urlscan.io logo urlscan.io
SecurityTrails logo

hydragentoken.live Open in urlscan Pro
217.8.117.8  Public Scan

Go To Rescan Add Verdict Report
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9...
Submission: On June 14 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 7 countries across 13 domains to perform 22 HTTP transactions. The main IP is 217.8.117.8, located in Russian Federation and belongs to CREXFEXPEX-RUSSIA, RU. The main domain is hydragentoken.live.
This is the only time hydragentoken.live was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 217.8.117.8 47510 (CREXFEXPE...)
2 12 160.153.244.152 21501 (GODADDY-AMS)
1 1 2600:9000:215... 16509 (AMAZON-02)
1 89.185.38.84 8426 (CLARANET-...)
6 6 35.244.174.68 15169 (GOOGLE)
2 2 37.252.173.38 29990 (ASN-APPNEX)
3 35.241.8.149 15169 (GOOGLE)
3 3 172.217.22.66 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2 2a02:2638:1::13 44788 (ASN-CRITE...)
2 2 91.216.195.18 12516 (WEBORAMA ...)
1 1 54.194.46.76 16509 (AMAZON-02)
1 52.215.54.241 16509 (AMAZON-02)
1 1 145.239.193.53 16276 (OVH)
1 2001:41d0:301... 16276 (OVH)
1 2 3.248.141.37 16509 (AMAZON-02)
1 91.199.51.211 47544 (IQPL-AS)
22 10
1    217.8.117.8 (Russian Federation)

ASN47510 (CREXFEXPEX-RUSSIA, RU)
hydragentoken.live
12    160.153.244.152 (Scottsdale, United States)

ASN21501 (GODADDY-AMS, DE)
PTR: ip-160-153-244-152.ip.secureserver.net
ima.lagendadesventesprivees.eu
1    2600:9000:215d:d000:16:7e47:1800:21 (United States)

ASN16509 (AMAZON-02, US)
dqirm0tfcl9pc.cloudfront.net
1    89.185.38.84 (Paris, France)

ASN8426 (CLARANET-AS ClaraNET LTD, GB)
tracking.publicidees.com
6    35.244.174.68 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
ejp.rlcdn.com
2    37.252.173.38 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
3    35.241.8.149 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 149.8.241.35.bc.googleusercontent.com
idsync.rlcdn.com
3    172.217.22.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s17-in-f66.1e100.net
cm.g.doubleclick.net
2    2a00:1450:4001:815::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    91.216.195.18 (France)

ASN12516 (WEBORAMA Weborama provides Internet Services, FR)
PTR: std-collect-lb-c03-01-vip.weborama.fr
wam.solution.weborama.fr
1    54.194.46.76 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-46-76.eu-west-1.compute.amazonaws.com
crt.lagendadesventesprivees.eu
1    52.215.54.241 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-54-241.eu-west-1.compute.amazonaws.com
notify.adleadevent.com
1    145.239.193.53 (France)

ASN16276 (OVH, FR)
squa.lagendadesventesprivees.eu
1    2001:41d0:301:100:145:239:193:53 (France)

ASN16276 (OVH, FR)
squa.squatiki.eu
2    3.248.141.37 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-141-37.eu-west-1.compute.amazonaws.com
erm.lagendadesventesprivees.eu
er.cloud-media.fr
1    91.199.51.211 (Poland)

ASN47544 (IQPL-AS, PL)
PTR: 91-199-51-211.rev.iq.pl
links.lagendadesventesprivees.eu
Domain Requested by
12 ima.lagendadesventesprivees.eu 2 redirects hydragentoken.live
6 ejp.rlcdn.com 6 redirects
3 cm.g.doubleclick.net 3 redirects
3 idsync.rlcdn.com hydragentoken.live
2 wam.solution.weborama.fr 2 redirects
2 gum.criteo.com 2 redirects
2 s0.2mdn.net hydragentoken.live
2 ib.adnxs.com 2 redirects
1 links.lagendadesventesprivees.eu hydragentoken.live
1 er.cloud-media.fr hydragentoken.live
1 erm.lagendadesventesprivees.eu 1 redirects
1 squa.squatiki.eu hydragentoken.live
1 squa.lagendadesventesprivees.eu 1 redirects
1 notify.adleadevent.com hydragentoken.live
1 crt.lagendadesventesprivees.eu 1 redirects
1 tracking.publicidees.com hydragentoken.live
1 dqirm0tfcl9pc.cloudfront.net 1 redirects
1 hydragentoken.live
0 flex.lagendadesventesprivees.eu Failed hydragentoken.live
22 19

This site contains links to these domains. Also see Links.

Domain
links.lagendadesventesprivees.eu
Subject Issuer Validity Valid
ima.lagendadesventesprivees.eu
cPanel, Inc. Certification Authority		 2020-05-30 -
2020-08-28		 3 months crt.sh
*.publicidees.com
Gandi Standard SSL CA 2		 2018-12-17 -
2021-01-06		 2 years crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-14 -
2021-04-23		 a year crt.sh
*.doubleclick.net
GTS CA 1O1		 2020-05-26 -
2020-08-18		 3 months crt.sh
*.adleadevent.com
Gandi Standard SSL CA 2		 2020-04-14 -
2021-04-17		 a year crt.sh
squa.enviedbonsplans.eu
Let's Encrypt Authority X3		 2020-06-08 -
2020-09-06		 3 months crt.sh
*.cmrt.io
Amazon		 2019-10-11 -
2020-11-11		 a year crt.sh
links.lagendadesventesprivees.eu
Let's Encrypt Authority X3		 2020-05-05 -
2020-08-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Frame ID: 3DAE7AD1CC5C0E2836CA2E899F9F8ACE
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

22
Requests

91 %
HTTPS

24 %
IPv6

13
Domains

19
Subdomains

10
IPs

7
Countries

289 kB
Transfer

283 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://ima.lagendadesventesprivees.eu/nElwIpGqViBg HTTP 301
  • https://ima.lagendadesventesprivees.eu/nElwIpGqViBg/ HTTP 302
  • https://dqirm0tfcl9pc.cloudfront.net/link.php?promoid=214996&progid=5747&partid=48575&to_shootid=8232 HTTP 301
  • https://tracking.publicidees.com/link.php?promoid=214996&progid=5747&partid=48575&to_shootid=8232
Request Chain 11
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=1 HTTP 307
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fidsync.rlcdn.com%252F52154.gif%253Fserved_by%253Devergreen%2526partner_uid%253D%2524UID HTTP 302
  • https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2691679162535240806
Request Chain 12
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=2 HTTP 307
  • https://ejp.rlcdn.com/1000.gif?memo=CMajKxIrCiYIBBAAGiBhZTg3NDE0YjYwMzM1YzVlYWJlNzhiYzg5NjgwZTMzNRCddRoNCJDxmvcFEgUI6AcQAEIASgA HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_cm HTTP 302
  • https://s0.2mdn.net/dot.gif?google_gid=CAESEHRkXI-luD7IzKIsS18zYoE&google_cver=1
Request Chain 13
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=3 HTTP 307
  • https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
  • https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40 HTTP 302
  • https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=gW596WTXJqK6far4z5oWQiPv79jt1YAI
Request Chain 14
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=4 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_cm HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_cm=&google_tc= HTTP 302
  • https://s0.2mdn.net/dot.gif?google_gid=CAESEFqmrSblmJ_Wg_nP4CiDzUg&google_cver=1
Request Chain 15
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=5 HTTP 307
  • https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=rd&d.k=acxiom_id&d.u=https://idsync.rlcdn.com/401726.gif?partner_uid={WEBO_CID} HTTP 302
  • https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?g.bo=OK&g.rn=579839&d.A=rd&d.k=acxiom_id&d.u=https://idsync.rlcdn.com/401726.gif?partner_uid={WEBO_CID} HTTP 302
  • https://idsync.rlcdn.com/401726.gif?partner_uid=IBGvtWJPW.9uRwLooCvt..
Request Chain 17
  • https://crt.lagendadesventesprivees.eu/adtckrtg.php?ids=2443&s=3089&hash=ae87414b60335c5eabe78bc89680e335&hash256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e HTTP 301
  • https://notify.adleadevent.com/adtckrtg.php?ids=2443&s=3089&hash=ae87414b60335c5eabe78bc89680e335&hash256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
Request Chain 18
  • https://squa.lagendadesventesprivees.eu/collect_v2.img.php?dmp=emdmpeasy&p=1881&s=1881&m=ae87414b60335c5eabe78bc89680e335&email_sha256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e HTTP 302
  • https://squa.squatiki.eu/collect_v2.img.php?dmp=emdmpeasy&p=1881&s=1881&m=ae87414b60335c5eabe78bc89680e335&email_sha256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
Request Chain 19
  • http://erm.lagendadesventesprivees.eu/r/ae87414b60335c5eabe78bc89680e335/cfaae7d0-5c35-49a6-a80e-53e59d60395f HTTP 302
  • https://er.cloud-media.fr/c/ae87414b60335c5eabe78bc89680e335/cfaae7d0-5c35-49a6-a80e-53e59d60395f

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request optiextension.dll
hydragentoken.live/optiext/ 		36 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Server
217.8.117.8 , Russian Federation, ASN47510 (CREXFEXPEX-RUSSIA, RU),
Reverse DNS
Software
nginx /
Resource Hash
291c1061799a9446ee13156156824451c15ee1342a4a3bcb7d80683e0d8ef0a1

Request headers

Host
hydragentoken.live
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
text/html; charset=UTF-8
Date
Sun, 14 Jun 2020 23:54:03 GMT
Server
nginx
Transfer-Encoding
chunked
mYw3c2XE4jGR.jpg
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/mYw3c2XE4jGR.jpg
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
8532624cceef510dd7f0025a19b9c1abe9e38f072b137f5743b214eb5998e27c

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:13 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
32726
Content-Type
image/jpeg
Q83iYcnsDTRL.png
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/Q83iYcnsDTRL.png
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
b5c3c682e4a18d4eebdcdc7483554f5a147825d5d787d66b3fc7a452d3d94bf5

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:11 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
2154
Content-Type
image/png
8TmHWlDezo8T.png
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/8TmHWlDezo8T.png
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
c587c022e2705d02a4476eacc518e14e52f330df1dbed733a3601b88b2f9371c

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:11 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
11227
Content-Type
image/png
5BoT8sFAnotg.jpg
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		145 KB
145 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/5BoT8sFAnotg.jpg
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
99b08ac01ca1aa37608f8ac83758924d9faf6f9f6abb2d845ce533a501768620

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:12 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
148734
Content-Type
image/jpeg
Bcf0j140jay9.png
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/Bcf0j140jay9.png
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
d74f1ce9dcb08c43c6fe5e0bd3f849f3c45af86eb90b63e94bd45019775ebc47

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:11 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
4234
Content-Type
image/png
0KXaYqgc5rS8.png
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/0KXaYqgc5rS8.png
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
95002c98abad2816e4b64f135385a02b66e28757dbd19cf396d34dc30d64c9ea

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:13 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
4003
Content-Type
image/png
WZ0hVewcro2W.png
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/WZ0hVewcro2W.png
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
ed7b9b670ab47562179a5517f1250062611d5384bea887062c6502b9f949ebd4

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:12 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
3711
Content-Type
image/png
5ZL7R1ixB6eh.png
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/5ZL7R1ixB6eh.png
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
c4646976dd2eb86546e27e7609fc52f310dee33302ac63a7915520bd5cabf8f8

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:13 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
5122
Content-Type
image/png
QsaKVF7rOiFH.jpg
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/QsaKVF7rOiFH.jpg
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
8532624cceef510dd7f0025a19b9c1abe9e38f072b137f5743b214eb5998e27c

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:12 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
32726
Content-Type
image/jpeg
oUwr7KwudhK1.jpg
ima.lagendadesventesprivees.eu/VkXg1sXBhB23/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ima.lagendadesventesprivees.eu/VkXg1sXBhB23/oUwr7KwudhK1.jpg
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
160.153.244.152 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS
ip-160-153-244-152.ip.secureserver.net
Software
Apache /
Resource Hash
a41c5b4ee8a98d51d24b7a7abbc85e95e5d153e8a6bf6687def0c580216a33ee

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Wed, 20 May 2020 11:29:12 GMT
Server
Apache
Connection
close
Accept-Ranges
bytes
Content-Length
7452
Content-Type
image/jpeg
link.php
tracking.publicidees.com/
Redirect Chain
  • https://ima.lagendadesventesprivees.eu/nElwIpGqViBg
  • https://ima.lagendadesventesprivees.eu/nElwIpGqViBg/
  • https://dqirm0tfcl9pc.cloudfront.net/link.php?promoid=214996&progid=5747&partid=48575&to_shootid=8232
  • https://tracking.publicidees.com/link.php?promoid=214996&progid=5747&partid=48575&to_shootid=8232
43 B
825 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tracking.publicidees.com/link.php?promoid=214996&progid=5747&partid=48575&to_shootid=8232
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.185.38.84 Paris, France, ASN8426 (CLARANET-AS ClaraNET LTD, GB),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Sun, 14 Jun 2020 23:53:52 GMT
Server
nginx/1.14.0
Transfer-Encoding
chunked
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Type
image/gif
Expires
0

Redirect headers

date
Sun, 14 Jun 2020 17:32:14 GMT
via
1.1 a2ff850ccdde2a6d47a8ef587e8cb536.cloudfront.net (CloudFront)
server
nginx/1.14.0
age
22898
status
301
x-cache
Hit from cloudfront
content-type
text/html
location
https://tracking.publicidees.com/link.php?promoid=214996&progid=5747&partid=48575&to_shootid=8232
x-amz-cf-pop
CPH50-C1
content-length
185
x-amz-cf-id
n3I06hKNEg0U3kSnn6_R2NosUVbMDsNqK-A1vv2lP9Qr1hfsa68dvQ==
52154.gif
idsync.rlcdn.com/
Redirect Chain
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=1
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fserved_by%3Devergreen%26partner_uid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fidsync.rlcdn.com%252F52154.gif%253Fserved_by%253Devergreen%2526partner_uid%253D%2524UID
  • https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2691679162535240806
42 B
375 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2691679162535240806
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.8.149 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
149.8.241.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 14 Jun 2020 23:53:52 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status
200
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42

Redirect headers

Pragma
no-cache
Date
Sun, 14 Jun 2020 23:53:54 GMT
X-Proxy-Origin
185.236.201.148; 185.236.201.148; 537.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.39:80
AN-X-Request-Uuid
7664bf5b-2505-4ea8-95a4-ebade5fc2eb0
Server
nginx/1.13.4
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://idsync.rlcdn.com/52154.gif?served_by=evergreen&partner_uid=2691679162535240806
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dot.gif
s0.2mdn.net/
Redirect Chain
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=2
  • https://ejp.rlcdn.com/1000.gif?memo=CMajKxIrCiYIBBAAGiBhZTg3NDE0YjYwMzM1YzVlYWJlNzhiYzg5NjgwZTMzNRCddRoNCJDxmvcFEgUI6AcQAEIASgA
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_cm
  • https://s0.2mdn.net/dot.gif?google_gid=CAESEHRkXI-luD7IzKIsS18zYoE&google_cver=1
43 B
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEHRkXI-luD7IzKIsS18zYoE&google_cver=1
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 14 Jun 2020 23:53:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
expires
Mon, 15 Jun 2020 23:53:52 GMT

Redirect headers

pragma
no-cache
date
Sun, 14 Jun 2020 23:53:52 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://s0.2mdn.net/dot.gif?google_gid=CAESEHRkXI-luD7IzKIsS18zYoE&google_cver=1
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
397676.gif
idsync.rlcdn.com/
Redirect Chain
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=3
  • https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
  • https://gum.criteo.com/sync?s=1&c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397676.gif%3Fserved_by%3Devergreen%26partner_uid%3D%40USERID%40
  • https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=gW596WTXJqK6far4z5oWQiPv79jt1YAI
42 B
483 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=gW596WTXJqK6far4z5oWQiPv79jt1YAI
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.8.149 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
149.8.241.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 14 Jun 2020 23:53:52 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status
200
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42

Redirect headers

status
302
strict-transport-security
max-age=31536000
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
date
Sun, 14 Jun 2020 23:53:51 GMT
content-length
221
location
https://idsync.rlcdn.com/397676.gif?served_by=evergreen&partner_uid=gW596WTXJqK6far4z5oWQiPv79jt1YAI
content-type
text/html; charset=utf-8
dot.gif
s0.2mdn.net/
Redirect Chain
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=4
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_cm
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_cm=&google_tc=
  • https://s0.2mdn.net/dot.gif?google_gid=CAESEFqmrSblmJ_Wg_nP4CiDzUg&google_cver=1
43 B
435 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEFqmrSblmJ_Wg_nP4CiDzUg&google_cver=1
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 14 Jun 2020 23:53:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
expires
Mon, 15 Jun 2020 23:53:52 GMT

Redirect headers

pragma
no-cache
date
Sun, 14 Jun 2020 23:53:52 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://s0.2mdn.net/dot.gif?google_gid=CAESEFqmrSblmJ_Wg_nP4CiDzUg&google_cver=1
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
401726.gif
idsync.rlcdn.com/
Redirect Chain
  • https://ejp.rlcdn.com/709062.gif?m=ae87414b60335c5eabe78bc89680e335&n=5
  • https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?d.A=rd&d.k=acxiom_id&d.u=https://idsync.rlcdn.com/401726.gif?partner_uid={WEBO_CID}
  • https://wam.solution.weborama.fr/fcgi-bin/dispatch.fcgi?g.bo=OK&g.rn=579839&d.A=rd&d.k=acxiom_id&d.u=https://idsync.rlcdn.com/401726.gif?partner_uid={WEBO_CID}
  • https://idsync.rlcdn.com/401726.gif?partner_uid=IBGvtWJPW.9uRwLooCvt..
42 B
375 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/401726.gif?partner_uid=IBGvtWJPW.9uRwLooCvt..
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.8.149 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
149.8.241.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 14 Jun 2020 23:53:52 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status
200
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42

Redirect headers

Pragma
no-cache
Date
Sun, 14 Jun 2020 23:53:52 GMT
Last-Modified
Sun, 14 Jun 2020 23:53:52 GMT
Server
Apache
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Location
https://idsync.rlcdn.com/401726.gif?partner_uid=IBGvtWJPW.9uRwLooCvt..
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Expires
Tue, 03 Jul 2001 06:00:00 GMT
pixel.php
flex.lagendadesventesprivees.eu/tags/ 		0
0
adtckrtg.php
notify.adleadevent.com/
Redirect Chain
  • https://crt.lagendadesventesprivees.eu/adtckrtg.php?ids=2443&s=3089&hash=ae87414b60335c5eabe78bc89680e335&hash256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
  • https://notify.adleadevent.com/adtckrtg.php?ids=2443&s=3089&hash=ae87414b60335c5eabe78bc89680e335&hash256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
43 B
672 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://notify.adleadevent.com/adtckrtg.php?ids=2443&s=3089&hash=ae87414b60335c5eabe78bc89680e335&hash256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.54.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-54-241.eu-west-1.compute.amazonaws.com
Software
nginx/1.10.3 / Express
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Server
nginx/1.10.3
X-Powered-By
Express
ETag
W/"2b-2eaaa083"
Content-Type
image/gif
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://notify.adleadevent.com/adtckrtg.php?ids=2443&s=3089&hash=ae87414b60335c5eabe78bc89680e335&hash256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
Date
Mon, 15 Jun 2020 00:05:49 GMT
Server
nginx/1.4.6 (Ubuntu)
Connection
keep-alive
Content-Length
193
Content-Type
text/html
collect_v2.img.php
squa.squatiki.eu/
Redirect Chain
  • https://squa.lagendadesventesprivees.eu/collect_v2.img.php?dmp=emdmpeasy&p=1881&s=1881&m=ae87414b60335c5eabe78bc89680e335&email_sha256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
  • https://squa.squatiki.eu/collect_v2.img.php?dmp=emdmpeasy&p=1881&s=1881&m=ae87414b60335c5eabe78bc89680e335&email_sha256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
43 B
806 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://squa.squatiki.eu/collect_v2.img.php?dmp=emdmpeasy&p=1881&s=1881&m=ae87414b60335c5eabe78bc89680e335&email_sha256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:41d0:301:100:145:239:193:53 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
Cache-Control
no-store, no-cache
Transfer-Encoding
chunked
Content-Type
image/gif
X-IPLB-Instance
36821
Strict-Transport-Security
max-age=31536000
P3P
CP="ALL DSP COR CURa ADMa PSAa PSDa OUR NOR UNI"

Redirect headers

Location
https://squa.squatiki.eu/collect_v2.img.php?dmp=emdmpeasy&p=1881&s=1881&m=ae87414b60335c5eabe78bc89680e335&email_sha256=c5b568288a6c95fa4c296b2dd8cea15efcd62ab77a3c8e9b3f24a29f755e3b9e
Date
Sun, 14 Jun 2020 23:53:52 GMT
Content-Type
text/html
Content-Length
158
Strict-Transport-Security
max-age=31536000
X-IPLB-Instance
25256
P3P
CP="ALL DSP COR CURa ADMa PSAa PSDa OUR NOR UNI"
cfaae7d0-5c35-49a6-a80e-53e59d60395f
er.cloud-media.fr/c/ae87414b60335c5eabe78bc89680e335/
Redirect Chain
  • http://erm.lagendadesventesprivees.eu/r/ae87414b60335c5eabe78bc89680e335/cfaae7d0-5c35-49a6-a80e-53e59d60395f
  • https://er.cloud-media.fr/c/ae87414b60335c5eabe78bc89680e335/cfaae7d0-5c35-49a6-a80e-53e59d60395f
35 B
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://er.cloud-media.fr/c/ae87414b60335c5eabe78bc89680e335/cfaae7d0-5c35-49a6-a80e-53e59d60395f
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.248.141.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-141-37.eu-west-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sun, 14 Jun 2020 23:53:52 GMT
x-content-type-options
nosniff
server
awselb/2.0
content-length
35
content-type
image/gif

Redirect headers

Date
Sun, 14 Jun 2020 23:53:52 GMT
X-Content-Type-Options
nosniff
Server
awselb/2.0
Content-Type
text/html;charset=utf-8
Location
https://er.cloud-media.fr/c/ae87414b60335c5eabe78bc89680e335/cfaae7d0-5c35-49a6-a80e-53e59d60395f
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
143e3217
links.lagendadesventesprivees.eu/o/2zj/bwwWzwd_0IXMzcub9npIky/NrjT/F/ 		43 B
267 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://links.lagendadesventesprivees.eu/o/2zj/bwwWzwd_0IXMzcub9npIky/NrjT/F/143e3217
Requested by
Host: hydragentoken.live
URL: http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
91.199.51.211 , Poland, ASN47544 (IQPL-AS, PL),
Reverse DNS
91-199-51-211.rev.iq.pl
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
http://hydragentoken.live/optiext/optiextension.dll?ID=DR9NYQqx1WFRRAW39KisftUI18j73dGIZZoC_JF8VO_lDjNJw9rFDs/66gyh3xx3pc9tyex5rz5OR8UOTc_rTUec6cebDykW_7acAe2FkWEP3L9zpy
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 14 Jun 2020 23:53:51 GMT
Cache-Control
no-cache, max-age=0
Transfer-Encoding
chunked
Content-Type
image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
flex.lagendadesventesprivees.eu
URL
http://flex.lagendadesventesprivees.eu/tags/pixel.php?h=ae87414b60335c5eabe78bc89680e335&source=601

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cm.g.doubleclick.net
crt.lagendadesventesprivees.eu
dqirm0tfcl9pc.cloudfront.net
ejp.rlcdn.com
er.cloud-media.fr
erm.lagendadesventesprivees.eu
flex.lagendadesventesprivees.eu
gum.criteo.com
hydragentoken.live
ib.adnxs.com
idsync.rlcdn.com
ima.lagendadesventesprivees.eu
links.lagendadesventesprivees.eu
notify.adleadevent.com
s0.2mdn.net
squa.lagendadesventesprivees.eu
squa.squatiki.eu
tracking.publicidees.com
wam.solution.weborama.fr
flex.lagendadesventesprivees.eu
145.239.193.53
160.153.244.152
172.217.22.66
2001:41d0:301:100:145:239:193:53
217.8.117.8
2600:9000:215d:d000:16:7e47:1800:21
2a00:1450:4001:815::2006
2a02:2638:1::13
3.248.141.37
35.241.8.149
35.244.174.68
37.252.173.38
52.215.54.241
54.194.46.76
89.185.38.84
91.199.51.211
91.216.195.18
291c1061799a9446ee13156156824451c15ee1342a4a3bcb7d80683e0d8ef0a1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8532624cceef510dd7f0025a19b9c1abe9e38f072b137f5743b214eb5998e27c
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
95002c98abad2816e4b64f135385a02b66e28757dbd19cf396d34dc30d64c9ea
99b08ac01ca1aa37608f8ac83758924d9faf6f9f6abb2d845ce533a501768620
a41c5b4ee8a98d51d24b7a7abbc85e95e5d153e8a6bf6687def0c580216a33ee
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5c3c682e4a18d4eebdcdc7483554f5a147825d5d787d66b3fc7a452d3d94bf5
c4646976dd2eb86546e27e7609fc52f310dee33302ac63a7915520bd5cabf8f8
c587c022e2705d02a4476eacc518e14e52f330df1dbed733a3601b88b2f9371c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d74f1ce9dcb08c43c6fe5e0bd3f849f3c45af86eb90b63e94bd45019775ebc47
ed7b9b670ab47562179a5517f1250062611d5384bea887062c6502b9f949ebd4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629