Submitted URL: https://targhe.info/pop-go/49119?sub_id={zoneid}
Effective URL: https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x
Submission: On October 20 via manual from TN — Scanned from CA

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 16 HTTP transactions. The main IP is 104.18.23.222, located in and belongs to CLOUDFLARENET, US. The main domain is jonoorgaip.net.
TLS certificate: Issued by WE1 on October 15th 2024. Valid for: 3 months.
This is the only time jonoorgaip.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 4 139.45.196.64 9002 (RETN-AS)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 139.45.195.8 9002 (RETN-AS)
1 104.18.22.222 13335 (CLOUDFLAR...)
1 7 104.18.23.222 13335 (CLOUDFLAR...)
16 6
Apex Domain
Subdomains
Transfer
8 jonoorgaip.net
jonoorgaip.net
16 KB
4 gribeorlneka.net
gribeorlneka.net — Cisco Umbrella Rank: 164687
16 KB
3 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 10912
1 KB
1 cdntechone.com
cdntechone.com — Cisco Umbrella Rank: 44392
9 KB
1 auto-bg.info
auto-bg.info — Cisco Umbrella Rank: 345778
1012 B
1 targhe.info
targhe.info — Cisco Umbrella Rank: 64547
803 B
0 datatechone.com Failed
datatechone.com Failed
16 7
Domain Requested by
8 jonoorgaip.net 1 redirects gribeorlneka.net
jonoorgaip.net
4 gribeorlneka.net 1 redirects cdntechone.com
gribeorlneka.net
3 my.rtmark.net gribeorlneka.net
jonoorgaip.net
1 cdntechone.com
1 auto-bg.info 1 redirects
1 targhe.info 1 redirects
0 datatechone.com Failed cdntechone.com
16 7

This site contains no links.

Subject Issuer Validity Valid
cdntechone.com
WE1
2024-10-16 -
2025-01-14
3 months crt.sh
gribeorlneka.net
R10
2024-09-26 -
2024-12-25
3 months crt.sh
rtmark.net
R11
2024-08-30 -
2024-11-28
3 months crt.sh
jonoorgaip.net
WE1
2024-10-15 -
2025-01-13
3 months crt.sh

This page contains 1 frames:

Frame: https://jonoorgaip.net/?z=6118780&syncedCookie=true&rhd=false
Frame ID: 2CABAA8B4998CD96A85F9D07154E46E4
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

Redirect

Page URL History Show full URLs

  1. https://targhe.info/pop-go/49119?sub_id={zoneid} HTTP 302
    https://auto-bg.info/yX5n98X9?source=49119&sub_id_1=pops&sub_id_2={reason}&sub_id_3={click_age} HTTP 302
    https://gribeorlneka.net/link?z=8231076&var=49119 HTTP 302
    https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=8231076&axcusid1=49... Page URL
  2. http://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=105... HTTP 307
    https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=105... Page URL
  3. https://jonoorgaip.net/?z=8231077&syncedCookie=true&rhd=false HTTP 302
    https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

16
Requests

88 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

41 kB
Transfer

79 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://targhe.info/pop-go/49119?sub_id={zoneid} HTTP 302
    https://auto-bg.info/yX5n98X9?source=49119&sub_id_1=pops&sub_id_2={reason}&sub_id_3={click_age} HTTP 302
    https://gribeorlneka.net/link?z=8231076&var=49119 HTTP 302
    https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=8231076&axcusid1=49119&clid={ymid}&r=http%3A%2F%2Fgribeorlneka.net%2Flink%3Fz%3D8231076%26var%3D49119%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926 Page URL
  2. http://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926 HTTP 307
    https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926 Page URL
  3. https://jonoorgaip.net/?z=8231077&syncedCookie=true&rhd=false HTTP 302
    https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://targhe.info/pop-go/49119?sub_id={zoneid} HTTP 302
  • https://auto-bg.info/yX5n98X9?source=49119&sub_id_1=pops&sub_id_2={reason}&sub_id_3={click_age} HTTP 302
  • https://gribeorlneka.net/link?z=8231076&var=49119 HTTP 302
  • https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=8231076&axcusid1=49119&clid={ymid}&r=http%3A%2F%2Fgribeorlneka.net%2Flink%3Fz%3D8231076%26var%3D49119%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Request Chain 2
  • http://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926 HTTP 307
  • https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
r.html
cdntechone.com/
Redirect Chain
  • https://targhe.info/pop-go/49119?sub_id={zoneid}
  • https://auto-bg.info/yX5n98X9?source=49119&sub_id_1=pops&sub_id_2={reason}&sub_id_3={click_age}
  • https://gribeorlneka.net/link?z=8231076&var=49119
  • https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=8231076&axcusid1=49119&clid={ymid}&r=http%3A%2F%2Fgribeorlneka.net%2Flink%3Fz%3D8231076%26var%3D49119%26acb%3Dproxy-s...
20 KB
9 KB
Document
General
Full URL
https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=8231076&axcusid1=49119&clid={ymid}&r=http%3A%2F%2Fgribeorlneka.net%2Flink%3Fz%3D8231076%26var%3D49119%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:c31c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5f8b540ccf7bfb15d7c172f7b1c08124a65059ecf81430298b2075a8b733a63

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8d5bf5e789472395-EWR
content-encoding
zstd
content-type
text/html
date
Sun, 20 Oct 2024 21:04:29 GMT
last-modified
Thu, 11 Jul 2024 10:23:50 GMT
link
<https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zT6oeH2BVtzsufLU0EDXUjBvlh0w3zNBbx6uvzVnNbld%2FgFqnbEXkkJr1jVhvkC8GN8t7qdI45lnRYceVMG0c%2FzCX4dDvXk6LN4TDARF2fZ3XcSqK7j29rsnqcLYVNrVCaCRUpm4xGlsVYPQrA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=121050&sent=13&recv=9&lost=0&retrans=0&sent_bytes=4174&recv_bytes=4548&delivery_rate=3474&cwnd=12000&unsent_bytes=0&cid=99a04d746b2b96d7&ts=285&x=1" cfExtPri cfHdrFlush;dur=0

Redirect headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-length
0
date
Sun, 20 Oct 2024 21:04:28 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
link
<https://cdntechone.com>; rel="dns-prefetch preconnect"
location
https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=8231076&axcusid1=49119&clid={ymid}&r=http%3A%2F%2Fgribeorlneka.net%2Flink%3Fz%3D8231076%26var%3D49119%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
pragma
no-cache
server
nginx
strict-transport-security
max-age=1
timing-allow-origin
*
x-content-type-options
nosniff
add
datatechone.com/log/
0
0

link
gribeorlneka.net/
Redirect Chain
  • http://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
  • https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
29 KB
14 KB
Document
General
Full URL
https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Requested by
Host: cdntechone.com
URL: https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=8231076&axcusid1=49119&clid={ymid}&r=http%3A%2F%2Fgribeorlneka.net%2Flink%3Fz%3D8231076%26var%3D49119%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.196.64 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
bfc2124d9b84607af6ef2464b1a8867002afc973b93d6eed88f4c5ab369f3cb6
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=8231076&axcusid1=49119&clid={ymid}&r=http%3A%2F%2Fgribeorlneka.net%2Flink%3Fz%3D8231076%26var%3D49119%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf8
date
Sun, 20 Oct 2024 21:04:30 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
link
<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma
no-cache
server
nginx
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff
x-trace-id
d7d014ef49d3f75a56d2c8b6a6f6884a

Redirect headers

Location
https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Non-Authoritative-Reason
HttpsUpgrades
img.gif
my.rtmark.net/
43 B
492 B
Image
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=0480fb35f8334406f2d6f0686f9ce444&z=8231077&p_rid=ed0f2756-013e-4504-a5c4-d3dc0617a82b&p_src=sf
Requested by
Host: gribeorlneka.net
URL: https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gribeorlneka.net/

Response headers

strict-transport-security
max-age=1
access-control-expose-headers
Authorization
timing-allow-origin
*, *
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
access-control-allow-origin
*
content-length
43
date
Sun, 20 Oct 2024 21:04:31 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
sftouch
jonoorgaip.net/
43 B
664 B
Image
General
Full URL
https://jonoorgaip.net/sftouch?userId=0480fb35f8334406f2d6f0686f9ce444&z=8231077&p_rid=ed0f2756-013e-4504-a5c4-d3dc0617a82b&p_src=sf&branchId=0&rb=wcCUI2COirfpY2BG-xo7WmLCeZLuSbw0yexcGu0QEDg7nxickMK4EYiu_2IsXBaHc1hKBfTSsh-ifLrq5L1frip6EFX_d9No3fZdfxGKCt6iDbQi-kFf7fbTtmxvFGDgebgWLi4sKStzI3ptTcpbh2YNdTlQs_6OdUSMZ5SrZp8TFo9P82-k3VtbArVd31JIlWpe19okPN7ufFE_IrbTlNv_Vdj7RdBWWZw4sNRd98D-yfPmVcHHmZpHoAjhxNqkTSNcjZIZWH5Kj9D7yp8E7XKf1DVA_lR-Btxoql1iNokSSvwYd_IzHBFBBeuP3zPx-Z1GIGt_9vk=&w_img=1
Requested by
Host: gribeorlneka.net
URL: https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gribeorlneka.net/

Response headers

access-control-max-age
86400
cf-cache-status
DYNAMIC
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
expires
Tue, 11 Jan 1994 10:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 20 Oct 2024 21:04:31 GMT
content-type
image/gif
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
strict-transport-security
max-age=1
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*, *
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
pragma
no-cache
access-control-allow-credentials
true
x-trace-id
5b562a490689986b69cbd5653b43fd37
cf-ray
8d5bf5f16cdb3981-YYZ
access-control-allow-origin
*
content-length
43
server
cloudflare
add
gribeorlneka.net/log/
12 B
385 B
XHR
General
Full URL
https://gribeorlneka.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed0f2756-013e-4504-a5c4-d3dc0617a82b
Requested by
Host: gribeorlneka.net
URL: https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.196.64 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926

Response headers

strict-transport-security
max-age=1
timing-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
access-control-allow-origin
https://gribeorlneka.net
content-length
12
date
Sun, 20 Oct 2024 21:04:30 GMT
content-type
application/json; charset=utf-8
server
nginx
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
add
gribeorlneka.net/async_log/
0
339 B
XHR
General
Full URL
https://gribeorlneka.net/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=ed0f2756-013e-4504-a5c4-d3dc0617a82b
Requested by
Host: gribeorlneka.net
URL: https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.196.64 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926

Response headers

strict-transport-security
max-age=1
timing-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
access-control-allow-origin
https://gribeorlneka.net
content-length
0
date
Sun, 20 Oct 2024 21:04:30 GMT
server
nginx
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
img.gif
my.rtmark.net/
43 B
507 B
Ping
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=0480fb35f8334406f2d6f0686f9ce444&z=8231077&p_rid=ed0f2756-013e-4504-a5c4-d3dc0617a82b&p_src=sf
Requested by
Host: gribeorlneka.net
URL: https://gribeorlneka.net/link?z=8231076&var=49119&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=16926
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gribeorlneka.net/

Response headers

strict-transport-security
max-age=1
access-control-expose-headers
Authorization
timing-allow-origin
*, *
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
access-control-allow-origin
https://gribeorlneka.net
content-length
43
date
Sun, 20 Oct 2024 21:04:31 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
Primary Request 6118780
jonoorgaip.net/4/
Redirect Chain
  • https://jonoorgaip.net/?z=8231077&syncedCookie=true&rhd=false
  • https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x
29 KB
14 KB
Document
General
Full URL
https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e5153ef6b0cdc7f92d04044c6353b2797a7f1bd06b7716668552caeccc40fea
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://gribeorlneka.net
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8d5bf5f7ebff39e3-YYZ
content-encoding
gzip
content-type
text/html; charset=utf8
date
Sun, 20 Oct 2024 21:04:32 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
link
<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff
x-trace-id
e16c9f357c3f487bb4bc6e4f9b00050b

Redirect headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://gribeorlneka.net
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8d5bf5f6db1739e3-YYZ
content-length
0
date
Sun, 20 Oct 2024 21:04:31 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
link
<https://jonoorgaip.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location
https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x
pragma
no-cache
referrer-policy
no-referrer
server
cloudflare
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff
x-trace-id
86284d3c0211d1af21bf0f3324bb4174
sftouch
jonoorgaip.net/
43 B
145 B
Image
General
Full URL
https://jonoorgaip.net/sftouch?userId=0080fbed7e6e45c8efc8282dfa5ec8c5&z=6118780&p_rid=3c12776c-4c17-43c0-a1ce-91d3c788c2e7&p_src=sf&branchId=0&rb=xiIQCrm2N_bpaozSWhBZIOCg3YsvMQq2fNkJqPo4fNLmgYG8T8GyLZoNyEL9_9iLAZmjM54hbXz22zqy2LLNOaVjf2HOipP3TiKV67RPa9TOTPY_EpqsAVjVksHSKGIro7tf23TuJksIF4wm6iKstnoWZpXqES09qmbM0s1oDgosfDOpIFDZPJLprlDeTV4aLCRbc4Rjj47NgN95IUQ6WMWTVXzX2pU2C2P5J-wy9mMsGKk29IPfEepidv9TTPsDgJzQZ5bkp0v97qCrv4I6SnXjnknHixfWm2UcCYaCznX-oqf5heWf_A==&w_img=1
Requested by
Host: jonoorgaip.net
URL: https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x

Response headers

access-control-max-age
86400
cf-cache-status
DYNAMIC
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
expires
Tue, 11 Jan 1994 10:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 20 Oct 2024 21:04:32 GMT
content-type
image/gif
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
strict-transport-security
max-age=1
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*, *
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
pragma
no-cache
access-control-allow-credentials
true
x-trace-id
3dbc0c52d0614ce54d00da0f618700cf
cf-ray
8d5bf5f95d4d39e3-YYZ
access-control-allow-origin
*
content-length
43
server
cloudflare
add
jonoorgaip.net/log/
12 B
304 B
XHR
General
Full URL
https://jonoorgaip.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=3c12776c-4c17-43c0-a1ce-91d3c788c2e7
Requested by
Host: jonoorgaip.net
URL: https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.23.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x

Response headers

strict-transport-security
max-age=1
timing-allow-origin
*
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
cf-ray
8d5bf5f989b5ac58-YYZ
access-control-allow-origin
https://jonoorgaip.net
alt-svc
h3=":443"; ma=86400
content-length
12
date
Sun, 20 Oct 2024 21:04:32 GMT
content-type
application/json; charset=utf-8
server
cloudflare
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
img.gif
my.rtmark.net/
43 B
492 B
Image
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=0080fbed7e6e45c8efc8282dfa5ec8c5&z=6118780&p_rid=3c12776c-4c17-43c0-a1ce-91d3c788c2e7&p_src=sf
Requested by
Host: jonoorgaip.net
URL: https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://jonoorgaip.net/

Response headers

strict-transport-security
max-age=1
access-control-expose-headers
Authorization
timing-allow-origin
*, *
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
x-content-type-options
nosniff
access-control-allow-origin
*
content-length
43
date
Sun, 20 Oct 2024 21:04:32 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
add
jonoorgaip.net/async_log/
0
296 B
XHR
General
Full URL
https://jonoorgaip.net/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=3c12776c-4c17-43c0-a1ce-91d3c788c2e7
Requested by
Host: jonoorgaip.net
URL: https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.23.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x

Response headers

strict-transport-security
max-age=1
timing-allow-origin
*
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
cf-ray
8d5bf5f999bcac58-YYZ
access-control-allow-origin
https://jonoorgaip.net
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sun, 20 Oct 2024 21:04:32 GMT
server
cloudflare
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
favicon.ico
jonoorgaip.net/
0
181 B
Other
General
Full URL
https://jonoorgaip.net/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.23.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://jonoorgaip.net/4/6118780?var=8231077&btz=America/Vancouver&bto=420&bar=x

Response headers

cache-control
public, max-age=315360000
cf-cache-status
HIT
pragma
public
age
451448
cf-ray
8d5bf5fdfe0aac58-YYZ
expires
Wed, 18 Oct 2034 21:04:32 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 20 Oct 2024 21:04:32 GMT
vary
Accept-Encoding
server
cloudflare
/
jonoorgaip.net/
0
0

favicon.ico
jonoorgaip.net/
0
0
Other
General
Full URL
https://jonoorgaip.net/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.23.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://jonoorgaip.net/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false

Response headers

cache-control
public, max-age=315360000
cf-cache-status
HIT
pragma
public
age
451448
cf-ray
8d5bf5fdfe0aac58-YYZ
expires
Wed, 18 Oct 2034 21:04:32 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 20 Oct 2024 21:04:32 GMT
vary
Accept-Encoding
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
datatechone.com
URL
https://datatechone.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853&ruid=d662604a-8cf5-451c-a48e-33c90e2eda4f
Domain
jonoorgaip.net
URL
https://jonoorgaip.net/?z=6118780&syncedCookie=true&rhd=false

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| onLazyPixel object| _nvksp5rgq function| nvksp5rgq boolean| lazyPixelLoaded

11 Cookies

Domain/Path Name / Value
auto-bg.info/ Name: _subid
Value: 3etcneg4rvn812
auto-bg.info/ Name: bc730
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjcxMzBcIjoxNzI5NDU4MjY4fSxcImNhbXBhaWduc1wiOntcIjUxMFwiOjE3Mjk0NTgyNjh9LFwidGltZVwiOjE3Mjk0NTgyNjh9In0.KUlM9c0L6_-3jz_6RMHqWWXkxVJBG3Eyatn8Cul_P5E
gribeorlneka.net/ Name: OAID
Value: 0480fb35f8334406f2d6f0686f9ce444
gribeorlneka.net/ Name: oaidts
Value: 1729458268
gribeorlneka.net/ Name: phpckd8231076
Value: true
gribeorlneka.net/ Name: captcha
Value: player
gribeorlneka.net/ Name: allcnt
Value: 1
jonoorgaip.net/ Name: OAID
Value: 0080fbed7e6e45c8efc8282dfa5ec8c5
jonoorgaip.net/ Name: oaidts
Value: 1729458271
my.rtmark.net/ Name: ID
Value: 0480fb35f8334406f2d6f0686f9ce444
jonoorgaip.net/ Name: captcha
Value: player