urlscan.io logo urlscan.io
SecurityTrails logo

ff.c9l.xyz Open in urlscan Pro
2606:4700:3033::6815:3221  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://onclickprediction.com/jump/next.php?r=6280990
Effective URL: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV41...
Submission: On April 05 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3033::6815:3221, located in United States and belongs to CLOUDFLARENET, US. The main domain is ff.c9l.xyz.
This is the only time ff.c9l.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3 35.190.73.129 15169 (GOOGLE)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 10 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
11 3
Apex Domain
Subdomains		 Transfer
10 c9l.xyz
ff.c9l.xyz
51 KB
3 onclickprediction.com
onclickprediction.com — Cisco Umbrella Rank: 424613
4 KB
1 gstatic.com
fonts.gstatic.com
16 KB
1 oxfoadv.store
www.oxfoadv.store — Cisco Umbrella Rank: 712805
902 B
11 4
Domain Requested by
10 ff.c9l.xyz 1 redirects onclickprediction.com
ff.c9l.xyz
3 onclickprediction.com 2 redirects
1 fonts.gstatic.com ff.c9l.xyz
1 www.oxfoadv.store 1 redirects
11 4

This site contains no links.

Subject Issuer Validity Valid
*.gstatic.com
GTS CA 1C3		 2023-03-20 -
2023-06-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Frame ID: 67B20331AAD32F8B8209B99041A430B5
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

File Download

Page URL History Show full URLs

  1. http://onclickprediction.com/jump/next.php?r=6280990 Page URL
  2. https://onclickprediction.com/jump/next.php?stamat=m%257C%252C4d2Lmd2FqB1dwP0dEdHP3xP.23f%252C2t5FkDDYpjxJ... HTTP 302
    https://onclickprediction.com/script/i.php?t=1&stamat=m%257C%252C%252CQhMWI2OuoGU3BP-GH0dEdHP3xP.530%252Cb... HTTP 302
    http://www.oxfoadv.store/?s=a0203fd8fb08f2bc24b4a82cf7489e9729b7&cid=168068999610000TFRTV415581071534V50 HTTP 302
    http://ff.c9l.xyz/verify.php?xx=100241&s=a0203fd8fb08f2bc24b4a82cf7489e9729b7&cid=168068999610... HTTP 302
    http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=16... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

11
Requests

9 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

68 kB
Transfer

84 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://onclickprediction.com/jump/next.php?r=6280990 Page URL
  2. https://onclickprediction.com/jump/next.php?stamat=m%257C%252C4d2Lmd2FqB1dwP0dEdHP3xP.23f%252C2t5FkDDYpjxJXsMWHSh7wKsTFo_9DWdVnHcBDLzDvAUzZu_agIZXyuEMjsyQ5GIW&cbpage=http://onclickprediction.com/jump/next.php?r=6280990&cbur=0.24709015880377372&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
    https://onclickprediction.com/script/i.php?t=1&stamat=m%257C%252C%252CQhMWI2OuoGU3BP-GH0dEdHP3xP.530%252CbT9Ob70r4CkhKRZhWMYB6Tq_G_GafRXEyhi2LGg2G-lhmSq16L5knoeiofS0O75e8fx5bHoOfHMDpVeKrweeUw1k0ODKWaKHvmYWdBfzS92nQ-wMUF1jgoOC8HOdw-AxKpZf9V3LKyvCWfjpVSSjjI4DMm36ljPKQyvOtgqDOvs-B7BRl32MTG7JpbeBwqSQmSZQOxbmy1vIH0Y138-B-cqPAYMUaU3nSnr3W4pHKau9YgiLmAjbsD_BFKWuraowdloIt1wqdE2rOjQluwSHyRhWAAAyOzwPEd0Mso-KZm6QyzgDxHeFHVitpXmigdUvbndFRMzIbM_4ebShhGi-ji_x70LAj2_wkT97cBwMyN8ThVn-XYcUFoIuU7-76PKZMCqySjtMRohRYhlSW2dmf9WFXlAzty5YBGkEKCAEvjVdehuaCXEvVfVb9p9Js6V0RBBiQDrmmt80nxbuy7D6rcy7Ubqt-4OtwBA-n9rSSQrCaCqwIZAexfh0OvToD3nLkW0zpVns21b_gV_FyfISKY6pl1Mzy6pXb5iki32a1fKrEYn3NcU09mjuCAEXEmrihJc8Y3hkFbcasPd5pX6Vb5XeEAmIylMtByao_WwAB9ggv3D8uwsHWHjy0fEBAM3s HTTP 302
    http://www.oxfoadv.store/?s=a0203fd8fb08f2bc24b4a82cf7489e9729b7&cid=168068999610000TFRTV415581071534V50 HTTP 302
    http://ff.c9l.xyz/verify.php?xx=100241&s=a0203fd8fb08f2bc24b4a82cf7489e9729b7&cid=168068999610000TFRTV415581071534V50 HTTP 302
    http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
next.php
onclickprediction.com/jump/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://onclickprediction.com/jump/next.php?r=6280990
Protocol
HTTP/1.1
Server
35.190.73.129 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
129.73.190.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Wed, 05 Apr 2023 10:19:56 GMT
Server
openresty
Transfer-Encoding
chunked
Via
1.1 google
Primary Request /
ff.c9l.xyz/oxford/
Redirect Chain
  • https://onclickprediction.com/jump/next.php?stamat=m%257C%252C4d2Lmd2FqB1dwP0dEdHP3xP.23f%252C2t5FkDDYpjxJXsMWHSh7wKsTFo_9DWdVnHcBDLzDvAUzZu_agIZXyuEMjsyQ5GIW&cbpage=http://onclickprediction.com/ju...
  • https://onclickprediction.com/script/i.php?t=1&stamat=m%257C%252C%252CQhMWI2OuoGU3BP-GH0dEdHP3xP.530%252CbT9Ob70r4CkhKRZhWMYB6Tq_G_GafRXEyhi2LGg2G-lhmSq16L5knoeiofS0O75e8fx5bHoOfHMDpVeKrweeUw1k0ODK...
  • http://www.oxfoadv.store/?s=a0203fd8fb08f2bc24b4a82cf7489e9729b7&cid=168068999610000TFRTV415581071534V50
  • http://ff.c9l.xyz/verify.php?xx=100241&s=a0203fd8fb08f2bc24b4a82cf7489e9729b7&cid=168068999610000TFRTV415581071534V50
  • http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Requested by
Host: onclickprediction.com
URL: http://onclickprediction.com/jump/next.php?r=6280990
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:3221 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94333e898a602bed5db162f74c4acf63fe72fbb5c44a50195a12969d5522e1f2

Request headers

Referer
http://onclickprediction.com/jump/next.php?r=6280990
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
7b310e45cc0ad28f-CDG
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Wed, 05 Apr 2023 10:19:57 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t8SSLSEYXWd05BdfydrA1QY9wctkdELPtgvCt83wLxBvE4xuVxUv6D6C3wkZMqN%2FuGEHvo9EzBRX96P6cTCVARhvSmaQqO18LTs3IlCwWWd70TNrc54cin%2Fcuk%2BDaQAx7SGQt%2BMQx9lg"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
7b310e447ba6d28f-CDG
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 05 Apr 2023 10:19:57 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1aI1tlWwbFut6ezrJOqIWnOi76llEuhCrjL0qLHMfMbWByeGXe6GpHnMPCr8Y6IHl9zfs7NVV7uOuHTLPrV1p%2FyDRje1p2ncbdwnNBC%2F8yQORR5cf1FaXNJy8158qkcKqDKAIRCl7Zv"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
location
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50#
js.cookie.min.js
ff.c9l.xyz/templates/FileDownV2/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ff.c9l.xyz/templates/FileDownV2/js/js.cookie.min.js
Requested by
Host: ff.c9l.xyz
URL: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:3221 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3138064ce6d74b3a5fa2aed4f07ea29b2039cb745e94911d829cc6e5ef7fe531

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 05 Apr 2023 10:19:57 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2030
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified
Fri, 31 Mar 2023 02:44:45 GMT
Server
cloudflare
ETag
W/"6426491d-6d8"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ORGU4gI%2B%2FDCtNhfXeR%2F8BbX2mgQoEKxf372c4XrDs3lb2Fp9B5w%2BfhtfrqpQ5RuDKWuXrxQZJN%2FkSya6xJy6%2BKZktmSuN0dsE%2FVbRqUHr5MXIp0ZbzUbDOjAFRzQER7ZWQk1GIktF019"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=43200
CF-RAY
7b310e472cadd28f-CDG
Expires
Wed, 05 Apr 2023 19:37:22 GMT
main.min.js
ff.c9l.xyz/templates/FileDownV2/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ff.c9l.xyz/templates/FileDownV2/js/main.min.js
Requested by
Host: ff.c9l.xyz
URL: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:3221 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19460d606fd119668b99fc0755f899c81b551404ff26d3549fde6d1e5633013e

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 05 Apr 2023 10:19:57 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
9571
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified
Fri, 31 Mar 2023 02:44:45 GMT
Server
cloudflare
ETag
W/"6426491d-c5c"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7P6qU0JbLowJseoVvNrLRVKWLVAxl%2Fnmd2cERVVAHqI60ojYGK7la%2BMnBVKdn37UeRl%2Bc1ncRFOR%2B%2BbCb3Y%2FNxBzrfsFgiKrANhRDKCEQHZkYTVLxouYvgYsvqCeP6c%2FhrCA%2BtI8J%2F5K"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=43200
CF-RAY
7b310e476d3bd6ca-CDG
Expires
Wed, 05 Apr 2023 19:37:22 GMT
css2.css
ff.c9l.xyz/templates/FileDownV2/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ff.c9l.xyz/templates/FileDownV2/css/css2.css
Requested by
Host: ff.c9l.xyz
URL: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:3221 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c655756185194bb230c5d28da0779e7cd00d10611c372b400f65e01545ce549

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 05 Apr 2023 10:19:57 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
4512
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified
Fri, 31 Mar 2023 02:44:45 GMT
Server
cloudflare
ETag
W/"6426491d-c81"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LDmfDw%2B%2BqLkcA3bu6QHQLW%2FlojuLLkMeGbJ1InU5lmA0bDx6fZSdUShxZ5RsVW5Mc4bCOleFaal1iW6SoW2A2ZrIn2HlL8XVtdTsMwXpWdCEoGCVjpJT%2BjELlnRRifHBosrrkaGSBZod"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=43200
CF-RAY
7b310e474a99d646-CDG
Expires
Wed, 05 Apr 2023 19:37:22 GMT
css.min.css
ff.c9l.xyz/templates/FileDownV2/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ff.c9l.xyz/templates/FileDownV2/css/css.min.css
Requested by
Host: ff.c9l.xyz
URL: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:3221 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f11bb29130ba9acbf0ef98d75d483c99ed37cde0d082a17fd47659aff0d3ca30

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 05 Apr 2023 10:19:57 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
9570
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified
Fri, 31 Mar 2023 02:44:45 GMT
Server
cloudflare
ETag
W/"6426491d-4ae"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEurWwXR2gK2IfkNQUuswwRWJmDRdQ6bxw4cLqOnidK3n0%2Ft5qR%2Fqyt6MIJZTI0xEnuamKpLBbRJ9gNROfGuBI8XYKrL%2BeluR5DmxYR9ObMREQJCiHhrpsdnC6%2FqEJABJn%2BOqZeKGfnt"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=43200
CF-RAY
7b310e47485d99e5-CDG
Expires
Wed, 05 Apr 2023 19:37:22 GMT
styles.min.css
ff.c9l.xyz/templates/FileDownV2/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ff.c9l.xyz/templates/FileDownV2/css/styles.min.css
Requested by
Host: ff.c9l.xyz
URL: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:3221 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d092724cabc4718ff06f75c288950da071136321fdef703a57f3a73c2a3292eb

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 05 Apr 2023 10:19:57 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
4366
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified
Fri, 31 Mar 2023 02:44:45 GMT
Server
cloudflare
ETag
W/"6426491d-c03"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DW4l4kkR%2BMV%2BErHxwYacsQ%2FkBI2Sus33Em8VO3UXDprdaP09dT%2FdGf3YzRmR40jEPGcmdH5wgmVDU2BSsO9E5feWoBYMMHt7cLll5GSP44OhntZcArhnc5eYKFZTb7vt06maqOnt%2Bwat"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=43200
CF-RAY
7b310e47584002cf-CDG
Expires
Wed, 05 Apr 2023 19:37:22 GMT
utils.js
ff.c9l.xyz/templates/FileDownV2/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ff.c9l.xyz/templates/FileDownV2/js/utils.js
Requested by
Host: ff.c9l.xyz
URL: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:3221 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
667f0b29ff668bb5066e8f880f26c9bda92645ffa9b6410af847e12a5971c1a6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 05 Apr 2023 10:19:57 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2582
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified
Fri, 31 Mar 2023 02:44:45 GMT
Server
cloudflare
ETag
W/"6426491d-1e34"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LWXFoqNT4PXn4E8edOpyi63qNnBrMd354ERAGmPsRGHvFFxPmueOXEf9%2BbN2ThrVQWO0FAkC8q4ZSLblKVbxBUUfQNxqGuYaE1jpZeCAtr9uL81jBcRqxzj7SZu%2B%2BBhhXhnSLWzNMuYc"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=43200
CF-RAY
7b310e475b8e13a3-CDG
Expires
Wed, 05 Apr 2023 19:37:22 GMT
arrow__up.png
ff.c9l.xyz/templates/FileDownV2/img/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ff.c9l.xyz/templates/FileDownV2/img/arrow__up.png
Requested by
Host: ff.c9l.xyz
URL: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:3221 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4399fd13a2b71e3f70846fd5de33d293ecbba9d870115a1fdef53b3a142b62fb

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 05 Apr 2023 10:19:58 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
9550
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
33223
Last-Modified
Fri, 31 Mar 2023 02:44:45 GMT
Server
cloudflare
ETag
"6426491d-81c7"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fce9FNxH4T%2Fw0%2BZ9gxTYt7LNvAk8yUGaIfE4ODoQgj%2FjIAWi5F5ButAU9DkC%2By5tYDjuG1beqLohJwud1q1SLAZ174%2BoQqr%2BviVi%2FqGsqPAlAhTNNLn65wGwfe7%2FLUwR3R60FZm2Q2WY"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=2592000
Accept-Ranges
bytes
CF-RAY
7b310e478ac5d646-CDG
Expires
Fri, 05 May 2023 07:36:45 GMT
lp_v4.js
ff.c9l.xyz/templates/FileDownV2/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ff.c9l.xyz/templates/FileDownV2/js/lp_v4.js
Requested by
Host: ff.c9l.xyz
URL: http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:3221 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8c8b30ee082dde1bed0f8e76553af581ed3f2d710ca0a58a9733d65b220dd12

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
http://ff.c9l.xyz/oxford/?id=1680689997638&v=02de17ccf72408b3f9535f29a20bd3e53688197b14&cid=168068999610000TFRTV415581071534V50
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 05 Apr 2023 10:19:57 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
2166
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified
Fri, 31 Mar 2023 02:44:45 GMT
Server
cloudflare
ETag
W/"6426491d-ffc"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xL9YQ50EKDfKRpbBIh6gYvanglykaKGgFR6so59P8%2F%2FK3TcEBxmDVn1D1XT%2F7gtEcEIvlaOG1ZN2hBpcAdIgO80EQMlwHumhdB7U5f%2FV2Ha%2BfkwpmEUD8cqS9ZAzcvzQSMiggiZxbnAp"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=43200
CF-RAY
7b310e476cbfd28f-CDG
Expires
Wed, 05 Apr 2023 19:37:22 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: ff.c9l.xyz
URL: http://ff.c9l.xyz/templates/FileDownV2/css/css2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ff.c9l.xyz/
Origin
http://ff.c9l.xyz
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 04 Apr 2023 10:31:11 GMT
x-content-type-options
nosniff
age
85727
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 Apr 2024 10:31:11 GMT

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| offer_url boolean| blnk function| Cookies object| _$_41fc function| getCookie string| refurl function| createOfferWindow function| detectDevice function| eraseCookie function| getCursorXY function| redirectPage function| modifyTop function| onOfferOpened function| loadError function| loadSuccess function| callInstall object| __offerWindow boolean| postbackInvalid

11 Cookies

Domain/Path Name / Value
.www.oxfoadv.store/ Name: uid
Value: u80689997642d4b4d60286930415231
.ff.c9l.xyz/ Name: vt
Value: 02de17ccf72408b3f9535f29a20bd3e53688197b14
.c9l.xyz/ Name: storeid
Value: hiicldlplfgjebcefjlfiaiifeceffop
.c9l.xyz/ Name: refurl
Value: http%3A%2F%2Fff.c9l.xyz%2Fverify.php%3Fxx%3D100241%26s%3Da0203fd8fb08f2bc24b4a82cf7489e9729b7%26cid%3D168068999610000TFRTV415581071534V50
.c9l.xyz/ Name: taskid
Value: 100241
.ff.c9l.xyz/ Name: subid
Value: adsn
.ff.c9l.xyz/ Name: uid
Value: u80689997642d4b4dd1de9596491843
.ff.c9l.xyz/ Name: ts
Value: 2f3441a57f9ceee9f476633gdq3bee8qebftetdtem
.ff.c9l.xyz/ Name: p
Value: 100066
.c9l.xyz/ Name: rqp
Value: %7B%22id%22%3A%221680689997638%22%2C%22v%22%3A%2202de17ccf72408b3f9535f29a20bd3e53688197b14%22%2C%22cid%22%3A%22168068999610000TFRTV415581071534V50%22%7D
.ff.c9l.xyz/ Name: vs
Value: ff.c9l.xyz