177 34.147.1.177	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 5	2606:4700:303... 2606:4700:3037::ac43:cceb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3033::ac43:b9bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	18.232.14.170 18.232.14.170	14618 (AMAZON-AES) (AMAZON-AES)
2	69.175.50.35 69.175.50.35	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2 3	51.68.85.158 51.68.85.158	16276 (OVH) (OVH)
1 2	192.157.56.140 192.157.56.140	55286 (SERVER-MANIA) (SERVER-MANIA)
4	199.59.243.225 199.59.243.225	16509 (AMAZON-02) (AMAZON-02)
5	2607:f8b0:402... 2607:f8b0:4020:805::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:402... 2607:f8b0:4020:807::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:402... 2607:f8b0:4020:804::2001	15169 (GOOGLE) (GOOGLE)
25	10

3 172.104.190.11 (Singapore, Singapore) 3 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-104-190-11.ip.linodeusercontent.com

1698091620062.monthlyjisit.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1699483231571.mechalykirot.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1699483232232.aherdinate.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.68.81.31 (France) 2 redirects

ASN16276 (OVH, FR)

www.rulecontreih.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.147.1.177 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 177.1.147.34.bc.googleusercontent.com

admoustache.media-412.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3037::ac43:cceb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.cogliatu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::ac43:b9bc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.232.14.170 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-232-14-170.compute-1.amazonaws.com

perserymanked.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.175.50.35 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

maze.locktrafficup.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.68.85.158 (France) 2 redirects

ASN16276 (OVH, FR)

www.tropbikewall.art	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.157.56.140 (Buffalo, United States) 1 redirects

ASN55286 (SERVER-MANIA, CA)

exact-offer.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.59.243.225 (United States)

ASN16509 (AMAZON-02, US)

ww1.exact-offer.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4020:805::2004 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:807::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4020:804::2001 (Montreal, Canada)

ASN15169 (GOOGLE, US)

afs.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	exact-offer.xyz 1 redirects exact-offer.xyz ww1.exact-offer.xyz	37 KB
5	google.com www.google.com — Cisco Umbrella Rank: 2	110 KB
5	cogliatu.com 1 redirects www.cogliatu.com	7 KB
4	googleusercontent.com afs.googleusercontent.com — Cisco Umbrella Rank: 9168	2 KB
3	tropbikewall.art 2 redirects www.tropbikewall.art	5 KB
3	rulecontreih.club 2 redirects www.rulecontreih.club	5 KB
2	locktrafficup.org maze.locktrafficup.org	4 KB
2	perserymanked.com 2 redirects perserymanked.com	1 KB
2	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 377313	2 KB
2	media-412.com 2 redirects admoustache.media-412.com	538 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1181	596 B
1	aherdinate.info 1 redirects 1699483232232.aherdinate.info	294 B
1	mechalykirot.top 1 redirects 1699483231571.mechalykirot.top	447 B
1	monthlyjisit.co.uk 1 redirects 1698091620062.monthlyjisit.co.uk	448 B
25	14

	Domain	Requested by
5	www.google.com	ww1.exact-offer.xyz www.google.com
5	www.cogliatu.com	1 redirects www.rulecontreih.club www.cogliatu.com www.tropbikewall.art
4	afs.googleusercontent.com	www.google.com
4	ww1.exact-offer.xyz	exact-offer.xyz ww1.exact-offer.xyz
3	www.tropbikewall.art	2 redirects maze.locktrafficup.org
3	www.rulecontreih.club	2 redirects
2	exact-offer.xyz	1 redirects www.cogliatu.com
2	maze.locktrafficup.org	www.cogliatu.com maze.locktrafficup.org
2	perserymanked.com	2 redirects
2	cdn.addlnk.com	www.cogliatu.com
2	admoustache.media-412.com	2 redirects
1	partner.googleadservices.com	www.google.com
1	1699483232232.aherdinate.info	1 redirects
1	1699483231571.mechalykirot.top	1 redirects
1	1698091620062.monthlyjisit.co.uk	1 redirects
25	15

This site contains no links.

Subject Issuer	Validity	Valid
www.rulecontreih.club R3	`2023-09-11` - `2023-12-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-10` - `2024-02-10`	a year	crt.sh
addlnk.com GTS CA 1P5	`2023-10-09` - `2024-01-07`	3 months	crt.sh
maze.locktrafficup.org R3	`2023-09-03` - `2023-12-02`	3 months	crt.sh
www.tropbikewall.art R3	`2023-09-19` - `2023-12-18`	3 months	crt.sh
exact-offer.xyz R3	`2023-09-28` - `2023-12-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://ww1.exact-offer.xyz/
Frame ID: BF0C40F47586596CCDFBA01BB29EAD2B
Requests: 17 HTTP requests in this frame

Frame: https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
Frame ID: E2F673FF53975BFE977C5A847E35C680
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol322%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol490&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.exact-offer.xyz%3Fcaf%26&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3&nocache=7551699483238135&num=0&output=afd_ads&domain_name=ww1.exact-offer.xyz&v=3&bsl=8&pac=0&u_his=13&u_tz=-600&dt=1699483238136&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=578165713&uio=-&cont=rs&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww1.exact-offer.xyz%2F
Frame ID: C0F2A5BC02AF49612F1267DF9835FEF9
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Exact-offer.xyz

Page URL History Show full URLs

http://1698091620062.monthlyjisit.co.uk/ HTTP 302
http://1699483231571.mechalykirot.top/cc6cac03-c428-40cc-a358-d43cc6e7c511?n=1&t=1699483231571&l_next=aHR0cHM6Ly93... HTTP 302
http://1699483232232.aherdinate.info/6ac2eba1-ded7-4f84-927a-b882f7f67412?n=2&t=1699483231571&l_next=aHR0cHM6Ly93... HTTP 302
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag= Page URL
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=&eyeg=60725ae7105d147b82ac9a... HTTP 302
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=&eyeg=3&eyer=0.6093947271889... HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000da5907713589e5ce39b8d552c08... HTTP 302
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e621de1700001f9f2b0&pubid=503 Page URL
https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a... HTTP 302
https://maze.locktrafficup.org/?utm_medium=831c4eeb29cba61b7b660aba8072584969f8c2fa&utm_campaign=Sep23_13_a... Page URL
https://maze.locktrafficup.org/proc.php?0a6884bf64b1dacaa6c8f62258b6ecdd485caf53 Page URL
https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website... Page URL
https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website... HTTP 302
https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website... HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=330006ab9909dd698611a7304171fa2d... HTTP 302
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e642aba9c000192ed9b&pubid=503 Page URL
https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a... HTTP 302
https://exact-offer.xyz/chat?external_id=w2fim19an19sfuss2i038d1i&cost=&external_cid=b12060d5-e9c9-4... Page URL
https://exact-offer.xyz/chat?ch=1&cid=8b6fd34c-5569-f705-1f17-d62a757242b1&cost=&external_cid=b12060... HTTP 302
http://ww1.exact-offer.xyz/ Page URL

Page Statistics

25
Requests

80 %
HTTPS

38 %
IPv6

14
Domains

15
Subdomains

10
IPs

5
Countries

171 kB
Transfer

376 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://1698091620062.monthlyjisit.co.uk/ HTTP 302
http://1699483231571.mechalykirot.top/cc6cac03-c428-40cc-a358-d43cc6e7c511?n=1&t=1699483231571&l_next=aHR0cHM6Ly93d3cucnVsZWNvbnRyZWloLmNsdWIvP3NsPTU2OTgzMzQtNzVmZDYmZGF0YTE9VHJhY2sxJmRhdGEyPVRyYWNrMiZ0YWc9&type_v=global&key_v=error HTTP 302
http://1699483232232.aherdinate.info/6ac2eba1-ded7-4f84-927a-b882f7f67412?n=2&t=1699483231571&l_next=aHR0cHM6Ly93d3cucnVsZWNvbnRyZWloLmNsdWIvP3NsPTU2OTgzMzQtNzVmZDYmZGF0YTE9VHJhY2sxJmRhdGEyPVRyYWNrMiZ0YWc9&type_v=global&key_v=error HTTP 302
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag= Page URL
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=&eyeg=60725ae7105d147b82ac9a5f00208aeb&eyer=0.6093947271889977&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=&eyeg=3&eyer=0.6093947271889977&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000da5907713589e5ce39b8d552c08522261108-202311-flb*5698334-75fd6**sl_5698334-75fd6*3ed6b7b71ed955789831b100d4b9c3a3d4b86ac8** HTTP 302
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e621de1700001f9f2b0&pubid=503 Page URL
https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a095e6cdfd111652 HTTP 302
https://maze.locktrafficup.org/?utm_medium=831c4eeb29cba61b7b660aba8072584969f8c2fa&utm_campaign=Sep23_13_all&1=81b90edf_503&cid=w8ltnoni1l54luss200gao4s Page URL
https://maze.locktrafficup.org/proc.php?0a6884bf64b1dacaa6c8f62258b6ecdd485caf53 Page URL
https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909 Page URL
https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909&eyeg=99f966581a774f878a18a2df44920cfd&eyer=0.4487142300150839&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=maze.locktrafficup.org HTTP 302
https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909&eyeg=3&eyer=0.4487142300150839&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=maze.locktrafficup.org HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=330006ab9909dd698611a7304171fa2df66ac1108-202311-flb*5706540-e4d07*M7299224910147092630*sl_5706540-e4d07*ba531387fb575a6b7218f9eab33c49dab58f31e3*909-d39ea750*909 HTTP 302
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e642aba9c000192ed9b&pubid=503 Page URL
https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a095e6cdfd111652 HTTP 302
https://exact-offer.xyz/chat?external_id=w2fim19an19sfuss2i038d1i&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&publisher=eran&placement=81b90edf_503&ts=c181ca30-04e8-4bfc-aa50-ac6cfc246e76&cid=8b6fd34c-5569-f705-1f17-d62a757242b1 Page URL
https://exact-offer.xyz/chat?ch=1&cid=8b6fd34c-5569-f705-1f17-d62a757242b1&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&external_id=w2fim19an19sfuss2i038d1i&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY5OTQ5MDQzNywiaWF0IjoxNjk5NDgzMjM3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydWFzZTAwMzhscWc1NGpjbmszNTE4czQiLCJuYmYiOjE2OTk0ODMyMzcsInRzIjoxNjk5NDgzMjM3MjcxMDAzfQ._0iASFNmwV-R07idu4ArC5-C2pQ4Z6zO85rJ1sAe3LQ&placement=81b90edf_503&publisher=eran&sid=d618e161-7e87-11ee-94aa-4b2c30126eda&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&ts=c181ca30-04e8-4bfc-aa50-ac6cfc246e76 HTTP 302
http://ww1.exact-offer.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://1698091620062.monthlyjisit.co.uk/ HTTP 302
http://1699483231571.mechalykirot.top/cc6cac03-c428-40cc-a358-d43cc6e7c511?n=1&t=1699483231571&l_next=aHR0cHM6Ly93d3cucnVsZWNvbnRyZWloLmNsdWIvP3NsPTU2OTgzMzQtNzVmZDYmZGF0YTE9VHJhY2sxJmRhdGEyPVRyYWNrMiZ0YWc9&type_v=global&key_v=error HTTP 302
http://1699483232232.aherdinate.info/6ac2eba1-ded7-4f84-927a-b882f7f67412?n=2&t=1699483231571&l_next=aHR0cHM6Ly93d3cucnVsZWNvbnRyZWloLmNsdWIvP3NsPTU2OTgzMzQtNzVmZDYmZGF0YTE9VHJhY2sxJmRhdGEyPVRyYWNrMiZ0YWc9&type_v=global&key_v=error HTTP 302
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=

Request Chain 1

https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=&eyeg=60725ae7105d147b82ac9a5f00208aeb&eyer=0.6093947271889977&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=&eyeg=3&eyer=0.6093947271889977&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000da5907713589e5ce39b8d552c08522261108-202311-flb*5698334-75fd6**sl_5698334-75fd6*3ed6b7b71ed955789831b100d4b9c3a3d4b86ac8** HTTP 302
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e621de1700001f9f2b0&pubid=503

Request Chain 3

https://www.cogliatu.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js

Request Chain 5

https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a095e6cdfd111652 HTTP 302
https://maze.locktrafficup.org/?utm_medium=831c4eeb29cba61b7b660aba8072584969f8c2fa&utm_campaign=Sep23_13_all&1=81b90edf_503&cid=w8ltnoni1l54luss200gao4s

Request Chain 8

https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909&eyeg=99f966581a774f878a18a2df44920cfd&eyer=0.4487142300150839&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=maze.locktrafficup.org HTTP 302
https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909&eyeg=3&eyer=0.4487142300150839&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=maze.locktrafficup.org HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=330006ab9909dd698611a7304171fa2df66ac1108-202311-flb*5706540-e4d07*M7299224910147092630*sl_5706540-e4d07*ba531387fb575a6b7218f9eab33c49dab58f31e3*909-d39ea750*909 HTTP 302
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e642aba9c000192ed9b&pubid=503

Request Chain 10

https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a095e6cdfd111652 HTTP 302
https://exact-offer.xyz/chat?external_id=w2fim19an19sfuss2i038d1i&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&publisher=eran&placement=81b90edf_503&ts=c181ca30-04e8-4bfc-aa50-ac6cfc246e76&cid=8b6fd34c-5569-f705-1f17-d62a757242b1

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/
www.rulecontreih.club/
Redirect Chain

http://1698091620062.monthlyjisit.co.uk/
http://1699483231571.mechalykirot.top/cc6cac03-c428-40cc-a358-d43cc6e7c511?n=1&t=1699483231571&l_next=aHR0cHM6Ly93d3cucnVsZWNvbnRyZWloLmNsdWIvP3NsPTU2OTgzMzQtNzVmZDYmZGF0YTE9VHJhY2sxJmRhdGEyPVRyYWN...
http://1699483232232.aherdinate.info/6ac2eba1-ded7-4f84-927a-b882f7f67412?n=2&t=1699483231571&l_next=aHR0cHM6Ly93d3cucnVsZWNvbnRyZWloLmNsdWIvP3NsPTU2OTgzMzQtNzVmZDYmZGF0YTE9VHJhY2sxJmRhdGEyPVRyYWNr...
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=

4 KB
4 KB

320ms
83ms

Document
text/html

51.68.81.31
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.81.31 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Platform-Version
Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Wed, 08 Nov 2023 22:40:33 GMT
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Length: 224
Content-Type: text/html; charset=utf-8
Date: Wed, 08 Nov 2023 22:40:32 GMT
Keep-Alive: timeout=5
Location: https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=
Vary: Accept
X-Powered-By: Express

GET
H2

200

a91581ead4
www.cogliatu.com/rc/
Redirect Chain

https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=&eyeg=60725ae7105d147b82ac9a5f00208aeb&eyer=0.6093947271889977&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=
https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=&eyeg=3&eyer=0.6093947271889977&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000da5907713589e5ce39b8d552c08522261108-202311-flb*5698334-75fd6**sl_5698334-75fd6*3ed6b7b71ed955789831b100d4b9c3a3d4...
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e621de1700001f9f2b0&pubid=503

2 KB
2 KB

196ms
179ms

Document
text/html

2606:4700:3037::ac43:cceb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e621de1700001f9f2b0&pubid=503
Requested by: Host: www.rulecontreih.club
URL: https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:cceb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.rulecontreih.club/?sl=5698334-75fd6&data1=Track1&data2=Track2&tag=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 823151853c6542c9-EWR
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Wed, 08 Nov 2023 22:40:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7H58jZUHYPS8DvL7dR8HObv3AQETz8GNe0YoIjbvERoIff8juIjHgOefWInsZxP6euSzrqpgdc074XN7yWxxRBoOgICuZT9XbwfgO4U73pixWfL0hyNTO%2F1tkPYfCAz9DTapmPMtn%2F3cb6MxqhVb"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Wed, 08 Nov 2023 22:40:34 GMT
location: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e621de1700001f9f2b0&pubid=503
referer
referrer-policy: no-referrer
server: nginx
x-adjust-use-original-forwarded-for: 1

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 35ms
15ms Stylesheet
text/css 2606:4700:3033::ac43:b9bc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: www.cogliatu.com
URL: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e621de1700001f9f2b0&pubid=503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b9bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 22:40:34 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: J6BPGAS3ETYXTWB4
age: 5054
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dQDZV7cMb0OuN3NjX8Tiv7kqugN1SvV3A1P8LyzRXPWZWA6EpYRr+tK148CNWI8TrFHD8UWtpzuPz+9LoeKsYg==
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtM5Nug9k2u%2BN00aWt97K6FBmr3jskGms%2BlNcfTgY76nWfuM3trC4WH3G2W%2FMY76x2d%2BDMkhNdVQQEbd4Lc6AZxzYr19bCaOmLwsPsJmDPKbESqqEFdifJXh6%2B2rOJPWXbXEesWP%2F0afNRy0Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 8231518728da42e9-EWR

GET
H3

200

main.js
www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/ Frame E2F6
Redirect Chain

https://www.cogliatu.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js

7 KB
4 KB

10ms
9ms

Script
application/javascript

2606:4700:3037::ac43:cceb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js

Protocol

Server

2606:4700:3037::ac43:cceb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 22:40:34 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEyik7Buey7XXTS0KUvDfGMkv9f8%2FlGxc20ghWvwBOsfamgzZ86QlKqlcIyv%2FQ0mCmg9Glh2HqacikmhvLIrY8HFBTGncReupraQuSDbD8n7oiZlINjlTU5gRmfiFcK9E4nqfZd4VHGRm%2FPQ7zQD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 823151877ea318a1-EWR
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 08 Nov 2023 22:40:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3CnZT0vgtyT22z1EVD9EOks3hTGgieMYmyM2bG0ni51JtyAMI%2Bbw3HwNU2QHbQPimDtD6OBQ86Wi7zxo%2BNrMydgVBhB0s5NE1oorT1Q4FUZgK061rLVeBmd1VuEYOzG3oh%2B46SjtNxMU9YR%2F%2FC9J"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
cache-control: max-age=300, public
cf-ray: 823151876edc42c9-EWR
alt-svc: h3=":443"; ma=86400

POST
H3 200 823151853c6542c9
www.cogliatu.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame E2F6 0
557 B 27ms
26ms XHR
text/plain 2606:4700:3037::ac43:cceb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/jsd/r/823151853c6542c9
Requested by: Host: www.cogliatu.com
URL: https://www.cogliatu.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:cceb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 08 Nov 2023 22:40:34 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YjxnAl20%2FB7wSOoD3s6daLSFcN0aQ%2BlokrwxhePj5e%2Ft4GIpL4ycldjLfBdXp4N60ZO%2FydiwuFirvu281LNXCuu5%2BFQbUziqEg9DU7nRFW2jI3d8NALWRN53smGq39xr8IcbzzUShs6ILLTjStUv"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 823151886f6b18a1-EWR
alt-svc: h3=":443"; ma=86400

GET
H2

200

/ Show response
maze.locktrafficup.org/
Redirect Chain

https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a095e6cdfd111652
https://maze.locktrafficup.org/?utm_medium=831c4eeb29cba61b7b660aba8072584969f8c2fa&utm_campaign=Sep23_13_all&1=81b90edf_503&cid=w8ltnoni1l54luss200gao4s

8 KB
3 KB

175ms
49ms

Document
text/html

69.175.50.35
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://maze.locktrafficup.org/?utm_medium=831c4eeb29cba61b7b660aba8072584969f8c2fa&utm_campaign=Sep23_13_all&1=81b90edf_503&cid=w8ltnoni1l54luss200gao4s
Requested by: Host: www.cogliatu.com
URL: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e621de1700001f9f2b0&pubid=503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.175.50.35 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS: server04.com-2.mobi
Software: nginx / PHP/8.2.12
Resource Hash: 7ca990291fa396184a60e2cd7d7bae908ad924d015561f9294625b04b13e3217

Request headers

Referer: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e621de1700001f9f2b0&pubid=503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 08 Nov 2023 22:40:34 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.2.12

Redirect headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 0
date: Wed, 08 Nov 2023 22:40:34 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://maze.locktrafficup.org/?utm_medium=831c4eeb29cba61b7b660aba8072584969f8c2fa&utm_campaign=Sep23_13_all&1=81b90edf_503&cid=w8ltnoni1l54luss200gao4s
pragma: no-cache
server: nginx

GET
H2 200 proc.php
maze.locktrafficup.org/ 1 KB
1 KB 40ms
40ms Document
text/html 69.175.50.35
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://maze.locktrafficup.org/proc.php?0a6884bf64b1dacaa6c8f62258b6ecdd485caf53
Requested by: Host: maze.locktrafficup.org
URL: https://maze.locktrafficup.org/?utm_medium=831c4eeb29cba61b7b660aba8072584969f8c2fa&utm_campaign=Sep23_13_all&1=81b90edf_503&cid=w8ltnoni1l54luss200gao4s
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.175.50.35 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS: server04.com-2.mobi
Software: nginx / PHP/8.2.12
Resource Hash

Request headers

Referer: https://maze.locktrafficup.org/?utm_medium=831c4eeb29cba61b7b660aba8072584969f8c2fa&utm_campaign=Sep23_13_all&1=81b90edf_503&cid=w8ltnoni1l54luss200gao4s
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 08 Nov 2023 22:40:34 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.2.12

GET
H/1.1 200
OK /
www.tropbikewall.art/ 4 KB
4 KB 1332ms
85ms Document
text/html 51.68.85.158
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909
Requested by: Host: maze.locktrafficup.org
URL: https://maze.locktrafficup.org/proc.php?0a6884bf64b1dacaa6c8f62258b6ecdd485caf53
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.85.158 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://maze.locktrafficup.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Platform-Version
Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Wed, 08 Nov 2023 22:40:36 GMT
Transfer-Encoding: chunked

GET
H3

200

a91581ead4
www.cogliatu.com/rc/
Redirect Chain

https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909&eyeg=99f966581a774f878a18a2df44920cfd&eyer=0.4487142300150839&ey...
https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909&eyeg=3&eyer=0.4487142300150839&eyei=0&eyew=1600&eyeh=1200&eyetd=...
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=330006ab9909dd698611a7304171fa2df66ac1108-202311-flb*5706540-e4d07*M7299224910147092630*sl_5706540-e4d07*ba531387fb575a...
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e642aba9c000192ed9b&pubid=503

1 KB
1 KB

180ms
179ms

Document
text/html

2606:4700:3037::ac43:cceb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e642aba9c000192ed9b&pubid=503
Requested by: Host: www.tropbikewall.art
URL: https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:cceb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7299224910147092630&website=909-d39ea750&placement=909
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 823151958d0f18a1-EWR
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Wed, 08 Nov 2023 22:40:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vqza%2FPPVALEaxCKsWM3Wx1stpC4uoX%2F7D3d8lDh65dN2hnb9quKrM2ULORHxVyZwTr8Z4ke3LuDXBTQL4%2F8BCYmM6e2B94EeJjDhHPeGU13%2F89dc4dtmySF2X9vVXXL8bLieKFi3H8rTUez04MU9"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Wed, 08 Nov 2023 22:40:36 GMT
location: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e642aba9c000192ed9b&pubid=503
referer
referrer-policy: no-referrer
server: nginx
x-adjust-use-original-forwarded-for: 1

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
714 B 16ms
14ms Stylesheet
text/css 2606:4700:3033::ac43:b9bc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: www.cogliatu.com
URL: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e642aba9c000192ed9b&pubid=503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b9bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 22:40:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: J6BPGAS3ETYXTWB4
age: 5057
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dQDZV7cMb0OuN3NjX8Tiv7kqugN1SvV3A1P8LyzRXPWZWA6EpYRr+tK148CNWI8TrFHD8UWtpzuPz+9LoeKsYg==
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iw%2FphCGjIjO0VKZoaUr9CjZMxezb81epT2hw03vjm7Ic51IqqYx4dB%2BmUj0BPpuzwivjEZzmqhJ1e6Wre2y3DEZ5xVqmKZy2%2FwJz9tpgH0TE1fWWLBTSHXkaoyWJ4N9GP9O%2FVaVyhX%2FbEvWA1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 82315197af7442e9-EWR

GET
H2

200

chat
exact-offer.xyz/
Redirect Chain

https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a095e6cdfd111652
https://exact-offer.xyz/chat?external_id=w2fim19an19sfuss2i038d1i&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&publisher=eran&placement=81b90e...

737 B
1018 B

76ms
21ms

Document
text/html

192.157.56.140
SERVER-MANIA

General

Check archive.org

Show headers Download Go to

Full URL: https://exact-offer.xyz/chat?external_id=w2fim19an19sfuss2i038d1i&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&publisher=eran&placement=81b90edf_503&ts=c181ca30-04e8-4bfc-aa50-ac6cfc246e76&cid=8b6fd34c-5569-f705-1f17-d62a757242b1
Requested by: Host: www.cogliatu.com
URL: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e642aba9c000192ed9b&pubid=503
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.157.56.140 Buffalo, United States, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
Software: Cowboy /
Resource Hash

Request headers

Referer: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0e642aba9c000192ed9b&pubid=503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 737
content-type: text/html; charset=utf-8
date: Wed, 08 Nov 2023 22:40:36 GMT
server: Cowboy

Redirect headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 0
date: Wed, 08 Nov 2023 22:40:37 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://exact-offer.xyz/chat?external_id=w2fim19an19sfuss2i038d1i&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&publisher=eran&placement=81b90edf_503&ts=c181ca30-04e8-4bfc-aa50-ac6cfc246e76&cid=8b6fd34c-5569-f705-1f17-d62a757242b1
pragma: no-cache
server: nginx

GET
H/1.1

200
OK

Primary Request / Show response
ww1.exact-offer.xyz/
Redirect Chain

https://exact-offer.xyz/chat?ch=1&cid=8b6fd34c-5569-f705-1f17-d62a757242b1&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&external_id=w2fim19an19sfuss2i038d1i&js=eyJhbGciOiJIUzI1NiIsInR5cC...
http://ww1.exact-offer.xyz/

1 KB
2 KB

31ms
18ms

Document
text/html

199.59.243.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww1.exact-offer.xyz/
Requested by: Host: exact-offer.xyz
URL: https://exact-offer.xyz/chat?external_id=w2fim19an19sfuss2i038d1i&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&publisher=eran&placement=81b90edf_503&ts=c181ca30-04e8-4bfc-aa50-ac6cfc246e76&cid=8b6fd34c-5569-f705-1f17-d62a757242b1
Protocol: HTTP/1.1
Server: 199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 592e620bf02621ad99b6dbed8a64b599ea6dec1031e39d3402d3a8437f1e2d9c

Request headers

Referer: https://exact-offer.xyz/chat?external_id=w2fim19an19sfuss2i038d1i&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&publisher=eran&placement=81b90edf_503&ts=c181ca30-04e8-4bfc-aa50-ac6cfc246e76&cid=8b6fd34c-5569-f705-1f17-d62a757242b1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: sec-ch-prefers-color-scheme
cache-control: no-store, max-age=0
content-length: 1029
content-type: text/html; charset=utf-8
critical-ch: sec-ch-prefers-color-scheme
date: Wed, 08 Nov 2023 22:40:37 GMT
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xut8cBHRYhQF1IqgkVkqk00+n0vo5FWsETkbpK4MFWxHRtFYwBuYXjGi68f7rg6sbncnr55cZWZwlcF32+kl+Q==
x-request-id: 4dc7bc74-4305-457e-ae0b-4d992565842b

Redirect headers

cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Wed, 08 Nov 2023 22:40:37 GMT
location: http://ww1.exact-offer.xyz
server: Cowboy

GET
H/1.1 200
OK bhtHbKvvC.js Show response
ww1.exact-offer.xyz/ 31 KB
31 KB 11ms
10ms Script
application/javascript 199.59.243.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww1.exact-offer.xyz/bhtHbKvvC.js
Requested by: Host: ww1.exact-offer.xyz
URL: http://ww1.exact-offer.xyz/
Protocol: HTTP/1.1
Server: 199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 139577c9673a9a313d14878db0adbaf5ee23bdcb2f5e751fbc8c1a6f7898426d

Request headers

accept-language: en-US,en;q=0.9
Referer: http://ww1.exact-offer.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 22:40:37 GMT
content-length: 31954
x-request-id: 0666a108-ac5f-4c1a-8207-e5cdebc15d95
content-type: application/javascript; charset=utf-8

POST
H/1.1 200
OK _fd Show response
ww1.exact-offer.xyz/ 4 KB
2 KB 41ms
41ms Fetch
text/html 199.59.243.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww1.exact-offer.xyz/_fd
Requested by: Host: ww1.exact-offer.xyz
URL: http://ww1.exact-offer.xyz/bhtHbKvvC.js
Protocol: HTTP/1.1
Server: 199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: 33fa8adfc2767ac4396e7e9c5528af1efe262561692601edc787e49d16bbde95

Request headers

Accept: application/json
Referer: http://ww1.exact-offer.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

x-version: 2.110.3
date: Wed, 08 Nov 2023 22:40:37 GMT
content-encoding: gzip
pragma: no-cache
server: openresty
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length: 2050
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 caf.js Show response
www.google.com/adsense/domains/ 147 KB
54 KB 81ms
38ms Script
text/javascript 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/adsense/domains/caf.js

Requested by

Host: ww1.exact-offer.xyz
URL: http://ww1.exact-offer.xyz/bhtHbKvvC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39daf106bca164dcb05971637de0f2dd54ec4b2d353857ad4f2d55d5cd257b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://ww1.exact-offer.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 22:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "8044902416336820376"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Wed, 08 Nov 2023 22:40:38 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 384 B
596 B 223ms
35ms Script
text/javascript 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ww1.exact-offer.xyz&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie

Requested by

Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b300dfd0509e618e3f1d57e93b786749a9cefdc717512424c81bc2d14baa5435

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://ww1.exact-offer.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 22:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 244
x-xss-protection: 0

GET
H2 200 ads Show response
www.google.com/afs/ Frame C0F2 13 KB
3 KB 137ms
132ms Document
text/html 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol322%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol490&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.exact-offer.xyz%3Fcaf%26&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3&nocache=7551699483238135&num=0&output=afd_ads&domain_name=ww1.exact-offer.xyz&v=3&bsl=8&pac=0&u_his=13&u_tz=-600&dt=1699483238136&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=578165713&uio=-&cont=rs&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww1.exact-offer.xyz%2F

Requested by

Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

2968b361e516384cda6730ad0d42fe04229fed2dbb49df0afd8938b363a0cd45

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-vtnvYkqoUGhbxFI1eoB8HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection	0

Request headers

Referer: http://ww1.exact-offer.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600
content-disposition: inline
content-encoding: br
content-length: 2557
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-vtnvYkqoUGhbxFI1eoB8HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
date: Wed, 08 Nov 2023 22:40:38 GMT
expires: Wed, 08 Nov 2023 22:40:38 GMT
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server: gws
x-xss-protection: 0

GET
H2 200 chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame C0F2 200 B
700 B 69ms
15ms Image
image/svg+xml 2607:f8b0:4020:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

Requested by

Host: www.google.com
URL: https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol322%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol490&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.exact-offer.xyz%3Fcaf%26&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301157&format=r3&nocache=7551699483238135&num=0&output=afd_ads&domain_name=ww1.exact-offer.xyz&v=3&bsl=8&pac=0&u_his=13&u_tz=-600&dt=1699483238136&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=578165713&uio=-&cont=rs&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww1.exact-offer.xyz%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 08 Nov 2023 08:20:10 GMT
age: 51628
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 174
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
vary: Accept-Encoding
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type: image/svg+xml
cache-control: public, max-age=82800
accept-ranges: bytes
expires: Thu, 09 Nov 2023 07:20:10 GMT

GET
H2 200 call_to_action_arrow.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame C0F2 444 B
393 B 71ms
17ms Image
image/svg+xml 2607:f8b0:4020:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 08 Nov 2023 06:23:13 GMT
age: 58645
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 278
x-xss-protection: 0
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
vary: Accept-Encoding
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type: image/svg+xml
cache-control: public, max-age=82800
accept-ranges: bytes
expires: Thu, 09 Nov 2023 05:23:13 GMT

GET
H3 200 caf.js Show response
www.google.com/adsense/domains/ Frame C0F2 147 KB
53 KB 42ms
42ms Script
text/javascript 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/adsense/domains/caf.js?pac=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2909c40846c4ca88d539e0d116d6449d81abb8e639ad2edbebdb008d687d606e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 22:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "12882380692144177743"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Wed, 08 Nov 2023 22:40:38 GMT

GET
H2 200 chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame C0F2 200 B
234 B 71ms
19ms Image
image/svg+xml 2607:f8b0:4020:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 08 Nov 2023 08:20:10 GMT
age: 51628
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 174
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
vary: Accept-Encoding
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type: image/svg+xml
cache-control: public, max-age=82800
accept-ranges: bytes
expires: Thu, 09 Nov 2023 07:20:10 GMT

GET
H2 200 call_to_action_arrow.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame C0F2 444 B
338 B 72ms
20ms Image
image/svg+xml 2607:f8b0:4020:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 08 Nov 2023 06:23:13 GMT
age: 58645
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 278
x-xss-protection: 0
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
vary: Accept-Encoding
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type: image/svg+xml
cache-control: public, max-age=82800
accept-ranges: bytes
expires: Thu, 09 Nov 2023 05:23:13 GMT

POST
H/1.1 200
OK _tr
ww1.exact-offer.xyz/ 2 B
0 74ms
74ms Fetch
text/html 199.59.243.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww1.exact-offer.xyz/_tr
Requested by: Host: ww1.exact-offer.xyz
URL: http://ww1.exact-offer.xyz/bhtHbKvvC.js
Protocol: HTTP/1.1
Server: 199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Accept: application/json
Referer: http://ww1.exact-offer.xyz/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

x-version: 2.110.3
date: Wed, 08 Nov 2023 22:40:38 GMT
content-encoding: gzip
pragma: no-cache
server: openresty
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length: 22
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 204 gen_204
www.google.com/afs/ 0
21 B 44ms
44ms Image
text/html 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=pmnzeb7xg9y2&aqid=Zg5MZYWKF5qJogbIrLLwCQ&psid=3113057640&pbt=bs&adbx=450&adby=143&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=578165713&csala=3%7C0%7C335%7C62%7C23&lle=0&ifv=1&usr=0&hpt=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-x_vWjTCeStri84B9XhEeNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://ww1.exact-offer.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-x_vWjTCeStri84B9XhEeNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date: Wed, 08 Nov 2023 22:40:40 GMT
server: gws
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type: text/html; charset=UTF-8
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
www.google.com/afs/ 0
19 B 43ms
42ms Image
text/html 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=it1x97mdoxap&aqid=Zg5MZYWKF5qJogbIrLLwCQ&psid=3113057640&pbt=bv&adbx=450&adby=143&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=578165713&csala=3%7C0%7C335%7C62%7C23&lle=0&ifv=1&usr=0&hpt=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-97t8Z9A6jEyJ0-HyHwXOSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: http://ww1.exact-offer.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-97t8Z9A6jEyJ0-HyHwXOSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date: Wed, 08 Nov 2023 22:40:40 GMT
server: gws
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type: text/html; charset=UTF-8
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cogliatu.com/	1970-01-21 00:50:19	Name: cf_clearance Value: BjcdMkN4GzId2HAY7L7Cnh9hSE3Xi3wXEBj4XUFt2Bc-1699483234-0-1-3e30d04f.fd53a3da.dc64aad0-0.2.1699483234
admoustache.media-412.com/	1970-01-21 00:50:19	Name: afclick Value: 654c0e642aba9c000192ed9b
www.cogliatu.com/	1970-01-20 16:14:48	Name: AWSALB Value: a4Hho6nEaMvukEnb5r7OaJ5pW+fEXEhUmZusZW3RKeMXSCbdg5brEtejVBi0yhYt+oVCX37KgXf6KjeV+hFE5oxIXruCUsC+qb4BNsD+UfSQMTkTE26JdrO6Rd19
.perserymanked.com/	1970-01-20 16:06:09	Name: b12060d5-e9c9-4b85-9eb5-b41285f82634-v4 Value: EvP2IXjtFjtZBq2NtWE3MS3nK9FwJobiua7iw03GbN4
.perserymanked.com/	1970-01-21 00:50:19	Name: voluum-cid-v4 Value: %7B%22cid%22%3A%22w2fim19an19sfuss2i038d1i%22%2C%22caid%22%3A%22b12060d5-e9c9-4b85-9eb5-b41285f82634%22%7D
.exact-offer.xyz/	1970-01-21 01:40:43	Name: sid Value: d618e161-7e87-11ee-94aa-4b2c30126eda
ww1.exact-offer.xyz/	1970-01-20 16:04:44	Name: parking_session Value: 4dc7bc74-4305-457e-ae0b-4d992565842b
.exact-offer.xyz/	1970-01-21 01:26:19	Name: __gsas Value: ID=790957b280435be8:T=1699483238:RT=1699483238:S=ALNI_MY6vRtyGoJU2RWbX1NGU4WEDKcXkQ
.google.com/	1970-01-20 20:28:14	Name: NID Value: 511=ZnklgH4eD5Y9XueOWe0XkjxLVngNFHELA43kXrt57C0eBmP-fu5tW8q2KcQWMKanfg4Ykadq413jWxTJGB_go59TzZZoHSPmPSDUlZOJFpUfpzMiRTnWreZwi9D1cP1986gC4c1VNGJ6AGVpdQ_NhEB89nAduTyisd6FGKfQJ_0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.google.com/adsense/domains/caf.js(Line 215) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1698091620062.monthlyjisit.co.uk
1699483231571.mechalykirot.top
1699483232232.aherdinate.info
admoustache.media-412.com
afs.googleusercontent.com
cdn.addlnk.com
exact-offer.xyz
maze.locktrafficup.org
partner.googleadservices.com
perserymanked.com
ww1.exact-offer.xyz
www.cogliatu.com
www.google.com
www.rulecontreih.club
www.tropbikewall.art
172.104.190.11
18.232.14.170
192.157.56.140
199.59.243.225
2606:4700:3033::ac43:b9bc
2606:4700:3037::ac43:cceb
2607:f8b0:4020:804::2001
2607:f8b0:4020:805::2004
2607:f8b0:4020:807::2002
34.147.1.177
51.68.81.31
51.68.85.158
69.175.50.35
139577c9673a9a313d14878db0adbaf5ee23bdcb2f5e751fbc8c1a6f7898426d
2909c40846c4ca88d539e0d116d6449d81abb8e639ad2edbebdb008d687d606e
2968b361e516384cda6730ad0d42fe04229fed2dbb49df0afd8938b363a0cd45
33fa8adfc2767ac4396e7e9c5528af1efe262561692601edc787e49d16bbde95
39daf106bca164dcb05971637de0f2dd54ec4b2d353857ad4f2d55d5cd257b26
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e
592e620bf02621ad99b6dbed8a64b599ea6dec1031e39d3402d3a8437f1e2d9c
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6
7ca990291fa396184a60e2cd7d7bae908ad924d015561f9294625b04b13e3217
b300dfd0509e618e3f1d57e93b786749a9cefdc717512424c81bc2d14baa5435
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

ww1.exact-offer.xyz Open in urlscan Pro 199.59.243.225 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

25 Requests

80 %HTTPS

38 %IPv6

14 Domains

15 Subdomains

10 IPs

5 Countries

171 kBTransfer

376 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

ww1.exact-offer.xyz Open in urlscan Pro
199.59.243.225 Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

80 %
HTTPS

38 %
IPv6

14
Domains

15
Subdomains

10
IPs

5
Countries

171 kB
Transfer

376 kB
Size

9
Cookies

25 HTTP transactions
0 data transactions