Submitted URL: http://dafodvf0dn4h.site/
Effective URL: https://ak.beterrakionan.com/4/5735596?var=__
Submission: On December 23 via api from IE — Scanned from AU

Summary

This website contacted 12 IPs in 4 countries across 14 domains to perform 38 HTTP transactions. The main IP is 23.46.179.153, located in Sydney, Australia and belongs to AKAMAI-ASN1 Akamai International B.V., NL. The main domain is ak.beterrakionan.com. The Cisco Umbrella rank of the primary domain is 939315.
TLS certificate: Issued by R11 on December 13th 2024. Valid for: 3 months.
This is the only time ak.beterrakionan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 172.67.169.58 13335 (CLOUDFLAR...)
12 172.67.164.81 13335 (CLOUDFLAR...)
4 45.133.44.52 39572 (ADVANCEDH...)
2 172.67.169.157 13335 (CLOUDFLAR...)
1 45.133.44.24 39572 (ADVANCEDH...)
1 1 172.67.194.85 13335 (CLOUDFLAR...)
4 23.46.179.153 20940 (AKAMAI-AS...)
1 172.67.164.241 13335 (CLOUDFLAR...)
1 88.198.209.15 24940 (HETZNER-A...)
1 157.90.84.242 24940 (HETZNER-A...)
1 2600:1415:11:... 20940 (AKAMAI-AS...)
1 2600:1415:3c0... 20940 (AKAMAI-AS...)
38 12
Apex Domain
Subdomains
Transfer
12 kordooso.net
kordooso.net
21 KB
4 beterrakionan.com
ak.beterrakionan.com — Cisco Umbrella Rank: 939315
17 KB
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1652
c.go-mpulse.net — Cisco Umbrella Rank: 782
50 KB
2 mbidinp.com
js.mbidinp.com — Cisco Umbrella Rank: 170595
180 KB
2 metricswpsh.com
metricswpsh.com — Cisco Umbrella Rank: 31185
fp.metricswpsh.com — Cisco Umbrella Rank: 34091 Failed
201 B
2 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 10565
2 KB
2 mbidadm.com
js.mbidadm.com — Cisco Umbrella Rank: 151243
39 KB
2 dafodvf0dn4h.site
dafodvf0dn4h.site
23 KB
1 mbidstorage.com
storage.mbidstorage.com — Cisco Umbrella Rank: 172959
1 lbg3ncntw5z2.com
lbg3ncntw5z2.com
1 KB
1 mbidtg.com
bid.mbidtg.com — Cisco Umbrella Rank: 163332
3 KB
0 mbddip.com Failed
mbddip.com Failed
0 mbdippex.com Failed
mbdippex.com Failed
0 google.com Failed
accounts.google.com — Cisco Umbrella Rank: 17 Failed
38 14
Domain Requested by
12 kordooso.net dafodvf0dn4h.site
kordooso.net
4 ak.beterrakionan.com dafodvf0dn4h.site
ak.beterrakionan.com
2 js.mbidinp.com js.mbidadm.com
js.mbidinp.com
2 my.rtmark.net kordooso.net
ak.beterrakionan.com
2 js.mbidadm.com dafodvf0dn4h.site
js.mbidadm.com
2 dafodvf0dn4h.site kordooso.net
1 c.go-mpulse.net s.go-mpulse.net
1 s.go-mpulse.net ak.beterrakionan.com
1 fp.metricswpsh.com js.mbidadm.com
1 metricswpsh.com js.mbidadm.com
1 storage.mbidstorage.com js.mbidadm.com
1 lbg3ncntw5z2.com 1 redirects
1 bid.mbidtg.com js.mbidadm.com
0 mbddip.com Failed js.mbidinp.com
0 mbdippex.com Failed js.mbidinp.com
0 accounts.google.com Failed
38 16

This site contains no links.

Subject Issuer Validity Valid
dafodvf0dn4h.site
WE1
2024-11-10 -
2025-02-08
3 months crt.sh
kordooso.net
WE1
2024-12-11 -
2025-03-11
3 months crt.sh
js.mbidadm.com
R11
2024-12-14 -
2025-03-14
3 months crt.sh
my.rtmark.net
WE1
2024-11-06 -
2025-02-04
3 months crt.sh
bid.mbidtg.com
R10
2024-10-28 -
2025-01-26
3 months crt.sh
ak.hetaruwg.com
R11
2024-12-13 -
2025-03-13
3 months crt.sh
mbidstorage.com
WE1
2024-12-19 -
2025-03-19
3 months crt.sh
notification.tubecup.net
E6
2024-11-07 -
2025-02-05
3 months crt.sh
js.mbidinp.com
R10
2024-12-18 -
2025-03-18
3 months crt.sh
akstat.io
DigiCert TLS RSA SHA256 2020 CA1
2024-07-31 -
2025-07-31
a year crt.sh

This page contains 2 frames:

Frame: https://ak.beterrakionan.com/4/7393037/?var=5735596
Frame ID: 00E179673FEC51D4AD539D8888556C97
Requests: 36 HTTP requests in this frame

Frame: https://storage.mbidstorage.com/log/count.html
Frame ID: D55D38E65C168C0C30B59F02A1C02201
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Redirect

Page URL History Show full URLs

  1. http://dafodvf0dn4h.site/ HTTP 307
    https://dafodvf0dn4h.site/ Page URL
  2. https://lbg3ncntw5z2.com/LzNrZf HTTP 302
    https://ak.beterrakionan.com/4/5735596?var=__ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

38
Requests

79 %
HTTPS

17 %
IPv6

14
Domains

16
Subdomains

12
IPs

4
Countries

333 kB
Transfer

1199 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dafodvf0dn4h.site/ HTTP 307
    https://dafodvf0dn4h.site/ Page URL
  2. https://lbg3ncntw5z2.com/LzNrZf HTTP 302
    https://ak.beterrakionan.com/4/5735596?var=__ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://dafodvf0dn4h.site/ HTTP 307
  • https://dafodvf0dn4h.site/
Request Chain 24
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
  • https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeZLP98D9n0z9gGACMspLYKK0okF97uEY2_qezxCWLa_z52Nlhp4RVzeiA4rFNDJA-tX8Cst3u6dFA HTTP 302
  • https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP99IgrygphUy3MrbSWBczW42lfducKx5dTB1Bgs4qBOgaUt3cXCpbbOmyBZKxzzCVdJ0Vx0mjQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-636470267%3A1734914974627777&ddm=1
Request Chain 36
  • https://ak.beterrakionan.com/?z=5735596&syncedCookie=true&rhd=false HTTP 302
  • https://ak.beterrakionan.com/4/7393037/?var=5735596

38 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
dafodvf0dn4h.site/
Redirect Chain
  • http://dafodvf0dn4h.site/
  • https://dafodvf0dn4h.site/
47 KB
22 KB
Document
General
Full URL
https://dafodvf0dn4h.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.169.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash
ab04843db8a0a785af6d7524b03912a5bfdaa610e4dc497697f4b5c3164e7fb1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f645a2388a0e7e1-SYD
content-encoding
zstd
content-type
text/html
date
Mon, 23 Dec 2024 00:49:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i5KULYBSKiWlXmo%2F6qzLVoU4SVX2E9BYdzFmoT6%2B5Sapi65PBR03g0djDxwA3Ruzu3q9CFA4KR79m8r1lyWgvSYQwxa8JALOVrStkX3K6%2F0x%2BWQ86Tlr3Kw6%2FF6ro2H%2FEkBQkg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=35992&min_rtt=35890&rtt_var=5744&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4169&recv_bytes=4483&delivery_rate=459&cwnd=12000&unsent_bytes=0&cid=febebf6f672046fa&ts=615&x=1" cfExtPri cfHdrFlush;dur=0
vary
accept-encoding
x-powered-by
PHP/5.4.16

Redirect headers

Location
https://dafodvf0dn4h.site/
Non-Authoritative-Reason
HttpsUpgrades
micro.tag.min.js
kordooso.net/pfe/current/
44 KB
19 KB
Script
General
Full URL
https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Requested by
Host: dafodvf0dn4h.site
URL: https://dafodvf0dn4h.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
414cb60d56bf9841c45d281705f3b2f75cfa783a009375c8f77cbea79ead85e8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"675c1a13-b170"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bqEqSImlQT7Tnxv8qJZ4EmsBk02MiQM91%2FSAPOp69HSM8ubIP1T8xgTKb%2BsOkwPJyPErReMExNaAvL%2Bfvk6M9AIlySAt%2BaCIsApwktBTM0Q9vpyE1NzW1qsKCRuT6Yk%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=33198&min_rtt=33060&rtt_var=5301&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4186&recv_bytes=4427&delivery_rate=480&cwnd=12000&unsent_bytes=0&cid=dc289b48d05808fe&ts=586&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 23 Dec 2024 00:49:31 GMT
content-type
application/javascript
last-modified
Fri, 13 Dec 2024 11:27:15 GMT
vary
Accept-Encoding
priority
u=3,i=?0
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8f645a281a63e7d4-SYD
server
cloudflare
truncated
/
19 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6678fbb34f3ef18c5649c7cfc1302c671ff5b1c8e9f4365fb51f3d629dab2924

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
scripts.js
js.mbidadm.com/static/
2 KB
1 KB
Script
General
Full URL
https://js.mbidadm.com/static/scripts.js
Requested by
Host: dafodvf0dn4h.site
URL: https://dafodvf0dn4h.site/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
cf31e107e8cb091c9477fe99de3a57a65486fe87becf0e8f469846949beff9f3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

cache-control
max-age=300
content-encoding
gzip
etag
W/"6751bcdb-6c4"
expires
Mon, 23 Dec 2024 00:54:31 GMT
x-proxy-cache
HIT
access-control-allow-origin
*
date
Mon, 23 Dec 2024 00:49:31 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 05 Dec 2024 14:46:51 GMT
server
nginx/1.18.0
x-cdn-host-id
ds8144
sw-check-permissions-ea38e.js
dafodvf0dn4h.site/
0
1006 B
Other
General
Full URL
https://dafodvf0dn4h.site/sw-check-permissions-ea38e.js?var=null&ymid=null&zoneId=3439771
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.169.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"620bf1ad-236"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DhttXlQK%2BENKzgk1UKp1U4FtNfn3k6UBB3yduMeFbasLfN0SK8Xe5wxr%2FuCZIjqtn93VUoe%2F4L%2BC8Z1eBU%2FE6KrxZ9uGDo1A%2BMMp78IkuaUyqjIBHSD6jbzeu%2BocpOed0Hm9VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Tue, 24 Dec 2024 00:49:31 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=40643&min_rtt=35890&rtt_var=7285&sent=35&recv=23&lost=0&retrans=0&sent_bytes=26896&recv_bytes=5440&delivery_rate=138180&cwnd=22800&unsent_bytes=0&cid=febebf6f672046fa&ts=1944&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 23 Dec 2024 00:49:32 GMT
content-type
application/javascript
last-modified
Tue, 15 Feb 2022 18:32:13 GMT
vary
Accept-Encoding
priority
u=4,i
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8f645a2c0972e7e1-SYD
server
cloudflare
zone
kordooso.net/
0
782 B
Ping
General
Full URL
https://kordooso.net/zone?pub=0&zone_id=3439771&is_mobile=false&domain=dafodvf0dn4h.site&var=null&ymid=null&var_3=&var_4=&dsig=&tg=1&sw=3.1.577&trace_id=05701904-1e30-4f9d-aca4-b1bc7254e6c5&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=&drf=
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0uavrY%2BW5EeMzcOpWByl4tOohampToRYGXGOH2YYxXTISumljwTEvx%2BaSAiH4xQcLydPEdjNh1vH1v5G1PQZyBXmOPoA9sQfmIZj60FQi8IRqtLgi2KDHR7eB6DJ9lU%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=33280&min_rtt=33060&rtt_var=470&sent=40&recv=34&lost=0&retrans=0&sent_bytes=26613&recv_bytes=11692&delivery_rate=230200&cwnd=24000&unsent_bytes=0&cid=dc289b48d05808fe&ts=1213&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 23 Dec 2024 00:49:32 GMT
priority
u=4,i
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security
max-age=1
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials
true
cf-ray
8f645a2c192de7d4-SYD
access-control-allow-origin
https://dafodvf0dn4h.site
content-length
0
server
cloudflare
event
kordooso.net/
0
0
Ping
General
Full URL
https://kordooso.net/event
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dafodvf0dn4h.site/

Response headers

gid.js
my.rtmark.net/
65 B
962 B
Fetch
General
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=3439771&checkDuplicate=true&ymid=null&var=null&source=pusher
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.169.157 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef0578f6ce2c6a97cbd1ee96ae4fb1b3db0491fae46b4e63185ccf80c4cdfcaa
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

access-control-expose-headers
Authorization
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2rd7fPEuFiV2%2FOunsiqMhqhjx2SlTwkTpIcMcAa3Qctprd3V6DK0kE%2BAKn61LbyrDxXEG2euy%2Fv0qcvJlUq5El2rTfjMhzie1bQineQwUvDD5jJb9FLXPMjP4BU82deL"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=39025&min_rtt=35670&rtt_var=12150&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4164&recv_bytes=4472&delivery_rate=462&cwnd=12000&unsent_bytes=0&cid=a6324beb54e7a528&ts=311&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 23 Dec 2024 00:49:31 GMT
content-type
application/json; charset=utf-8
priority
u=1,i
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
strict-transport-security
max-age=1
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
*, *
access-control-allow-credentials
true
cf-ray
8f645a2c7cb8e7cd-SYD
access-control-allow-origin
https://dafodvf0dn4h.site
server
cloudflare
event
kordooso.net/
0
0
Ping
General
Full URL
https://kordooso.net/event
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dafodvf0dn4h.site/

Response headers

event
kordooso.net/
0
0
Ping
General
Full URL
https://kordooso.net/event
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dafodvf0dn4h.site/

Response headers

event
kordooso.net/
0
0
Ping
General
Full URL
https://kordooso.net/event
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dafodvf0dn4h.site/

Response headers

event
kordooso.net/
0
0
Ping
General
Full URL
https://kordooso.net/event
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dafodvf0dn4h.site/

Response headers

zone
kordooso.net/
477 B
1 KB
Fetch
General
Full URL
https://kordooso.net/zone?pub=0&zone_id=3439771&is_mobile=false&domain=dafodvf0dn4h.site&var=null&ymid=null&var_3=&var_4=&dsig=&tg=1&sw=3.1.577&trace_id=05701904-1e30-4f9d-aca4-b1bc7254e6c5&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22543f9cb6e6fa0b62b84198b83225520c3d80aea8dde786007b602b2178e04b
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjWJ0QoUYcn3s3HXduaEA3Ypo%2B3mlJaCkYlVIGwHY1NdyjzEY25uQ%2BYDQ8biBo8DLFj9%2FDh8BhwE2YUIglzHWW4O2W%2BEVH7RJgL58wqTvR1z7IGR%2Bwgz3c9kCqed918%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=33280&min_rtt=33060&rtt_var=470&sent=43&recv=34&lost=0&retrans=0&sent_bytes=29149&recv_bytes=11692&delivery_rate=230200&cwnd=24000&unsent_bytes=0&cid=dc289b48d05808fe&ts=1233&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 23 Dec 2024 00:49:32 GMT
content-type
application/json; charset=utf-8
priority
u=1,i
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security
max-age=1
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials
true
cf-ray
8f645a2c4987e7d4-SYD
access-control-allow-origin
https://dafodvf0dn4h.site
server
cloudflare
event
kordooso.net/
0
0
Ping
General
Full URL
https://kordooso.net/event
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dafodvf0dn4h.site/

Response headers

scripts.m.js
js.mbidadm.com/static/
119 KB
37 KB
Script
General
Full URL
https://js.mbidadm.com/static/scripts.m.js
Requested by
Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
7ca42e0e958f542cde2a3390f6b3253dd6e32a2772243084d4e4e8496e6547a7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

cache-control
max-age=300
content-encoding
gzip
etag
W/"6751bce7-1dcc2"
expires
Mon, 23 Dec 2024 00:54:31 GMT
x-proxy-cache
HIT
access-control-allow-origin
*
date
Mon, 23 Dec 2024 00:49:31 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 05 Dec 2024 14:47:03 GMT
server
nginx/1.18.0
x-cdn-host-id
ds8144
event
kordooso.net/
0
0
Ping
General
Full URL
https://kordooso.net/event
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dafodvf0dn4h.site/

Response headers

event
kordooso.net/
0
0
Ping
General
Full URL
https://kordooso.net/event
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dafodvf0dn4h.site/

Response headers

242901
bid.mbidtg.com/tags/
2 KB
3 KB
XHR
General
Full URL
https://bid.mbidtg.com/tags/242901?version_name=b&domain=dafodvf0dn4h.site
Requested by
Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.24.0 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

x-proxy-cache
MISS
cache-control
max-age=300, public
access-control-allow-origin
*
date
Mon, 23 Dec 2024 00:49:32 GMT
content-type
application/json
server
nginx/1.24.0
x-cdn-host-id
ds8144
event
kordooso.net/
0
0
Ping
General
Full URL
https://kordooso.net/event
Requested by
Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://dafodvf0dn4h.site/

Response headers

Primary Request 5735596
ak.beterrakionan.com/4/
Redirect Chain
  • https://lbg3ncntw5z2.com/LzNrZf
  • https://ak.beterrakionan.com/4/5735596?var=__
35 KB
15 KB
Document
General
Full URL
https://ak.beterrakionan.com/4/5735596?var=__
Requested by
Host: dafodvf0dn4h.site
URL: https://dafodvf0dn4h.site/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.46.179.153 Sydney, Australia, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-46-179-153.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e9ee84ad3396d12ef5af37fb909009cc7592504c7f4fbf28636e0c5f1c857a53
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://dafodvf0dn4h.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
15062
content-type
text/html; charset=utf8
date
Mon, 23 Dec 2024 00:49:34 GMT
expires
Mon, 23 Dec 2024 00:49:34 GMT
pragma
no-cache
server-timing
cdn-cache; desc=MISS edge; dur=1063 origin; dur=5 ak_p; desc="1734914973677_388936597_158529312_106753_1149_28_56_255";dur=1
strict-transport-security
max-age=1
timing-allow-origin
* *
vary
Accept-Encoding
x-akamai-transformed
9 14140 0 pmb=mRUM,1
x-content-type-options
nosniff

Redirect headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8f645a335d0fd5e2-SYD
content-type
text/html; charset=utf-8
date
Mon, 23 Dec 2024 00:49:33 GMT
expires
Mon, 23 Dec 2024 00:49:33 GMT
location
https://ak.beterrakionan.com/4/5735596?var=__
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OCCkqgtJUsh1aRiKGYBPreeOxsxciBhvxBpJoM2Vq0G6yMfQ5TS4LF%2F2len8kf%2FyIsJu3wZokVhMgNpxMoIQH23NtXKNho9ZAlMaDGCsj83Y%2B8MOEDnv3B58fzJLzWsJSfMV"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=33422&min_rtt=33245&rtt_var=5542&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4167&recv_bytes=4501&delivery_rate=476&cwnd=12000&unsent_bytes=0&cid=3046dd7345705dae&ts=636&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
count.html
storage.mbidstorage.com/log/ Frame D55D
0
0
Document
General
Full URL
https://storage.mbidstorage.com/log/count.html
Requested by
Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.m.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://dafodvf0dn4h.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8f645a36dcd05c07-SYD
content-encoding
zstd
content-type
text/html
date
Mon, 23 Dec 2024 00:49:33 GMT
last-modified
Mon, 18 Sep 2023 14:39:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oRcHkD0LJHcepkEoFdfeEttWF8WeITpIgWIh9He%2B9sE%2BIk7k6Z2fjHINQoaVmgZwPX0kz5cpj12ZGd1CYI%2FJ1X4IouwnW3G5pKTFdOolm1dYMabSzDDVEG%2B%2B4NlZg0u80qGo1WdKnzoJPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=32939&min_rtt=32704&rtt_var=5476&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4210&recv_bytes=4559&delivery_rate=478&cwnd=12000&unsent_bytes=0&cid=00de790ca7b219ce&ts=416&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-request-id
58ca44d8610b3395e6335b95f2db3a91
track
metricswpsh.com/in/
0
201 B
XHR
General
Full URL
https://metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5MTMzNzgzOTU4NTA3MjI1MDAwIiwidGltZXpvbmUiOjgsInZlciI6IjMuMTM2LjAiLCJ0YWdfaWQiOjI0MjkwMSwic2NyZWVuX3Jlc29sdXRpb24iOiIxNjAweDEyMDAiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IkF1c3RyYWxpYS9QZXJ0aCIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjg1LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
Requested by
Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.m.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
88.198.209.15 , Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.88-198-209-15.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

cache-control
no-transform, no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-methods
*
access-control-allow-origin
*
content-length
0
date
Mon, 23 Dec 2024 00:49:33 GMT
vary
Origin
server
nginx/1.18.0
access-control-allow-headers
Content-Type
npush.m.js
js.mbidinp.com/npc/sdk/wpu/
186 KB
51 KB
Script
General
Full URL
https://js.mbidinp.com/npc/sdk/wpu/npush.m.js
Requested by
Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

cache-control
max-age=300
content-encoding
gzip
etag
W/"6761917b-2e705"
expires
Mon, 23 Dec 2024 00:54:33 GMT
x-proxy-cache
HIT
access-control-allow-origin
*
date
Mon, 23 Dec 2024 00:49:33 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 14:58:03 GMT
server
nginx/1.18.0
x-cdn-host-id
ds8144
fp
fp.metricswpsh.com/
0
0

fp
fp.metricswpsh.com/ Frame
0
0
Preflight
General
Full URL
https://fp.metricswpsh.com/fp?tag_id=242901
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
157.90.84.242 Ismaning, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.242.84.90.157.clients.your-server.de
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://dafodvf0dn4h.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin
https://dafodvf0dn4h.site
Connection
keep-alive
Date
Mon, 23 Dec 2024 00:49:33 GMT
Server
nginx/1.20.1
Vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
identifier
accounts.google.com/v3/signin/
Redirect Chain
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
  • https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeZLP98D9n0z9gGACMspLYKK0okF97uEY2_qezxCWLa_z52Nlhp4RVzeiA4rF...
  • https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP99IgrygphUy3MrbSWBczW42lfducKx5dTB1Bgs4qBOgaUt3cXCpbbOmyBZKxzzCVdJ0Vx0mjQ&passive...
0
0

nmain.m.js
js.mbidinp.com/skins/
539 KB
129 KB
Script
General
Full URL
https://js.mbidinp.com/skins/nmain.m.js
Requested by
Host: js.mbidinp.com
URL: https://js.mbidinp.com/npc/sdk/wpu/npush.m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://dafodvf0dn4h.site/

Response headers

cache-control
max-age=300
content-encoding
gzip
etag
W/"67619177-86d2a"
expires
Mon, 23 Dec 2024 00:54:34 GMT
x-proxy-cache
HIT
access-control-allow-origin
*
date
Mon, 23 Dec 2024 00:49:34 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 14:57:59 GMT
server
nginx/1.18.0
x-cdn-host-id
ds8144
multy
mbdippex.com/in/ Frame
0
0

dip
mbddip.com/in/
0
0

multy
mbdippex.com/in/
0
0

5L4N7-2HN8W-2H4ZB-8CSQ4-H63AP
s.go-mpulse.net/boomerang/
205 KB
49 KB
Script
General
Full URL
https://s.go-mpulse.net/boomerang/5L4N7-2HN8W-2H4ZB-8CSQ4-H63AP
Requested by
Host: ak.beterrakionan.com
URL: https://ak.beterrakionan.com/4/5735596?var=__
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1415:11:4a1::11a6 Sydney, Australia, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ak.beterrakionan.com/

Response headers

cache-control
max-age=604800
timing-allow-origin
*
content-encoding
br
customappheader
mpulse-ab-boomr__git__08ab8be__git__08ab8be__p19.alsi10-lite
content-length
50393
date
Mon, 23 Dec 2024 00:49:34 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sun, 10 Nov 2024 15:43:22 GMT
vary
Accept-Encoding
img.gif
my.rtmark.net/
43 B
882 B
Image
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=00813b533cbb411af3bbed7495a85285&z=5735596&p_rid=88d6eb88-6fbc-48f0-9087-a170d6f7fd6c&p_src=sf
Requested by
Host: ak.beterrakionan.com
URL: https://ak.beterrakionan.com/4/5735596?var=__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.169.157 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ak.beterrakionan.com/

Response headers

access-control-expose-headers
Authorization
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SpniwynuKa39xZX%2BnjMvoABQzFpw7%2BaUcLsv%2BKRNpESlXxRZArvPCa%2B6QukZqkLK18xjsMQRH9j6K2tOm1QZxXABjuKCV%2FCyDTVMGDixNvx4iBujPJ9Fy6qhjbkJz7oz"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=39082&min_rtt=35743&rtt_var=12132&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4148&recv_bytes=4556&delivery_rate=460&cwnd=12000&unsent_bytes=0&cid=d173ad7cccb9631a&ts=315&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 23 Dec 2024 00:49:35 GMT
content-type
image/gif
priority
u=1,i
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
strict-transport-security
max-age=1
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
*, *
access-control-allow-credentials
true
cf-ray
8f645a4149e6dfaf-SYD
access-control-allow-origin
*
content-length
43
server
cloudflare
sftouch
ak.beterrakionan.com/
43 B
720 B
Image
General
Full URL
https://ak.beterrakionan.com/sftouch?userId=00813b533cbb411af3bbed7495a85285&z=5735596&p_rid=88d6eb88-6fbc-48f0-9087-a170d6f7fd6c&p_src=sf&branchId=0&rb=WOSE7EBDXnPWQmgwxQLnHFfLZXa3EJYggzrMjA6yFtP8uMPUJyCvCYp1f1BjdmoUiZF0Zsp3bgDeUyxiSdT0vkcPsYwoTm4U31OG9f5QhX6lrHvQ8hpqVVgR-u15-qiAFBSetEkEYxM995cnW5AMM3w4DA8LU2DrvWSlAbFQV2GLRCMwT2a4i6lD32mZap6rVg4qWWkxazeztNSulg0wNRMLztcUTKAVTCViw8wTWDX0EhHfSvZgOeMt-eLD9mAamtM0LuHiYAtbf6AanRaxHSR5ra2Y_l52nN_e5r0-VOZIUcnODT9brAtESkb0rPXvIKDg7KHFY9FD-HvRHev8SNBsPlM=&w_img=1
Requested by
Host: ak.beterrakionan.com
URL: https://ak.beterrakionan.com/4/5735596?var=__
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.46.179.153 Sydney, Australia, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-46-179-153.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ak.beterrakionan.com/4/5735596?var=__

Response headers

access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
expires
Mon, 23 Dec 2024 00:49:35 GMT
server-timing
cdn-cache; desc=MISS, edge; dur=246, origin; dur=6, ak_p; desc="1734914974878_388936597_158529439_25300_856_29_0_146";dur=1
date
Mon, 23 Dec 2024 00:49:35 GMT
content-type
image/gif
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
strict-transport-security
max-age=1
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*, *
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
pragma
no-cache
access-control-allow-credentials
true
x-trace-id
fe6208722ad955fde4afb7751096bf25
access-control-allow-origin
*
content-length
43
add
ak.beterrakionan.com/log/
12 B
557 B
XHR
General
Full URL
https://ak.beterrakionan.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=88d6eb88-6fbc-48f0-9087-a170d6f7fd6c
Requested by
Host: ak.beterrakionan.com
URL: https://ak.beterrakionan.com/4/5735596?var=__
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.46.179.153 Sydney, Australia, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-46-179-153.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://ak.beterrakionan.com/4/5735596?var=__

Response headers

strict-transport-security
max-age=1
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
expires
Mon, 23 Dec 2024 00:49:35 GMT
access-control-allow-origin
https://ak.beterrakionan.com
server-timing
cdn-cache; desc=MISS, edge; dur=740, origin; dur=126, ak_p; desc="1734914974909_388936597_158529448_86695_1043_29_0_219";dur=1
content-length
12
date
Mon, 23 Dec 2024 00:49:35 GMT
content-type
application/json; charset=utf-8
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
add
ak.beterrakionan.com/async_log/
0
517 B
XHR
General
Full URL
https://ak.beterrakionan.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=88d6eb88-6fbc-48f0-9087-a170d6f7fd6c
Requested by
Host: ak.beterrakionan.com
URL: https://ak.beterrakionan.com/4/5735596?var=__
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.46.179.153 Sydney, Australia, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a23-46-179-153.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://ak.beterrakionan.com/4/5735596?var=__

Response headers

strict-transport-security
max-age=1
cache-control
max-age=0, no-cache, no-store
timing-allow-origin
*
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
expires
Mon, 23 Dec 2024 00:49:35 GMT
access-control-allow-origin
https://ak.beterrakionan.com
server-timing
cdn-cache; desc=MISS, edge; dur=736, origin; dur=2, ak_p; desc="1734914974912_388936597_158529449_73765_871_29_0_219";dur=1
content-length
0
date
Mon, 23 Dec 2024 00:49:35 GMT
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
config.json
c.go-mpulse.net/api/
51 B
214 B
XHR
General
Full URL
https://c.go-mpulse.net/api/config.json?key=5L4N7-2HN8W-2H4ZB-8CSQ4-H63AP&d=ak.beterrakionan.com&t=5783050&v=1.720.0&sl=0&si=18cb92f8-3f4e-4135-9d51-9afddcd1ab20-sox8yl&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=812009
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/5L4N7-2HN8W-2H4ZB-8CSQ4-H63AP
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1415:3c00:287::11a6 Sydney, Australia, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
beb693c800c59cc93cb2299640e1b6ea3b47e670267fa67004691436c5213f33

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ak.beterrakionan.com/

Response headers

access-control-allow-origin
*
cache-control
private, max-age=120, stale-while-revalidate=60, stale-if-error=120
content-length
51
alt-svc
h3=":443"; ma=93600
timing-allow-origin
*
date
Mon, 23 Dec 2024 00:49:35 GMT
content-type
application/json
favicon.ico
ak.beterrakionan.com/
0
0

/
ak.beterrakionan.com/4/7393037/
Redirect Chain
  • https://ak.beterrakionan.com/?z=5735596&syncedCookie=true&rhd=false
  • https://ak.beterrakionan.com/4/7393037/?var=5735596
0
0

favicon.ico
ak.beterrakionan.com/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fp.metricswpsh.com
URL
https://fp.metricswpsh.com/fp?tag_id=242901
Domain
accounts.google.com
URL
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP99IgrygphUy3MrbSWBczW42lfducKx5dTB1Bgs4qBOgaUt3cXCpbbOmyBZKxzzCVdJ0Vx0mjQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-636470267%3A1734914974627777&ddm=1
Domain
mbdippex.com
URL
https://mbdippex.com/in/multy
Domain
mbddip.com
URL
https://mbddip.com/in/dip?site=native-push&wl=1&event_id=c8ee5c1e-77cc-4401-b6f9-1b15bdd64fd1&subid=1338910650&sid=4162806103&spot_id=2004487&created_at=2024-12-23&timezone=8&ver=8.201.0&is_native=1
Domain
mbdippex.com
URL
https://mbdippex.com/in/multy
Domain
ak.beterrakionan.com
URL
https://ak.beterrakionan.com/favicon.ico
Domain
ak.beterrakionan.com
URL
https://ak.beterrakionan.com/4/7393037/?var=5735596
Domain
ak.beterrakionan.com
URL
https://ak.beterrakionan.com/favicon.ico

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| BOOMR_API_key object| BOOMR function| onLazyPixel object| _nvksp5rgq function| nvksp5rgq function| BOOMR_check_doc_domain object| ErrorStackParser object| UserTimingCompression object| BOOMR_mq boolean| lazyPixelLoaded number| BOOMR_onload number| BOOMR_configt

7 Cookies

Domain/Path Name / Value
my.rtmark.net/ Name: ID
Value: 01813bd412ee4c6ef3c4c8ae57a7f77a
lbg3ncntw5z2.com/ Name: _subid
Value: 3giltcollj2b2
lbg3ncntw5z2.com/ Name: 6dcfa
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwXCI6MTczNDkxNDk3M30sXCJjYW1wYWlnbnNcIjp7XCIxMFwiOjE3MzQ5MTQ5NzN9LFwidGltZVwiOjE3MzQ5MTQ5NzN9In0.dw30rPIbw21KcFXwXRMeW2v31izMcyNAnt_pJMlHmTU
lbg3ncntw5z2.com/ Name: _token
Value: uuid_3giltcollj2b2_3giltcollj2b26768b39d1fb681.49712298
.ak.beterrakionan.com/ Name: RT
Value: "z=1&dm=ak.beterrakionan.com&si=18cb92f8-3f4e-4135-9d51-9afddcd1ab20&ss=m50bkwcu&sl=2&tt=406&rl=1&ld=23w"
ak.beterrakionan.com/ Name: OAID
Value: 00813bd17886468bfbbeb80464220182
ak.beterrakionan.com/ Name: oaidts
Value: 1734914975

4 Console Messages

Source Level URL
Text
rendering warning URL: https://dafodvf0dn4h.site/
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0601D00CC260000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://dafodvf0dn4h.site/
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0405D00CC260000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://ak.beterrakionan.com/4/5735596?var=__
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0901D00CC260000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://ak.beterrakionan.com/afu.php?zoneid=5735596&var=5735596&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0301D00CC260000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
ak.beterrakionan.com
bid.mbidtg.com
c.go-mpulse.net
dafodvf0dn4h.site
fp.metricswpsh.com
js.mbidadm.com
js.mbidinp.com
kordooso.net
lbg3ncntw5z2.com
mbddip.com
mbdippex.com
metricswpsh.com
my.rtmark.net
s.go-mpulse.net
storage.mbidstorage.com
accounts.google.com
ak.beterrakionan.com
fp.metricswpsh.com
mbddip.com
mbdippex.com
157.90.84.242
172.67.164.241
172.67.164.81
172.67.169.157
172.67.169.58
172.67.194.85
23.46.179.153
2600:1415:11:4a1::11a6
2600:1415:3c00:287::11a6
45.133.44.24
45.133.44.52
88.198.209.15
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
22543f9cb6e6fa0b62b84198b83225520c3d80aea8dde786007b602b2178e04b
414cb60d56bf9841c45d281705f3b2f75cfa783a009375c8f77cbea79ead85e8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
6678fbb34f3ef18c5649c7cfc1302c671ff5b1c8e9f4365fb51f3d629dab2924
7ca42e0e958f542cde2a3390f6b3253dd6e32a2772243084d4e4e8496e6547a7
ab04843db8a0a785af6d7524b03912a5bfdaa610e4dc497697f4b5c3164e7fb1
beb693c800c59cc93cb2299640e1b6ea3b47e670267fa67004691436c5213f33
cf31e107e8cb091c9477fe99de3a57a65486fe87becf0e8f469846949beff9f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9ee84ad3396d12ef5af37fb909009cc7592504c7f4fbf28636e0c5f1c857a53
ef0578f6ce2c6a97cbd1ee96ae4fb1b3db0491fae46b4e63185ccf80c4cdfcaa