shechodsad.com Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://fflivia.xyz/HgJQ64
Effective URL:
https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
Submission: On August 16 via api (August 16th 2024, 10:49:03 am UTC) from US — Scanned from DE

Summary HTTP 25 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 6 domains to perform 25 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is shechodsad.com.
TLS certificate: Issued by WE1 on August 5th 2024. Valid for: 3 months.

This is the only time shechodsad.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3032::6815:3a8f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	2606:4700::68... 2606:4700::6812:bf4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3121::9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	37.48.68.71 37.48.68.71	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
25	5

1 2606:4700:3032::6815:3a8f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

fflivia.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

shechodsad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.shechodsad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bf4 (United States)

ASN13335 (CLOUDFLARENET, US)

littlecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::9 (United States)

ASN13335 (CLOUDFLARENET, US)

cdntechone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.48.68.71 (Amsterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

datatechone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	shechodsad.com shechodsad.com static.shechodsad.com	50 KB
3	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 5822	2 KB
1	datatechone.com datatechone.com — Cisco Umbrella Rank: 42217	467 B
1	cdntechone.com cdntechone.com — Cisco Umbrella Rank: 36596	8 KB
1	littlecdn.com littlecdn.com — Cisco Umbrella Rank: 11987	86 KB
1	fflivia.xyz 1 redirects fflivia.xyz	994 B
25	6

	Domain	Requested by
18	shechodsad.com	shechodsad.com
3	my.rtmark.net	shechodsad.com
1	datatechone.com	cdntechone.com
1	cdntechone.com	shechodsad.com
1	static.shechodsad.com	shechodsad.com
1	littlecdn.com	shechodsad.com
1	fflivia.xyz	1 redirects
25	7

This site contains links to these domains. Also see Links.

Domain
toplaying.pro
glugreez.com

Subject Issuer	Validity	Valid
shechodsad.com WE1	`2024-08-05` - `2024-11-03`	3 months	crt.sh
rtmark.net R11	`2024-07-05` - `2024-10-03`	3 months	crt.sh
littlecdn.com WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh
cdntechone.com WE1	`2024-06-20` - `2024-09-18`	3 months	crt.sh
datatechone.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-10` - `2024-12-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
Frame ID: EE2140DEAED2980408FC01873AD3B2B9
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Schalten Sie einen Cryptomania-Bonus frei!

Page URL History Show full URLs

https://fflivia.xyz/HgJQ64 HTTP 302
https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var... Page URL

Page Statistics

25
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

5
IPs

3
Countries

146 kB
Transfer

206 kB
Size

8
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://toplaying.pro/yz992c?external_id={CLICK_ID}&source=7576379_&ad_campaign_id=zeydoocrypto

Search URL Search Domain Scan URL

URL: https://toplaying.pro/yz992c?external_id=miss_848263535810847599&source=7576379_&ad_campaign_id=zeydoocrypto&land_state=marker_success&land_id=lbKt2FsEy70WXWp&land_generation_time=2024-08-16_05:48:59&land_error_code=&ruid=fc3c0638-418b-4acb-a9d9-a089859f6782&mgeo=de&oaid=f968188fc4eef2a209c3c5179dc1187a&land_type=rtr&isPushSubscribed=false&isPushAlreadySubscribed=false&land_tracker=marker&land_purchase_method=apk

Search URL Search Domain Scan URL

URL: https://glugreez.com/submenu/1128934?var={CLICK_ID}
Title: Go to site

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://fflivia.xyz/HgJQ64 HTTP 302
https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
shechodsad.com/
Redirect Chain

https://fflivia.xyz/HgJQ64
https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0

55 KB
15 KB

201ms
153ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 40f362a068c72c2cbdff67fd6592b4c916408066eedfc809bc97023b1909d977

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8b40daec9e1ebb7d-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 16 Aug 2024 10:48:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fadzwhuTk5heLH2ndJiVoYmZ7cpVDgUIDrSagouQaE6Ua84UoTDPLEWHFOdkzXPOw9HeR3%2FFNfOezzMjROUX6x9oIYviDRKPrCPifUcr7bCO4VkzrR7IrK6JYCSGXISZtg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

Redirect headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8b40daeace609c0a-FRA
content-type: text/html; charset=UTF-8
date: Fri, 16 Aug 2024 10:48:59 GMT
expires: 0
location: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2yDGDNqQ6MfUX02djniQmFzGLPJn6687wp7EKDbbedZE6OrTcmyP8WOZvZo718HsOmEyLRCPoPRHKyJNheo2iU8onq%2Feapnw%2Bwpelqurr5tcC%2FIBFcgoGf0zaJD1GSqOGII%2BVJc894JdPg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
542 B 113ms
37ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=f968188fc4eef2a209c3c5179dc1187a

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

3177023047a0a4ccc34bc7269ca256d2a51580620e5ebfec93425ac83f83483d

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 micro.tag.min.js Show response
shechodsad.com/pfe/current/ 42 KB
16 KB 163ms
163ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_
Requested by: Host: shechodsad.com
URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc00a479f4ebe23919997e8c5477d8724ea50f0e1457cf1bdbb7ac5f1386e57c

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Aug 2024 10:48:59 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 16 Aug 2024 10:33:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66bf2b03-a749"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zErOcs51yEdJekM%2FilRZU3TM3J3eEnFERIq5GTQCTCrAwW9YTR4YKFU1oG%2FeWiQcoht6%2Ff7rad%2B6o5cfOaeVVgq43J5ftuQmQpxtKfFnt2XcqNOafnhq6NOdXqO%2FJJURDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 8b40daedf817bb7d-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 024637545974.png
littlecdn.com/apps/contents/s/5f/25/6e/c53aea84ed721498c84d44cde0/ 85 KB
86 KB 67ms
38ms Image
image/png 2606:4700::6812:bf4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://littlecdn.com/apps/contents/s/5f/25/6e/c53aea84ed721498c84d44cde0/024637545974.png
Requested by: Host: shechodsad.com
URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:bf4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0699128ae622bf13466162b5a1f0c301b3e0f12fb0878b67a42c68a73c3a9cd

Request headers

Referer: https://shechodsad.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1431
alt-svc: h3=":443"; ma=86400
content-length: 87149
last-modified: Tue, 13 Feb 2024 16:07:36 GMT
server: cloudflare
etag: "65cb93c8-1546d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MWGZWrO1wuutXrKvFqQxp8cvg8icyuuJb%2BPWe%2B6oAu%2BmYzfy0msx76xqoCAduCmjcC15pSTbOoWr8KqUjPBfjgmcTiZvIRKXkEnkbk6sX2rkCMn94OzKSgUpaY0FWXAClP%2FU%2BUrV76EJ0Ch5"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
accept-ranges: bytes
cf-ray: 8b40daed8f1437e0-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
543 B 106ms
35ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

da37c25d1ec07f9d3d5640f464e7bd3765069294e89695e2a7e9aeb368bcbf7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 206 default.mp3
static.shechodsad.com/templates/_assets/sounds/blip1/ 7 KB
7 KB 95ms
68ms Media
audio/mpeg 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.shechodsad.com/templates/_assets/sounds/blip1/default.mp3
Requested by: Host: shechodsad.com
URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8

Request headers

Referer: https://shechodsad.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-6711/6712
alt-svc: h3=":443"; ma=86400
Content-Length: 6712
last-modified: Fri, 09 Aug 2024 15:58:33 GMT
server: cloudflare
etag: "66b63ca9-1a38"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: audio/mpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hXKKhpvTmk%2B%2Boy7NPWPmt%2FSMwlMagQlSJIcvkyAQxC3Mq2Mxx8yoQGRwk7wgxuu2XuLWxWksabqjf%2FTLGn3dVAOl8YbHyZpPUGtG5%2BYFBXo53Nrm0mk9mLbRYP3ScyuoRJpwdYVj%2FSs%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-ray: 8b40daed9f7dbb7d-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

POST
H3 200 / Show response
shechodsad.com/ 2 B
530 B 60ms
60ms XHR
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0&mprtr=1
Requested by: Host: shechodsad.com
URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dmnSvgh3txUoh%2FMDSUDVHayY9p5sy%2Fqj8%2BbxMgXe7zEUO4Cxw5q9aIsfbbtaWD3Hfu%2BLWsDEQSL6r21dYxJl9p8RsFfLput9DdeN4QrqcsMO1ojF62noXDlTJkLzx%2BdrPg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8b40daed7f65bb7d-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 rotate Show response
shechodsad.com/ 164 B
899 B 52ms
51ms Fetch
text/plain 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/rotate?zz=7494771&var=7576379&uid=0800bab53c0c45d0e04b42943b466913&var_4=3vlj25mdj4r0&=

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15e56e343fdae6766d3404fe3bd1d6f13bbe45c8c906390307aaa01eab4eae02

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: b1e30d6a163a461189870ca4108c6710
pragma: no-cache
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://shechodsad.com/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1MUs1UeLPfRf8kkBUXQ4QophUmt%2Ff42ZjWPnuPGtxFf1hwOIE%2BBG1ZPBMcY5M8kS6F3uuOzN6ejwX8Xx04%2BeWL7C6Wkt549m1Uc3HOSjjSZX4wCJpovbpkcAragMH%2BvCGg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 8b40daee184dbb7d-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 track-impression-applab Show response
shechodsad.com/ 717 B
1 KB 50ms
50ms Fetch
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/track-impression-applab?z=7576379&b=21181708&ymid=3vlj25mdj4r0&var=&var_3=21181708_&redirect=false&redirectUrl=https%3A%2F%2Ftoplaying.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D7576379_%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DlbKt2FsEy70WXWp%26land_generation_time%3D2024-08-16_05%3A48%3A59%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Df968188fc4eef2a209c3c5179dc1187a%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebe65a76caab11215113761880c348d0c4728a0e33daaed96ec99ba1cbbd0649

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: ec1daa64e3977a9bbede5c3d7cda9821
pragma: no-cache
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J1knA6uLfzQ3iSjsNoEc3CTeHHpOVBPBK7dfI7IYU%2FLyGUHwjFFZbCwGQU31WA3TUS2fC6NBDwry2Cnd6Q%2FWfSKjow4HEjO3RdsrOU7n%2FsLfDf66BX8wldaYVUY3ANoPIg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 8b40daee1851bb7d-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 6304462
shechodsad.com/sw-check-permissions/ 0
1001 B 51ms
51ms Other
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shechodsad.com/sw-check-permissions/6304462?var=7576379&var_3=21181708_&uhd=1&zoneId=6304462
Requested by: Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tm84Y%2BedaqWwHDJB6pB5H8CVDpI%2BivjZrTRP27pVOHZ48mulVAnXnyutVnb1ryVc8jj2M59UBCNX0V96SNZHvRa%2B52bGvbqAPYaEDSkz5zScvo6wBzsnQPzeq1lhXSverw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 8b40daee78d9bb7d-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 custom
shechodsad.com/ 39 B
652 B 58ms
58ms Ping
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/custom

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o2LLAdT0Jb8iutOS4rKXFW7aS%2F%2Bhb%2B7FkMwh6VOCey74Vs7dnTdoNOz905A9KRYO25P7380KV3G38PAGe6kYOF6DJKMdE8OowMG04PUUOe%2F8We9tPc7acXS9z9gLzpTKWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daee78ddbb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

POST
H3 200 zone
shechodsad.com/ 0
565 B 49ms
49ms Ping
text/plain 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/zone?pub=0&zone_id=6304462&is_mobile=false&domain=shechodsad.com&var=7576379&ymid=&var_3=21181708_&var_4=&dsig=&tg=1&sw=3.1.548&trace_id=4c2bb801-ee14-4b81-accf-a6e2ee67d08b&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=&drf=

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rYwOSMaR3pRQvqMw9hjwYDuXJcRyHdSpX%2BE5gRhBNEotsLlQN7g%2FJNzGygcW3ARwngTlpnBf5IQ5Hs93fDzkCFZac3Ig850WnS1xZ2d%2BBDGJvTQY6Pr5oq6b4gdgDGL1ow%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daee78e4bb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H3 200 stattag.js Show response
cdntechone.com/ 16 KB
8 KB 90ms
46ms Script
application/javascript 2a06:98c1:3121::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdntechone.com/stattag.js
Requested by: Host: shechodsad.com
URL: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54862ebdcfa23c67d6de25543e0b22014de8fd8d3d3aed09d615981bbdd76251

Request headers

Referer: https://shechodsad.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Jul 2024 10:23:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4938
etag: W/"668fb2b6-406a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RZ9WW6cCqWrFQxI016vu9w5USiFwsQnZawo9zmiQyq9hS31IUo9qSlEbVfwyuVMAsvzYzOYbG%2FmhUF%2BLem%2FnIwfLiDmpLDfD8%2BkhDGzQZQee6vegRTkfXvJS%2FVx3YDa9hIkDUrkO00DXIAmK2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8b40daeeb9b118f1-FRA
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
alt-svc: h3=":443"; ma=86400

POST
H3 200 custom
shechodsad.com/ 39 B
652 B 86ms
85ms Ping
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/custom

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vzIpRqyFM091uyT40DXeoLpocQCeO%2FrkEdmp966rFyKobBN%2BzKojiBK50naCjE7IE6a5lYCaH2kHVIy%2B0DZfw4ikXTl0gtThI9LwxJcrjBmS%2BD3egjf5ybkM9hE7Fx4xmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daeeb935bb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

POST
H3 200 custom
shechodsad.com/ 39 B
650 B 89ms
88ms Ping
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/custom

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kqiwjOVZMrf%2FBgEdgh8Fm2KtyeaOmcQFPaf7kKvTI9PhemCicpY7aQYLOHFe59R%2BjIp4Jr34ekhOg92NaYsMTvGfAptpVqW3MECnuUArQQJK4uC4%2BNs2y3Bl2Su7wA6HHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daeeb93fbb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

POST
H3 200 custom
shechodsad.com/ 39 B
648 B 75ms
74ms Ping
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/custom

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QtlQCe1L%2FckieEuRrphfmZIB1b3Jer6kBpz4aGF7zlgSAV1DxCpzGs0HLyycM4XxwZXA3dSKWk3JImSJ1JvJz4iYdhIZ8Fe2MsAG2001rNGWW6It2XVzivVfb4jPm6S9Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daee78fabb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
542 B 36ms
36ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=6304462&checkDuplicate=true&ymid=&var=7576379&source=pusher

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

3177023047a0a4ccc34bc7269ca256d2a51580620e5ebfec93425ac83f83483d

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

POST
H3 200 custom
shechodsad.com/ 39 B
655 B 76ms
75ms Ping
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/custom

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vyhgUz0k%2B%2FGyixu4uFTCXMa2bvn8FHNwBLxMponGy%2FijFUhVp5zYM%2BMo8fEK40eHNylmY0hjeEttg8Jy%2B5mAH1KXFPHeM2LkeH0LvqHuBfdlxYsOkM0CKdBvxxDjBz7QEw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daeeb948bb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

GET
H3 204 favicon.ico
shechodsad.com/ 0
413 B 61ms
61ms Other
text/plain 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2Fo65y3PdKAebYMrZH7TT6q2OAYWc%2F2HNbDwqysn5BaVk1yu0Jqm0WZL4YhF6jO4tXXtaYiF5UlQlAUbe8dyAB%2F8AnBhfevFVToKugER1UNDh8lhnhIx1GlOz0n7qGB8vA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
cf-ray: 8b40daee7900bb7d-FRA
alt-svc: h3=":443"; ma=86400

POST
H3 200 custom
shechodsad.com/ 39 B
655 B 88ms
88ms Ping
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/custom

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o3rUAVW4iNyCut85fn1qDzq2NjX7N%2FzzS5jjn%2B1BWH2cw590ZOd%2FtrfEhN5vhfgJHNbeqw4YUn%2Bvgg9bShZb11QROBAyq1w8UQK2x8RoiF1%2BWL4rpF8S%2FFKETnNPRHn5xw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daee7907bb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

GET
H3 200 zone Show response
shechodsad.com/ 792 B
1 KB 104ms
104ms Fetch
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/zone?pub=0&zone_id=6304462&is_mobile=false&domain=shechodsad.com&var=7576379&ymid=&var_3=21181708_&var_4=&dsig=&tg=1&sw=3.1.548&trace_id=4c2bb801-ee14-4b81-accf-a6e2ee67d08b&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd882184ccd810f9a8e31930d03260ca4609173d3c30b1415cc013b36d728820

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 10:48:59 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q7ljGtFXCNtL2Jmoi5n6CSZ11n918pub0tXOLq75X%2FSejdJmGIrO15xqijgwhDKDcD2Di54GTTCJG%2FGeW6eOwWE9y256VUdstJtwb7AdJ%2FN5R9Lg6geUIb2xCCh3Jbh4bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 8b40daeed97dbb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

POST
H3 200 custom
shechodsad.com/ 39 B
648 B 73ms
71ms Ping
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/custom

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 16 Aug 2024 10:49:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W4Ofe4CPI3ZvZqBbxI5VgfsoxSF6qAqJFppqrFiuIjt1qDcK4snNkYFlijzA2MurKLq0k5Fi7I97%2BSlHbr0FqeAmTyZiJnrhueY7i8JCqtERotnSTIUWGuyFoEK4Uw2JRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daeee997bb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

POST
H/1.1 200
OK add Show response
datatechone.com/log/ 2 B
467 B 124ms
37ms XHR
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=9e15a378-84e8-4cf2-909d-367be3840fee
Requested by: Host: cdntechone.com
URL: https://cdntechone.com/stattag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://shechodsad.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 16 Aug 2024 10:49:00 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://shechodsad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 2

POST
H3 200 custom
shechodsad.com/ 39 B
654 B 50ms
50ms Ping
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/custom

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 16 Aug 2024 10:49:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tBzN33Q1xLCKbauNKQNw1nZp25zwygPsIdg4vrjQgg7y3CNpPdor%2Blvi7GPa7Y%2BpyWBfSClQ6zRzadQJIKubZxG3Ri8Lf3e9DImZc7%2FhEkhsnkqKUyx6%2F5ICe7Txpg%2FOoA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daef5a75bb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

POST
H3 200 custom
shechodsad.com/ 39 B
655 B 47ms
46ms Ping
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shechodsad.com/custom

Requested by

Host: shechodsad.com
URL: https://shechodsad.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=7576379&sw=/sw-check-permissions/6304462&var_3=21181708_

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://shechodsad.com/?l=lbKt2FsEy70WXWp&b=21181708&z=7576379&s={CLICK_ID}&campid={campaignid}&var=&ymid=3vlj25mdj4r0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 16 Aug 2024 10:49:01 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qL7M%2B6slwWteYfxnFvPPL2qalA02jguq1V1PCgwzBbdfebOk%2Bn%2FFq4A%2FrSE9QQdHZ1CYDjxaa%2B6WOkCtW9GlF4EZ98V8zA%2BmyvKz9DonewuVvadf7YGnTRlRB4i58y4VIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shechodsad.com
access-control-allow-credentials: true
cf-ray: 8b40daf60d86bb7d-FRA
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
fflivia.xyz/	1970-01-20 23:34:43	Name: _subid Value: 3vlj25mdj4r0
fflivia.xyz/	1970-01-21 08:26:05	Name: dcf49 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0MDZcIjoxNzIzODA1MzM5fSxcImNhbXBhaWduc1wiOntcIjEwODZcIjoxNzIzODA1MzM5fSxcInRpbWVcIjoxNzIzODA1MzM5fSJ9.BkUo2McLxz5g6VBmEdw2jujn209T1KkPrnlJx2B4GtQ
fflivia.xyz/	1970-01-20 23:34:43	Name: _token Value: uuid_3vlj25mdj4r0_3vlj25mdj4r066bf2e9b648084.47784293
shechodsad.com/	1970-01-20 22:50:08	Name: reverse Value: s2Q30AhnuhJNc7Wm3GGWdWvT4Uw4XLazP5CQFymQwdk
shechodsad.com/	1970-01-21 07:35:41	Name: OAID Value: f968188fc4eef2a209c3c5179dc1187a
shechodsad.com/	1970-01-21 08:26:05	Name: oaidts Value: 1723805339
my.rtmark.net/	1970-01-21 07:35:41	Name: ID Value: f968188fc4eef2a209c3c5179dc1187a
shechodsad.com/	1970-01-20 23:00:10	Name: syncedCookie Value: true

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdntechone.com
datatechone.com
fflivia.xyz
littlecdn.com
my.rtmark.net
shechodsad.com
static.shechodsad.com
139.45.195.8
188.114.96.3
2606:4700:3032::6815:3a8f
2606:4700::6812:bf4
2a06:98c1:3121::9
37.48.68.71
15e56e343fdae6766d3404fe3bd1d6f13bbe45c8c906390307aaa01eab4eae02
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
3177023047a0a4ccc34bc7269ca256d2a51580620e5ebfec93425ac83f83483d
40f362a068c72c2cbdff67fd6592b4c916408066eedfc809bc97023b1909d977
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8
54862ebdcfa23c67d6de25543e0b22014de8fd8d3d3aed09d615981bbdd76251
a0699128ae622bf13466162b5a1f0c301b3e0f12fb0878b67a42c68a73c3a9cd
da37c25d1ec07f9d3d5640f464e7bd3765069294e89695e2a7e9aeb368bcbf7a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebe65a76caab11215113761880c348d0c4728a0e33daaed96ec99ba1cbbd0649
fc00a479f4ebe23919997e8c5477d8724ea50f0e1457cf1bdbb7ac5f1386e57c
fd882184ccd810f9a8e31930d03260ca4609173d3c30b1415cc013b36d728820
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

shechodsad.com Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

25 Requests

100 %HTTPS

50 %IPv6

6 Domains

7 Subdomains

5 IPs

3 Countries

146 kBTransfer

206 kBSize

8 Cookies

3 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

40 JavaScript Global Variables

8 Cookies

Indicators

shechodsad.com Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

5
IPs

3
Countries

146 kB
Transfer

206 kB
Size

8
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!