oovaufty.com Open in urlscan Pro
139.45.197.153 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://vexacion.com/afu.php?zoneid=1320852&var=757235&ymid=-530637205415601349
Effective URL:
https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a...
Submission Tags: falconsandbox
Submission: On March 22 via api (March 22nd 2023, 8:03:09 pm UTC) from US — Scanned from GB

Summary HTTP 15 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 15 HTTP transactions. The main IP is 139.45.197.153, located in United Kingdom and belongs to RETN-AS, GB. The main domain is oovaufty.com. The Cisco Umbrella rank of the primary domain is 851286.
TLS certificate: Issued by R3 on March 9th 2023. Valid for: 3 months.

This is the only time oovaufty.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	139.45.197.236 139.45.197.236	9002 (RETN-AS) (RETN-AS)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
2	139.45.197.153 139.45.197.153	9002 (RETN-AS) (RETN-AS)
3	139.45.197.250 139.45.197.250	9002 (RETN-AS) (RETN-AS)
3	2606:4700:10:... 2606:4700:10::6816:1874	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	6

5 139.45.197.236 (United Kingdom)

ASN9002 (RETN-AS, GB)

vexacion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
unphionetor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.153 (United Kingdom)

ASN9002 (RETN-AS, GB)

oovaufty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.250 (United Kingdom)

ASN9002 (RETN-AS, GB)

stoomawy.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:1874 (United States)

ASN13335 (CLOUDFLARENET, US)

littlecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	unphionetor.com unphionetor.com — Cisco Umbrella Rank: 46339	4 KB
3	littlecdn.com littlecdn.com — Cisco Umbrella Rank: 17266	93 KB
3	stoomawy.net stoomawy.net — Cisco Umbrella Rank: 72955	16 KB
2	oovaufty.com oovaufty.com — Cisco Umbrella Rank: 851286	14 KB
2	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 12628	1 KB
1	vexacion.com vexacion.com	2 KB
15	6

	Domain	Requested by
4	unphionetor.com	oovaufty.com unphionetor.com
3	littlecdn.com	oovaufty.com littlecdn.com
3	stoomawy.net	oovaufty.com stoomawy.net
2	oovaufty.com	vexacion.com oovaufty.com
2	my.rtmark.net	vexacion.com stoomawy.net
1	vexacion.com
15	6

This site contains links to these domains. Also see Links.

Domain
glugreez.com

Subject Issuer	Validity	Valid
rtmark.net R3	`2023-02-15` - `2023-05-16`	3 months	crt.sh
oovaufty.com R3	`2023-03-09` - `2023-06-07`	3 months	crt.sh
unphionetor.com R3	`2023-03-18` - `2023-06-16`	3 months	crt.sh
stoomawy.net R3	`2023-03-12` - `2023-06-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1
Frame ID: 46E88F0CB5C906DBCAD0C5FF5D7C3CCE
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Security notification!

Page URL History Show full URLs

http://vexacion.com/afu.php?zoneid=1320852&var=757235&ymid=-530637205415601349 Page URL
https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=... Page URL

Page Statistics

15
Requests

93 %
HTTPS

20 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

129 kB
Transfer

273 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://glugreez.com/4/1128934?var=662498137805689545
Title: Go to site

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://vexacion.com/afu.php?zoneid=1320852&var=757235&ymid=-530637205415601349 Page URL
https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK afu.php
vexacion.com/ 2 KB
2 KB 93ms
36ms Document
text/html 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://vexacion.com/afu.php?zoneid=1320852&var=757235&ymid=-530637205415601349

Protocol

HTTP/1.1

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf8
Date: Wed, 22 Mar 2023 20:03:04 GMT
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://oovaufty.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=1
Timing-Allow-Origin: * *
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Trace-Id: d2a0506a8edd6ae0998cc309b200afe7

POST
H2 200 img.gif
my.rtmark.net/ 43 B
504 B 113ms
32ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=432543d9848f423c904a2413cfa61385

Requested by

Host: vexacion.com
URL: http://vexacion.com/afu.php?zoneid=1320852&var=757235&ymid=-530637205415601349

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 20:03:04 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: http://vexacion.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2 200 Primary Request / Show response
oovaufty.com/ 27 KB
13 KB 201ms
123ms Document
text/html 139.45.197.153
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1
Requested by: Host: vexacion.com
URL: http://vexacion.com/afu.php?zoneid=1320852&var=757235&ymid=-530637205415601349
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.153 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx / PHP/7.4.25
Resource Hash: d0ffa33d28eb5c3e576b44f1d69d933ddcd8113e4ad638e4f0bacb289dfdc6a9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 22 Mar 2023 20:03:04 GMT
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/7.4.25

GET
H2 200 fv.js Show response
unphionetor.com/ 5 KB
3 KB 122ms
31ms Script
text/javascript 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/fv.js?t=56193&cb=1642599368

Requested by

Host: oovaufty.com
URL: https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 20:03:04 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
x-trace-id: e96aaaef527bb9effed5566d884f1b4f
pragma: no-cache
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 micro.tag.min.js Show response
stoomawy.net/pfe/current/ 40 KB
14 KB 104ms
30ms Script
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stoomawy.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=eW9ssenrCwppvWd&z=3683319
Requested by: Host: oovaufty.com
URL: https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 986b86e6675d511be045876f03623f7c3d7fd944fe2c5b75e2edc2bcd88a8b4a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Mar 2023 20:03:04 GMT
content-encoding: gzip
last-modified: Thu, 16 Mar 2023 15:32:57 GMT
server: nginx
etag: W/"641336a9-a161"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 style.css
littlecdn.com/cd-templates-landings/alert-custom/notification-bg-blur/build/css/ 126 KB
92 KB 105ms
38ms Stylesheet
text/css 2606:4700:10::6816:1874
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/cd-templates-landings/alert-custom/notification-bg-blur/build/css/style.css?v=1589890397081
Requested by: Host: oovaufty.com
URL: https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1874 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dd8cb78f50d82c3158c760dd5106cd04737dd341f69ae064c035201b64c1281

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 20:03:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 22 Feb 2023 16:09:03 GMT
server: cloudflare
age: 3003
etag: W/"63f63e1f-1f8b6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-ray: 7ac109330b0675a1-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 main.js Show response
littlecdn.com/cd-templates-landings/alert-custom/notification-bg-blur/build/js/ 376 B
308 B 134ms
67ms Script
application/javascript 2606:4700:10::6816:1874
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/cd-templates-landings/alert-custom/notification-bg-blur/build/js/main.js?v=1589890397081
Requested by: Host: oovaufty.com
URL: https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1874 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b11185e716f5525e03c01094f7697a16a43e94b11ac36b16251ea9eb1ed0c92

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 20:03:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 22 Feb 2023 16:09:03 GMT
server: cloudflare
age: 297
etag: W/"63f63e1f-178"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-ray: 7ac109330b0975a1-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
DATA 200
OK truncated
/ 284 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb98049f7bfbbbd18c7a9099d7672040518d1caa2ee71a0307f9c68beb7fef24

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 184 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35acacf19fb86edb7381cfadb67d58343db6db111e1e6f002e4206e89d3a846d

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 vctx Show response
unphionetor.com/ 75 B
648 B 32ms
31ms XHR
text/plain 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/vctx?t=56193

Requested by

Host: unphionetor.com
URL: https://unphionetor.com/fv.js?t=56193&cb=1642599368

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e65d6cfcbc418ebebcf5b0798ebd2f16a17d017d5427dcdb34564e631ebf88db

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 20:03:04 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-length: 75
x-trace-id: fc7b768ef34f0db29e9cbc7e1f0756ac
pragma: no-cache
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://oovaufty.com
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 200 zone
stoomawy.net/ 0
250 B 31ms
31ms Ping
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://stoomawy.net/zone?&pub=0&zone_id=3683319&is_mobile=false&domain=oovaufty.com&var=eW9ssenrCwppvWd&ymid=&var_3=&var_4=&dsig=&action=prerequest

Requested by

Host: stoomawy.net
URL: https://stoomawy.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=eW9ssenrCwppvWd&z=3683319

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-trace-id: adbb8ecd07dac64138fedfd16a8c01ff
date: Wed, 22 Mar 2023 20:03:04 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-origin: https://oovaufty.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0

GET
DATA 200
OK truncated
/ 70 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10fc2d6bbbc0b54c6f3daa108984acc9a6f92c8b72609a57753fdae421bf6c53

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 stop1.svg
littlecdn.com/cd-templates-landings/alert-custom/notification-bg-blur/build/images/ 413 B
305 B 41ms
40ms Image
image/svg+xml 2606:4700:10::6816:1874
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://littlecdn.com/cd-templates-landings/alert-custom/notification-bg-blur/build/images/stop1.svg
Requested by: Host: littlecdn.com
URL: https://littlecdn.com/cd-templates-landings/alert-custom/notification-bg-blur/build/css/style.css?v=1589890397081
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1874 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b733f17c96d194c3a5d38a08bed8ce41182da0528901627eb0c5cc202de3221

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://littlecdn.com/cd-templates-landings/alert-custom/notification-bg-blur/build/css/style.css?v=1589890397081
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 20:03:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 22 Feb 2023 16:09:03 GMT
server: cloudflare
age: 3003
etag: W/"63f63e1f-19d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-ray: 7ac109339bc775a1-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

POST
H2 200 / Show response
oovaufty.com/ 2 B
307 B 42ms
42ms XHR
application/json 139.45.197.153
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1&mprtr=1
Requested by: Host: oovaufty.com
URL: https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.153 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/?b=17058554&ba=1&campid=6722056&did=2&dm=1&ep=1&g=GB&l=eW9ssenrCwppvWd&oaid=432543d9848f423c904a2413cfa61385&s=662498137805689545&ssk=d7865c2accde943b3a8519ed143fe2b3&svar=1679515384&vi=1&vo=1&z=1320852&tr=default&rdk=rk1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 20:03:04 GMT
content-encoding: br
server: nginx
x-powered-by: PHP/7.4.26
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
541 B 32ms
32ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=3683319&checkDuplicate=true&ymid=&var=eW9ssenrCwppvWd

Requested by

Host: stoomawy.net
URL: https://stoomawy.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=eW9ssenrCwppvWd&z=3683319

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

0d81e8d3464a0e5a9ee92cf4b62ec0cb3c2e97616cece4cd2e43d10e8395d443

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 20:03:04 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://oovaufty.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 zone Show response
stoomawy.net/ 901 B
1 KB 100ms
37ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://stoomawy.net/zone?&pub=0&zone_id=3683319&is_mobile=false&domain=oovaufty.com&var=eW9ssenrCwppvWd&ymid=&var_3=&var_4=&dsig=&action=settings

Requested by

Host: stoomawy.net
URL: https://stoomawy.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=eW9ssenrCwppvWd&z=3683319

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

8d388bcf5b5db1925c86dd3e316b05bc9cbadfed5dc6b5f228ed230ecf004662

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-trace-id: 485b51cfe4a5a09329f20dfc8e560751
date: Wed, 22 Mar 2023 20:03:04 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://oovaufty.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 901

POST
H2 204 vbl
unphionetor.com/ 0
490 B 35ms
35ms Ping
text/plain 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/vbl?t=56193&bid=17058554&aid=662498137805689545

Requested by

Host: unphionetor.com
URL: https://unphionetor.com/fv.js?t=56193&cb=1642599368

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-trace-id: 6c75e34af38c0cae484b021b71917eba
pragma: no-cache
date: Wed, 22 Mar 2023 20:03:04 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://oovaufty.com
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 204 vbri
unphionetor.com/ 0
489 B 34ms
33ms Ping
text/plain 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/vbri?t=56193&bid=17058554&aid=662498137805689545&tp=2377.1000003814697

Requested by

Host: unphionetor.com
URL: https://unphionetor.com/fv.js?t=56193&cb=1642599368

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://oovaufty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-trace-id: 1e4c1b41128f1e9ad81b22808deed3fb
pragma: no-cache
date: Wed, 22 Mar 2023 20:03:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://oovaufty.com
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| osVerUA object| zfgformats function| timer

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
vexacion.com/	1970-01-20 19:17:31	Name: OAID Value: 432543d9848f423c904a2413cfa61385
vexacion.com/	1970-01-20 19:17:31	Name: oaidts Value: 1679515384
my.rtmark.net/	1970-01-20 19:17:31	Name: ID Value: 432543d9848f423c904a2413cfa61385
oovaufty.com/	1970-01-20 10:31:58	Name: reverse Value: 44Xug7Hgm0yZMH-Ukb-QKfhNOF6SqLR7Wu7LgMJdT3k

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

littlecdn.com
my.rtmark.net
oovaufty.com
stoomawy.net
unphionetor.com
vexacion.com
139.45.195.8
139.45.197.153
139.45.197.236
139.45.197.250
2606:4700:10::6816:1874
0d81e8d3464a0e5a9ee92cf4b62ec0cb3c2e97616cece4cd2e43d10e8395d443
0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a
10fc2d6bbbc0b54c6f3daa108984acc9a6f92c8b72609a57753fdae421bf6c53
1dd8cb78f50d82c3158c760dd5106cd04737dd341f69ae064c035201b64c1281
35acacf19fb86edb7381cfadb67d58343db6db111e1e6f002e4206e89d3a846d
3b11185e716f5525e03c01094f7697a16a43e94b11ac36b16251ea9eb1ed0c92
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
8d388bcf5b5db1925c86dd3e316b05bc9cbadfed5dc6b5f228ed230ecf004662
986b86e6675d511be045876f03623f7c3d7fd944fe2c5b75e2edc2bcd88a8b4a
9b733f17c96d194c3a5d38a08bed8ce41182da0528901627eb0c5cc202de3221
cb98049f7bfbbbd18c7a9099d7672040518d1caa2ee71a0307f9c68beb7fef24
d0ffa33d28eb5c3e576b44f1d69d933ddcd8113e4ad638e4f0bacb289dfdc6a9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e65d6cfcbc418ebebcf5b0798ebd2f16a17d017d5427dcdb34564e631ebf88db

oovaufty.com Open in urlscan Pro 139.45.197.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

93 %HTTPS

20 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

129 kBTransfer

273 kBSize

4 Cookies

1 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

4 Cookies

Security Headers

Indicators

oovaufty.com Open in urlscan Pro
139.45.197.153 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

93 %
HTTPS

20 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

129 kB
Transfer

273 kB
Size

4
Cookies

15 HTTP transactions
3 data transactions