roots.baby Open in urlscan Pro
3.126.48.135 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://wildzontracking.lol/fdthrdyjfukygl/fgyuuio34/index.php?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e...
Effective URL:
https://roots.baby/double?t=2&d=eyJVUkwiOiJodHRwczovL3MuY2xpY2suYWxpZXhwcmVzcy5jb20vZS9fRERwcGpGdj9kcD1hR3N4REUxelM...
Submission: On October 29 via api (October 29th 2024, 3:18:36 am UTC) from US — Scanned from DE

Summary HTTP 21 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 21 HTTP transactions. The main IP is 3.126.48.135, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is roots.baby.
TLS certificate: Issued by R11 on October 25th 2024. Valid for: 3 months.

This is the only time roots.baby was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	143.198.167.92 143.198.167.92	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 2	2600:9000:225... 2600:9000:2250:c00:4:96c:4500:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:266... 2600:9000:266e:a800:1e:11ec:5100:93a1	16509 (AMAZON-02) (AMAZON-02)
2 12	184.24.77.76 184.24.77.76	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:170... 2a02:26f0:1700:391::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	2a02:26f0:710... 2a02:26f0:7100:594::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	3.126.48.135 3.126.48.135	16509 (AMAZON-02) (AMAZON-02)
21	8

1 143.198.167.92 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: 901815.cloudwaysapps.com

wildzontracking.lol	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2250:c00:4:96c:4500:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pokjuhfdesw.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:266e:a800:1e:11ec:5100:93a1 (United States)

ASN16509 (AMAZON-02, US)

ecewfiu97.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 184.24.77.76 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-24-77-76.deploy.static.akamaitechnologies.com

ak.itponytaa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:1700:391::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:594::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.48.135 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-48-135.eu-central-1.compute.amazonaws.com

roots.baby	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	itponytaa.com 2 redirects ak.itponytaa.com — Cisco Umbrella Rank: 123957	37 KB
3	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1607 c.go-mpulse.net — Cisco Umbrella Rank: 772	50 KB
2	roots.baby roots.baby	4 KB
2	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 10912	997 B
2	pokjuhfdesw.site 1 redirects pokjuhfdesw.site	2 KB
1	ecewfiu97.shop ecewfiu97.shop	843 B
1	wildzontracking.lol 1 redirects wildzontracking.lol	169 B
0	aliexpress.com Failed s.click.aliexpress.com Failed
21	8

	Domain	Requested by
12	ak.itponytaa.com	2 redirects ecewfiu97.shop ak.itponytaa.com
2	roots.baby
2	my.rtmark.net	ak.itponytaa.com
2	s.go-mpulse.net	ak.itponytaa.com
2	pokjuhfdesw.site	1 redirects
1	c.go-mpulse.net	s.go-mpulse.net
1	ecewfiu97.shop	pokjuhfdesw.site
1	wildzontracking.lol	1 redirects
0	s.click.aliexpress.com Failed
21	9

This site contains links to these domains. Also see Links.

Domain
s.click.aliexpress.com

Subject Issuer	Validity	Valid
pokjuhfdesw.site Amazon RSA 2048 M02	`2024-10-22` - `2025-11-20`	a year	crt.sh
ecewfiu97.shop Amazon RSA 2048 M02	`2024-06-10` - `2025-07-09`	a year	crt.sh
ak.hetaruwg.com R10	`2024-09-26` - `2024-12-25`	3 months	crt.sh
akstat.io DigiCert TLS RSA SHA256 2020 CA1	`2024-07-31` - `2025-07-31`	a year	crt.sh
rtmark.net R11	`2024-08-30` - `2024-11-28`	3 months	crt.sh
roots.baby R11	`2024-10-25` - `2025-01-23`	3 months	crt.sh

This page contains 1 frames:

Frame: https://s.click.aliexpress.com/e/_DDppjFv?dp=aGsxDE1zS1pG&af=aOfQ4sWtKiTJ
Frame ID: 584FDB8C26F07D1F3C960EEFD34DAC5A
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Redirection...

Page URL History Show full URLs

http://wildzontracking.lol/fdthrdyjfukygl/fgyuuio34/index.php?v1=143980&v2=59343&v3=sweepstakes&cid=650... HTTP 307
https://wildzontracking.lol/fdthrdyjfukygl/fgyuuio34/index.php?v1=143980&v2=59343&v3=sweepstakes&cid=650... HTTP 302
https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab?v1=143980&v2=59343&v3=sweepstakes&cid=6... HTTP 307
https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab/2?v1=143980&v2=59343&v3=sweepstakes&cid... Page URL
https://ecewfiu97.shop/redirect?target=BASE64aHR0cHM6Ly9hay5pdHBvbnl0YWEuY29tL2FmdS5waHA_em9uZWlkPT... Page URL
https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq Page URL
https://ak.itponytaa.com/?z=6000041&syncedCookie=true&rhd=false HTTP 302
https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x Page URL
https://ak.itponytaa.com/?z=6118780&syncedCookie=false&rhd=false HTTP 302
https://roots.baby/click?trvid=15371&extid=874966973304546169&var1=6118780&var2=22381686&var3=8... Page URL
https://roots.baby/double?t=2&d=eyJVUkwiOiJodHRwczovL3MuY2xpY2suYWxpZXhwcmVzcy5jb20vZS9fRERwcGp... Page URL

Page Statistics

21
Requests

90 %
HTTPS

50 %
IPv6

8
Domains

9
Subdomains

8
IPs

3
Countries

91 kB
Transfer

481 kB
Size

10
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://s.click.aliexpress.com/e/_DDppjFv?dp=aGsxDE1zS1pG&af=aOfQ4sWtKiTJ
Title: Or click here to continue.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://wildzontracking.lol/fdthrdyjfukygl/fgyuuio34/index.php?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36 HTTP 307
https://wildzontracking.lol/fdthrdyjfukygl/fgyuuio34/index.php?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36 HTTP 302
https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36 HTTP 307
https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab/2?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36 Page URL
https://ecewfiu97.shop/redirect?target=BASE64aHR0cHM6Ly9hay5pdHBvbnl0YWEuY29tL2FmdS5waHA_em9uZWlkPTYwMDAwNDEmdmFyPTE0Mzk4MCZ5bWlkPXdlZjMzdjEzdXVvanZiNzUzZTl0bmZ2cQ&ts=1730171899194&hash=e5RcSYDI7vsdQuodrMCRdWl5KeEkC9uhb78JdS6hNLg&rm=DJ Page URL
https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq Page URL
https://ak.itponytaa.com/?z=6000041&syncedCookie=true&rhd=false HTTP 302
https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x Page URL
https://ak.itponytaa.com/?z=6118780&syncedCookie=false&rhd=false HTTP 302
https://roots.baby/click?trvid=15371&extid=874966973304546169&var1=6118780&var2=22381686&var3=8783436&var4=84.150.164.130&var5=chrome&var6=linux&var7=unspecified_linux&var8=rp&var9=de&var10=130 Page URL
https://roots.baby/double?t=2&d=eyJVUkwiOiJodHRwczovL3MuY2xpY2suYWxpZXhwcmVzcy5jb20vZS9fRERwcGpGdj9kcD1hR3N4REUxelMxcEdcdTAwMjZhZj1hT2ZRNHNXdEtpVEoiLCJSZWRpcmVjdFdvcmRpbmciOiJZb3UgYXJlIGJlaW5nIGF1dG9tYXRpY2FsbHkgcmVkaXJlY3RlZC4iLCJSZWRpcmVjdFRpdGxlIjoiUmVkaXJlY3Rpb24uLi4iLCJSZWRpcmVjdExpbmtUZXh0IjoiT3IgY2xpY2sgaGVyZSB0byBjb250aW51ZS4iLCJJbnN0YWxsSWQiOjM3MjV9 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://wildzontracking.lol/fdthrdyjfukygl/fgyuuio34/index.php?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36 HTTP 307
https://wildzontracking.lol/fdthrdyjfukygl/fgyuuio34/index.php?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36 HTTP 302
https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36 HTTP 307
https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab/2?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36

Request Chain 9

https://ak.itponytaa.com/?z=6000041&syncedCookie=true&rhd=false HTTP 302
https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x

Request Chain 16

https://ak.itponytaa.com/?z=6118780&syncedCookie=false&rhd=false HTTP 302
https://roots.baby/click?trvid=15371&extid=874966973304546169&var1=6118780&var2=22381686&var3=8783436&var4=84.150.164.130&var5=chrome&var6=linux&var7=unspecified_linux&var8=rp&var9=de&var10=130

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

2
pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab/
Redirect Chain

http://wildzontracking.lol/fdthrdyjfukygl/fgyuuio34/index.php?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36
https://wildzontracking.lol/fdthrdyjfukygl/fgyuuio34/index.php?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36
https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36
https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab/2?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36

816 B
2 KB

12ms
12ms

Document
text/html

2600:9000:2250:c00:4:96c:4500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab/2?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:c00:4:96c:4500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-type: text/html;charset=UTF-8
date: Tue, 29 Oct 2024 03:18:19 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
via: 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront)
x-amz-cf-id: HChNkEmXd-3jnuyOkWdGVExid6wwq72cNChzMMxzrJqErJ-QAY36xQ==
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront

Redirect headers

accept-ch: sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-full-version-list,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 0
date: Tue, 29 Oct 2024 03:18:19 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab/2?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36
pragma: no-cache
server: nginx
via: 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront)
x-amz-cf-id: gkTGivUCFMdrhh21LBl6ZoSpPwrhR2mgPxBVAZM04cD9-Fp8TdcTWg==
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront

GET
H2 200 redirect
ecewfiu97.shop/ 514 B
843 B 166ms
10ms Document
text/html 2600:9000:266e:a800:1e:11ec:5100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ecewfiu97.shop/redirect?target=BASE64aHR0cHM6Ly9hay5pdHBvbnl0YWEuY29tL2FmdS5waHA_em9uZWlkPTYwMDAwNDEmdmFyPTE0Mzk4MCZ5bWlkPXdlZjMzdjEzdXVvanZiNzUzZTl0bmZ2cQ&ts=1730171899194&hash=e5RcSYDI7vsdQuodrMCRdWl5KeEkC9uhb78JdS6hNLg&rm=DJ
Requested by: Host: pokjuhfdesw.site
URL: https://pokjuhfdesw.site/00279d23-2737-433a-b8a2-ce2fd10b41ab/2?v1=143980&v2=59343&v3=sweepstakes&cid=6508274a-0389-4bb3-960e-9761b5995d36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:266e:a800:1e:11ec:5100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-type: text/html;charset=UTF-8
date: Tue, 29 Oct 2024 03:18:19 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
via: 1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-id: 9X0f6kijRqTQmRP_oG9pDOp5pWwJsm9SzrZifnKblgXUEYX7JdZ7VA==
x-amz-cf-pop: FRA56-P8
x-cache: Miss from cloudfront

GET
H2 200 afu.php Show response
ak.itponytaa.com/ 34 KB
15 KB 369ms
68ms Document
text/html 184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq

Requested by

Host: ecewfiu97.shop
URL: https://ecewfiu97.shop/redirect?target=BASE64aHR0cHM6Ly9hay5pdHBvbnl0YWEuY29tL2FmdS5waHA_em9uZWlkPTYwMDAwNDEmdmFyPTE0Mzk4MCZ5bWlkPXdlZjMzdjEzdXVvanZiNzUzZTl0bmZ2cQ&ts=1730171899194&hash=e5RcSYDI7vsdQuodrMCRdWl5KeEkC9uhb78JdS6hNLg&rm=DJ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-24-77-76.deploy.static.akamaitechnologies.com

Software

Resource Hash

df6c14c91d0835f64211c044fb0058bc391e839408f86052a004aa0dac1ad79b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 14743
content-type: text/html; charset=utf8
date: Tue, 29 Oct 2024 03:18:20 GMT
expires: Tue, 29 Oct 2024 03:18:20 GMT
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache
server-timing: cdn-cache; desc=MISS edge; dur=47 origin; dur=4 ak_p; desc="1730171900287_389467980_27623916_5043_948_18_249_255";dur=1
strict-transport-security: max-age=1
timing-allow-origin: * *
vary: Accept-Encoding
x-akamai-transformed: 9 13785 0 pmb=mRUM,1
x-content-type-options: nosniff
x-trace-id: 64e1c1a694d0771d247ce54eaad687b4

GET
H2 200 6WL56-FSD2M-ZCAVG-BJ5B7-474ZA Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 187ms
22ms Script
application/javascript 2a02:26f0:1700:391::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/6WL56-FSD2M-ZCAVG-BJ5B7-474ZA
Requested by: Host: ak.itponytaa.com
URL: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:391::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://ak.itponytaa.com/

Response headers

cache-control: max-age=604800
timing-allow-origin: *
content-encoding: br
customappheader: mpulse-ab-boomr__git__361fdb1__git__361fdb1__p19.alsi10-lite
content-length: 50393
date: Tue, 29 Oct 2024 03:18:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 10 Jul 2024 23:41:50 GMT
vary: Accept-Encoding

POST
H2 200 add Show response
ak.itponytaa.com/log/ 12 B
549 B 26ms
25ms XHR
application/json 184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.itponytaa.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=691052ca-efaa-4c77-a6a2-1da81b606c94

Requested by

Host: ak.itponytaa.com
URL: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-24-77-76.deploy.static.akamaitechnologies.com

Software

Resource Hash

fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq

Response headers

strict-transport-security: max-age=1
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
pragma: no-cache
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
expires: Tue, 29 Oct 2024 03:18:21 GMT
access-control-allow-origin: https://ak.itponytaa.com
server-timing: edge; dur=2, origin; dur=9, cdn-cache; desc=MISS, ak_p; desc="1730171901433_389467980_27624635_1118_971_14_0_219";dur=1
content-length: 12
date: Tue, 29 Oct 2024 03:18:21 GMT
content-type: application/json; charset=utf-8
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match

GET
H2 200 img.gif
my.rtmark.net/ 43 B
491 B 305ms
232ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=008104fa09f54727f093a74c1d814778&z=6000041&p_rid=691052ca-efaa-4c77-a6a2-1da81b606c94&p_src=sf

Requested by

Host: ak.itponytaa.com
URL: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://ak.itponytaa.com/

Response headers

strict-transport-security: max-age=1
access-control-expose-headers: Authorization
timing-allow-origin: *, *
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
x-content-type-options: nosniff
access-control-allow-origin: *
content-length: 43
date: Tue, 29 Oct 2024 03:18:21 GMT
content-type: image/gif
server: nginx
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token

GET
H2 200 sftouch
ak.itponytaa.com/ 43 B
717 B 30ms
26ms Image
image/gif 184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ak.itponytaa.com/sftouch?userId=008104fa09f54727f093a74c1d814778&z=6000041&p_rid=691052ca-efaa-4c77-a6a2-1da81b606c94&p_src=sf&branchId=0&rb=AARE-HdDY5vzj6NGS-GdUOBMsSLYtS8K8SRkxKQXRwklaHDDyreXIDi-L4SFNYnzZQ4mZcWruEH9K4DxUXIswKStRpBDKLB_B_3m0ASzg82CJWbvbgRsw5oxECDgvqk7R_QqnyVxIg1XzoKWVQvYzolTBYzHa258hL06KPaqhQBMSbuq6QHhnDohP9OS4Rk8cQU6gf8m8ty38RFXdPyR1i_rrMHjwgYKa1xYrqlgE6QGZu73_4UOzwTHqO_o2jbQQGBAsCEyl7O218aMOtgctd9BkBgbFga1Y2BqUs9zhK-n2ymmzf4iXwaQx1yEW5E-4Q0IzQIg5SmyP7ihhfOCnA==&w_img=1

Requested by

Host: ak.itponytaa.com
URL: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-24-77-76.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq

Response headers

access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:18:21 GMT
server-timing: edge; dur=1, origin; dur=9, cdn-cache; desc=MISS, ak_p; desc="1730171901582_389467980_27624747_969_812_14_0_146";dur=1
date: Tue, 29 Oct 2024 03:18:21 GMT
content-type: image/gif
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
strict-transport-security: max-age=1
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *, *
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
pragma: no-cache
access-control-allow-credentials: true
x-trace-id: f73a2b037b7bd4b71c88bdf274ea4974
access-control-allow-origin: *
content-length: 43

POST
H2 200 add
ak.itponytaa.com/async_log/ 0
511 B 30ms
27ms XHR
text/plain 184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.itponytaa.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=691052ca-efaa-4c77-a6a2-1da81b606c94

Requested by

Host: ak.itponytaa.com
URL: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-24-77-76.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq

Response headers

strict-transport-security: max-age=1
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
pragma: no-cache
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
expires: Tue, 29 Oct 2024 03:18:21 GMT
access-control-allow-origin: https://ak.itponytaa.com
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=3, ak_p; desc="1730171901581_389467980_27624746_1169_866_14_0_219";dur=1
content-length: 0
date: Tue, 29 Oct 2024 03:18:21 GMT
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match

GET
H2 200 config.json
c.go-mpulse.net/api/ 51 B
214 B 815ms
53ms XHR
application/json 2a02:26f0:7100:594::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=6WL56-FSD2M-ZCAVG-BJ5B7-474ZA&d=ak.itponytaa.com&t=5767240&v=1.720.0&sl=0&si=e99b9640-24f9-4bea-9211-ee5b545e9cc6-sm3l6k&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=812020
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/6WL56-FSD2M-ZCAVG-BJ5B7-474ZA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:594::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://ak.itponytaa.com/

Response headers

access-control-allow-origin: *
cache-control: private, max-age=120, stale-while-revalidate=60, stale-if-error=120
content-length: 51
alt-svc: h3=":443"; ma=93600
timing-allow-origin: *
date: Tue, 29 Oct 2024 03:18:22 GMT
content-type: application/json

GET
H2

200

6118780 Show response
ak.itponytaa.com/4/
Redirect Chain

https://ak.itponytaa.com/?z=6000041&syncedCookie=true&rhd=false
https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x

34 KB
15 KB

52ms
47ms

Document
text/html

184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-24-77-76.deploy.static.akamaitechnologies.com

Software

Resource Hash

e652c287346c112bed655ae1598f78810f5db3b9394d2475c1f587eddfaaf089

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ak.itponytaa.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 14685
content-type: text/html; charset=utf8
date: Tue, 29 Oct 2024 03:18:22 GMT
expires: Tue, 29 Oct 2024 03:18:22 GMT
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache
server-timing: cdn-cache; desc=MISS edge; dur=13 origin; dur=9 ak_p; desc="1730171902345_389467980_27625371_2223_962_13_0_255";dur=1
strict-transport-security: max-age=1
timing-allow-origin: * *
vary: Accept-Encoding
x-akamai-transformed: 9 13720 0 pmb=mRUM,1
x-content-type-options: nosniff
x-trace-id: 3641ee374c68033bc53691abce00e8e0

Redirect headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://ak.itponytaa.com
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-length: 0
date: Tue, 29 Oct 2024 03:18:22 GMT
expires: Tue, 29 Oct 2024 03:18:22 GMT
link: <https://ak.itponytaa.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location: https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x
pragma: no-cache
referrer-policy: no-referrer
server-timing: cdn-cache; desc=MISS edge; dur=10 origin; dur=22 ak_p; desc="1730171902285_389467980_27625314_3191_966_13_0_255";dur=1
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff
x-trace-id: 281a80891224a3efa47db4f840f7b988

GET favicon.ico
ak.itponytaa.com/ 0
0

GET
H2 200 6WL56-FSD2M-ZCAVG-BJ5B7-474ZA
s.go-mpulse.net/boomerang/ 205 KB
0 37ms
37ms Script
application/javascript 2a02:26f0:1700:391::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/6WL56-FSD2M-ZCAVG-BJ5B7-474ZA
Requested by: Host: ak.itponytaa.com
URL: https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:391::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://ak.itponytaa.com/

Response headers

cache-control: max-age=604800
timing-allow-origin: *
content-encoding: br
customappheader: mpulse-ab-boomr__git__361fdb1__git__361fdb1__p19.alsi10-lite
content-length: 50393
date: Tue, 29 Oct 2024 03:18:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 10 Jul 2024 23:41:50 GMT
vary: Accept-Encoding

POST
H2 200 img.gif
my.rtmark.net/ 43 B
506 B 69ms
13ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=008104fa09f54727f093a74c1d814778&z=6118780&p_rid=559d75f5-deda-4e15-8dd6-70a1d001be75&p_src=sf

Requested by

Host: ak.itponytaa.com
URL: https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://ak.itponytaa.com/

Response headers

strict-transport-security: max-age=1
access-control-expose-headers: Authorization
timing-allow-origin: *, *
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
x-content-type-options: nosniff
access-control-allow-origin: https://ak.itponytaa.com
content-length: 43
date: Tue, 29 Oct 2024 03:18:22 GMT
content-type: image/gif
server: nginx
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token

POST
H2 200 add
ak.itponytaa.com/log/ 12 B
550 B 69ms
29ms XHR
application/json 184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.itponytaa.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=559d75f5-deda-4e15-8dd6-70a1d001be75

Requested by

Host: ak.itponytaa.com
URL: https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-24-77-76.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x

Response headers

strict-transport-security: max-age=1
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
pragma: no-cache
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
expires: Tue, 29 Oct 2024 03:18:22 GMT
access-control-allow-origin: https://ak.itponytaa.com
server-timing: edge; dur=1, origin; dur=12, cdn-cache; desc=MISS, ak_p; desc="1730171902635_389467980_27625587_1367_758_14_0_219";dur=1
content-length: 12
date: Tue, 29 Oct 2024 03:18:22 GMT
content-type: application/json; charset=utf-8
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match

GET
H2 204 favicon.ico
ak.itponytaa.com/ 0
241 B 54ms
20ms Other
text/plain 184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.itponytaa.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-76.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x

Response headers

cache-control: public, must-revalidate, proxy-revalidate, max-age=2591983
server-timing: cdn-cache; desc=HIT, edge; dur=4, origin; dur=0, ak_p; desc="1730171902634_389467980_27625588_408_711_14_0_219";dur=1
pragma: public
date: Tue, 29 Oct 2024 03:18:22 GMT

GET
H2 200 sftouch
ak.itponytaa.com/ 43 B
719 B 52ms
34ms Image
image/gif 184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ak.itponytaa.com/sftouch?userId=008104fa09f54727f093a74c1d814778&z=6118780&p_rid=559d75f5-deda-4e15-8dd6-70a1d001be75&p_src=sf&branchId=0&rb=AcHLTqGNg5JXSg3bruN2Y2162HHf90htUmsDCTv5Jm2yuWHFL1p0wGsOl1hbW45W5nvMQomIQCT4zQPLiSz7KJEGvBuh-ouByfQnnjOyRRW0rwhoDtsPPvPG7UEWEx3Y5Piq_Hg7tqIiIraji9nhYUFP6Dc2UOpK-4V0WacfaptDkRZV14QMcls5cOkudK6LU4rmL1CEK5Mku3tcBxAEK3fFvQUEGWePIyulR6dNZpcpfNhIhiW4JTGDb07r7TCqZxTQMuoi6haA0CWTOH0QLF8hWf9_lE3zf_UkBUeLZJVvXJx8WBgpBg==&w_img=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-24-77-76.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x

Response headers

access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 03:18:22 GMT
server-timing: edge; dur=1, origin; dur=13, cdn-cache; desc=MISS, ak_p; desc="1730171902904_389467980_27625841_1370_1091_13_0_146";dur=1
date: Tue, 29 Oct 2024 03:18:22 GMT
content-type: image/gif
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
strict-transport-security: max-age=1
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *, *
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
pragma: no-cache
access-control-allow-credentials: true
x-trace-id: fb63c0d09f2cf8ddc78bdb5a50044673
access-control-allow-origin: *
content-length: 43

GET
H2

200

click
roots.baby/
Redirect Chain

https://ak.itponytaa.com/?z=6118780&syncedCookie=false&rhd=false
https://roots.baby/click?trvid=15371&extid=874966973304546169&var1=6118780&var2=22381686&var3=8783436&var4=84.150.164.130&var5=chrome&var6=linux&var7=unspecified_linux&var8=rp&var9=de&var10=130

1 KB
3 KB

341ms
16ms

Document
text/html

3.126.48.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://roots.baby/click?trvid=15371&extid=874966973304546169&var1=6118780&var2=22381686&var3=8783436&var4=84.150.164.130&var5=chrome&var6=linux&var7=unspecified_linux&var8=rp&var9=de&var10=130
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.126.48.135 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-48-135.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ak.itponytaa.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
content-length: 1266
content-type: text/html; charset=utf-8
date: Tue, 29 Oct 2024 03:18:23 GMT
expires: Thu, 01 Jan 1970 00:00:00 UTC
pragma: no-cache
server: nginx

Redirect headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://ak.itponytaa.com
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-length: 0
date: Tue, 29 Oct 2024 03:18:23 GMT
expires: Tue, 29 Oct 2024 03:18:23 GMT
link: <https://roots.baby>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location: https://roots.baby/click?trvid=15371&extid=874966973304546169&var1=6118780&var2=22381686&var3=8783436&var4=84.150.164.130&var5=chrome&var6=linux&var7=unspecified_linux&var8=rp&var9=de&var10=130
pragma: no-cache
referrer-policy: no-referrer
server-timing: edge; dur=1 origin; dur=111 cdn-cache; desc=MISS ak_p; desc="1730171903166_389467980_27626065_11090_818_13_0_255";dur=1
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff
x-trace-id: 58af80c677f4071a24edb2f9b659da76

POST
H2 200 add
ak.itponytaa.com/async_log/ 0
512 B 51ms
30ms XHR
text/plain 184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.itponytaa.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=559d75f5-deda-4e15-8dd6-70a1d001be75

Requested by

Host: ak.itponytaa.com
URL: https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-24-77-76.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://ak.itponytaa.com/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false

Response headers

strict-transport-security: max-age=1
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
pragma: no-cache
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
expires: Tue, 29 Oct 2024 03:18:22 GMT
access-control-allow-origin: https://ak.itponytaa.com
server-timing: cdn-cache; desc=MISS, edge; dur=9, origin; dur=8, ak_p; desc="1730171902904_389467980_27625840_1724_1136_13_0_219";dur=1
content-length: 0
date: Tue, 29 Oct 2024 03:18:22 GMT
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match

GET
H2 204 favicon.ico
ak.itponytaa.com/ 0
0 24ms
24ms Other
text/plain 184.24.77.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.itponytaa.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.76 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-76.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://ak.itponytaa.com/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false

Response headers

cache-control: public, must-revalidate, proxy-revalidate, max-age=2591983
server-timing: cdn-cache; desc=HIT, edge; dur=4, origin; dur=0, ak_p; desc="1730171902634_389467980_27625588_408_711_14_0_219";dur=1
pragma: public
date: Tue, 29 Oct 2024 03:18:22 GMT

GET
H2 200 Primary Request double Show response
roots.baby/ 733 B
913 B 8ms
7ms Document
text/html 3.126.48.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://roots.baby/double?t=2&d=eyJVUkwiOiJodHRwczovL3MuY2xpY2suYWxpZXhwcmVzcy5jb20vZS9fRERwcGpGdj9kcD1hR3N4REUxelMxcEdcdTAwMjZhZj1hT2ZRNHNXdEtpVEoiLCJSZWRpcmVjdFdvcmRpbmciOiJZb3UgYXJlIGJlaW5nIGF1dG9tYXRpY2FsbHkgcmVkaXJlY3RlZC4iLCJSZWRpcmVjdFRpdGxlIjoiUmVkaXJlY3Rpb24uLi4iLCJSZWRpcmVjdExpbmtUZXh0IjoiT3IgY2xpY2sgaGVyZSB0byBjb250aW51ZS4iLCJJbnN0YWxsSWQiOjM3MjV9
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.126.48.135 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-48-135.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3d1d8456e5094582b19ea98fdd14a8398227df9d764cbfacde304016e89ab719

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
content-length: 733
content-type: text/html; charset=utf-8
date: Tue, 29 Oct 2024 03:18:25 GMT
expires: Thu, 01 Jan 1970 00:00:00 UTC
pragma: no-cache
server: nginx

GET _DDppjFv
s.click.aliexpress.com/e/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ak.itponytaa.com
URL: https://ak.itponytaa.com/favicon.ico

Domain: s.click.aliexpress.com
URL: https://s.click.aliexpress.com/e/_DDppjFv?dp=aGsxDE1zS1pG&af=aOfQ4sWtKiTJ

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pokjuhfdesw.site/	1970-01-21 00:37:38	Name: 00279d23-2737-433a-b8a2-ce2fd10b41ab-v4 Value: BD9dUOR6z4CsvhxOmq1mzKVsQ9eGk4CA8KmeVcTwefQ
.pokjuhfdesw.site/	1970-01-21 09:21:47	Name: cc-v4 Value: GO7YU%2FJap01BtyQ3G%2BR3H80ZLcSZ47qQkDHZRpJcUffK0mZxD6jMZu5SKb2EMFADjq7JQRH4Z%2F8hGrGajgt%2FHlsMXNoac6oGo%2FcMR66h9B2gOO1XZqp%2FgeqOPADpQ8O3mBvbyqrn1IECiOxY2QivQQ%3D%3D
ak.itponytaa.com/	1970-01-21 09:21:47	Name: OAID Value: 008104fa09f54727f093a74c1d814778
ak.itponytaa.com/	1970-01-21 09:21:47	Name: oaidts Value: 1730171900
my.rtmark.net/	1970-01-21 09:21:47	Name: ID Value: 008104fa09f54727f093a74c1d814778
ak.itponytaa.com/	1970-01-21 00:46:16	Name: syncedCookie Value: true
ak.itponytaa.com/	1970-01-21 00:36:15	Name: captcha Value: system
roots.baby/	1970-01-21 01:19:23	Name: ClickDataNG Value: H4sIAAAAAAAA_2RU227jNhD9FWGedgFBFk3dzEJYpHY22ybuBcl2-1AgoKWxw0YmiSGl2nv594KS43ix0IvOmRnOhWf4BQYkp4wGASxJkxRi8EeLINIYXL95ePlvjB6QPLYgtrJzGEPTqeb5lxYEyBt3WF2zz_fM3kAMrfQIgpU8ZSVbpDyGRu6tVDsdvFnOSxaDcss_rs5nkfHSKzM65LzkMVDfYUBpDIStImz8Gv2TCQ4xONNTM9pZDJ3UrdK7k_cJfaQOBEAMZrtFCrZ5mZcxbEjq5unkO9omzyfvrROzmUvGvhLZKTxYQueSxuxnOHtcraz99_3wrrX1ZcP_9Gk6L-S2lr9v_8zcJ3-rHn6FMDDnT-UPqPtpilYeTe9fcy97ItTNEQR8vF9BDD2pi2LIGO-SjdwcZ2NV7zwNqq3HEU558eBVW1dltiiKRcl5muVZwYrFZB0ksbpgrCqr9MzM6_mcV6yoijPF66qseMZfmayusoTlacKKLGH8NTqvmycyezwTRd0p3R_OuKx77Sw2aquwffzeVtVkz2BRt6-nsLRmPIhP2au2DWMHAVmesIwlLJ8nZXZpK6ar7R3S1Q61BwFr81l1nZzlSRq9-Zuxn6K7kDo6VMVjkb2Nrqzt8BNubpWf5bxMeBG9uf3wsL6Lo049Y3SDzbN5Gy3H5maMp8n4RfdyK0mdQiDc5hYJaSqgxUE1eN4RE4oe0wbdub_OmwVBd-Y_N8ZNKc7RP5PU7eVxa9Nid0n8Jvc44WZKBUtD1lBYs7BINrQ_z8rouidjcdRerz0FVa2ux5p3Ux2r669fP6Bzo4_yxxP1nqR-3vbkI7mP1lJpCEol1H4ZVHfaI1I7pe_sBeVJaiebaXEdCN13XQxN77zZg_gCePBIWnbjI_GjRiGGIQUBJ4EGyEDAizoDno-BozQD5AF-p8vAZiCgeRnqkIOA7nQHQxDKD3IMhhIEkA1_FQhox8hFeAN5Ct--_R8AAP__8JgyxhYFAAA=
roots.baby/	1970-01-21 01:19:23	Name: ClickDataNgFall Value: H4sIAAAAAAAA_2RU227jNhD9FWGedgFBFk3dzEJYpHY22ybuBcl2-1AgoKWxw0YmiSGl2nv594KS43ix0IvOmRnOhWf4BQYkp4wGASxJkxRi8EeLINIYXL95ePlvjB6QPLYgtrJzGEPTqeb5lxYEyBt3WF2zz_fM3kAMrfQIgpU8ZSVbpDyGRu6tVDsdvFnOSxaDcss_rs5nkfHSKzM65LzkMVDfYUBpDIStImz8Gv2TCQ4xONNTM9pZDJ3UrdK7k_cJfaQOBEAMZrtFCrZ5mZcxbEjq5unkO9omzyfvrROzmUvGvhLZKTxYQueSxuxnOHtcraz99_3wrrX1ZcP_9Gk6L-S2lr9v_8zcJ3-rHn6FMDDnT-UPqPtpilYeTe9fcy97ItTNEQR8vF9BDD2pi2LIGO-SjdwcZ2NV7zwNqq3HEU558eBVW1dltiiKRcl5muVZwYrFZB0ksbpgrCqr9MzM6_mcV6yoijPF66qseMZfmayusoTlacKKLGH8NTqvmycyezwTRd0p3R_OuKx77Sw2aquwffzeVtVkz2BRt6-nsLRmPIhP2au2DWMHAVmesIwlLJ8nZXZpK6ar7R3S1Q61BwFr81l1nZzlSRq9-Zuxn6K7kDo6VMVjkb2Nrqzt8BNubpWf5bxMeBG9uf3wsL6Lo049Y3SDzbN5Gy3H5maMp8n4RfdyK0mdQiDc5hYJaSqgxUE1eN4RE4oe0wbdub_OmwVBd-Y_N8ZNKc7RP5PU7eVxa9Nid0n8Jvc44WZKBUtD1lBYs7BINrQ_z8rouidjcdRerz0FVa2ux5p3Ux2r669fP6Bzo4_yxxP1nqR-3vbkI7mP1lJpCEol1H4ZVHfaI1I7pe_sBeVJaiebaXEdCN13XQxN77zZg_gCePBIWnbjI_GjRiGGIQUBJ4EGyEDAizoDno-BozQD5AF-p8vAZiCgeRnqkIOA7nQHQxDKD3IMhhIEkA1_FQhox8hFeAN5Ct--_R8AAP__8JgyxhYFAAA=
.ak.itponytaa.com/	1970-01-21 00:46:16	Name: RT Value: "z=1&dm=ak.itponytaa.com&si=e99b9640-24f9-4bea-9211-ee5b545e9cc6&ss=m2tvoe79&sl=3&tt=2ho&rl=1&obo=1&ld=38l&r=10ba7cn6&hd=38o"

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=143980&ymid=wef33v13uuojvb753e9tnfvq Message: [GroupMarkerNotSet(crbug.com/242999)!:A0909100E4010000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://ak.itponytaa.com/afu.php?zoneid=6000041&var=6000041&rid=mnhKzS_wDF_SW3g2Y1iWsw%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false Message: [GroupMarkerNotSet(crbug.com/242999)!:A0609100E4010000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://ak.itponytaa.com/4/6118780?var=6000041&btz=Europe/Berlin&bto=-60&bar=x Message: [GroupMarkerNotSet(crbug.com/242999)!:A0609100E4010000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://ak.itponytaa.com/afu.php?zoneid=6118780&var=6118780&rid=33-IJ2mCiw9DGbmF2LWarg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false Message: [GroupMarkerNotSet(crbug.com/242999)!:A0A09000E4010000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ak.itponytaa.com
c.go-mpulse.net
ecewfiu97.shop
my.rtmark.net
pokjuhfdesw.site
roots.baby
s.click.aliexpress.com
s.go-mpulse.net
wildzontracking.lol
ak.itponytaa.com
s.click.aliexpress.com
139.45.195.8
143.198.167.92
184.24.77.76
2600:9000:2250:c00:4:96c:4500:93a1
2600:9000:266e:a800:1e:11ec:5100:93a1
2a02:26f0:1700:391::11a6
2a02:26f0:7100:594::11a6
3.126.48.135
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
3d1d8456e5094582b19ea98fdd14a8398227df9d764cbfacde304016e89ab719
df6c14c91d0835f64211c044fb0058bc391e839408f86052a004aa0dac1ad79b
e652c287346c112bed655ae1598f78810f5db3b9394d2475c1f587eddfaaf089
fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7

roots.baby Open in urlscan Pro 3.126.48.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

21 Requests

90 %HTTPS

50 %IPv6

8 Domains

9 Subdomains

8 IPs

3 Countries

91 kBTransfer

481 kBSize

10 Cookies

1 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

10 Cookies

4 Console Messages

Indicators

roots.baby Open in urlscan Pro
3.126.48.135 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

90 %
HTTPS

50 %
IPv6

8
Domains

9
Subdomains

8
IPs

3
Countries

91 kB
Transfer

481 kB
Size

10
Cookies

21 HTTP transactions
0 data transactions