urlscan.io logo urlscan.io
SecurityTrails logo

investigating-embezzlement-dawn-hxg.today Open in urlscan Pro
2606:4700:3033::ac43:cbe8  Public Scan

Go To Rescan Add Verdict Report
URL: https://investigating-embezzlement-dawn-hxg.today/
Submission: On December 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 9 domains to perform 24 HTTP transactions. The main IP is 2606:4700:3033::ac43:cbe8, located in United States and belongs to CLOUDFLARENET, US. The main domain is investigating-embezzlement-dawn-hxg.today.
TLS certificate: Issued by WE1 on November 15th 2024. Valid for: 3 months.
This is the only time investigating-embezzlement-dawn-hxg.today was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

7    2606:4700:3033::ac43:cbe8 (United States)

ASN13335 (CLOUDFLARENET, US)
investigating-embezzlement-dawn-hxg.today
2    2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2600:9000:223e:7e00:2:17ff:2c80:93a1 (United States)

ASN16509 (AMAZON-02, US)
ob.togreencolumn.com
1    2606:4700:3108::ac42:2b41 (United States)

ASN13335 (CLOUDFLARENET, US)
www.relevantlinks.net
5    2600:1f18:e8a:cd06:e361:a2ce:b047:17c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
obs.togreencolumn.com
1    2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
3    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
syndicatedsearch.goog
2    13.225.78.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-98.fra2.r.cloudfront.net
81bx0feo6k.execute-api.us-west-2.amazonaws.com
1    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Apex Domain
Subdomains		 Transfer
7 investigating-embezzlement-dawn-hxg.today
investigating-embezzlement-dawn-hxg.today
10 KB
6 togreencolumn.com
ob.togreencolumn.com — Cisco Umbrella Rank: 102535
obs.togreencolumn.com — Cisco Umbrella Rank: 93546
40 KB
3 syndicatedsearch.goog
syndicatedsearch.goog — Cisco Umbrella Rank: 3335
719 B
2 amazonaws.com
81bx0feo6k.execute-api.us-west-2.amazonaws.com — Cisco Umbrella Rank: 110599
671 B
2 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 5439
www.googleadservices.com — Cisco Umbrella Rank: 96
307 B
2 google.com
www.google.com — Cisco Umbrella Rank: 3
54 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 10745
64 B
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
24 B
1 relevantlinks.net
www.relevantlinks.net — Cisco Umbrella Rank: 233366
36 KB
24 9
Domain Requested by
7 investigating-embezzlement-dawn-hxg.today investigating-embezzlement-dawn-hxg.today
5 obs.togreencolumn.com ob.togreencolumn.com
investigating-embezzlement-dawn-hxg.today
3 syndicatedsearch.goog www.google.com
2 81bx0feo6k.execute-api.us-west-2.amazonaws.com investigating-embezzlement-dawn-hxg.today
2 www.google.com 1 redirects investigating-embezzlement-dawn-hxg.today
1 www.google.de investigating-embezzlement-dawn-hxg.today
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com 1 redirects
1 partner.googleadservices.com www.google.com
1 www.relevantlinks.net investigating-embezzlement-dawn-hxg.today
1 ob.togreencolumn.com investigating-embezzlement-dawn-hxg.today
24 11

This site contains no links.

Subject Issuer Validity Valid
investigating-embezzlement-dawn-hxg.today
WE1		 2024-11-15 -
2025-02-13		 3 months crt.sh
*.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.togreencolumn.com
Amazon RSA 2048 M02		 2024-06-17 -
2025-07-16		 a year crt.sh
relevantlinks.net
WE1		 2024-11-22 -
2025-02-20		 3 months crt.sh
*.googleadservices.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
syndicatedsearch.goog
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.execute-api.us-west-2.amazonaws.com
Amazon RSA 2048 M03		 2024-05-13 -
2025-06-10		 a year crt.sh

This page contains 2 frames:

Primary Page: https://investigating-embezzlement-dawn-hxg.today/
Frame ID: FDE6CC7801A540150FC99D102B64899A
Requests: 20 HTTP requests in this frame

Frame: https://syndicatedsearch.goog/afs/ads?adsafe=medium&psid=5733297675&pcsa=false&channel=seg1200%2Cseg4&client=dp-domainactive23_3ph_xml&r=m&hl=de&ivt=0&rpbu=https%3A%2F%2Finvestigating-embezzlement-dawn-hxg.today%2F%3Fcaf_results%3D1%26acid%3D0%26asrc%3D%26at2%3D23%26at3%3Dseg1200%252Cseg4%26atxt%3D%26avid%3D%26ct%3D184%26psqs%3D%26sqs%3D%26t1%3D%26t2%3D%26t3%3D%26tpct%3D%26u%3D%26u2%3D%26uuid%3D10835309-500c-4300-bf8a-f0ceeb480648%26rfpi%3D%26ec%3D%26at4%3D5733297675%26sescnt%3D1&type=3&uiopt=false&swp=as-drid-2226866715478033&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301542%2C17301266%2C72717107%2C49280906%2C72771954&format=r1&nocache=8051733140618923&num=0&output=afd_ads&domain_name=investigating-embezzlement-dawn-hxg.today&v=3&bsl=8&pac=0&u_his=2&u_tz=60&dt=1733140618923&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1200&frm=0&uio=-&cont=kwBlock1&drt=0&jsid=caf&nfp=1&jsv=697661440&rurl=https%3A%2F%2Finvestigating-embezzlement-dawn-hxg.today%2F
Frame ID: 6179452A5AB5927D612C8F34BFF7C13F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

24
Requests

88 %
HTTPS

82 %
IPv6

9
Domains

11
Subdomains

10
IPs

2
Countries

142 kB
Transfer

305 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://www.googleadservices.com/pagead/conversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0&ct_cookie_present=false&random=104349351&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIpsva94OJigMVB-O7CB14jjFnMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjJodHRwczovL2ludmVzdGlnYXRpbmctZW1iZXp6bGVtZW50LWRhd24taHhnLnRvZGF5Lw HTTP 302
  • https://www.google.com/pagead/1p-conversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0&ct_cookie_present=false&random=104349351&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIpsva94OJigMVB-O7CB14jjFnMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjJodHRwczovL2ludmVzdGlnYXRpbmctZW1iZXp6bGVtZW50LWRhd24taHhnLnRvZGF5Lw&is_vtc=1&cid=CAQSGwCa7L7duVKHnivYTS92SmhxHB218CcSViEv3A&random=99956928 HTTP 302
  • https://www.google.de/pagead/1p-conversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0&ct_cookie_present=false&random=104349351&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIpsva94OJigMVB-O7CB14jjFnMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjJodHRwczovL2ludmVzdGlnYXRpbmctZW1iZXp6bGVtZW50LWRhd24taHhnLnRvZGF5Lw&is_vtc=1&cid=CAQSGwCa7L7duVKHnivYTS92SmhxHB218CcSViEv3A&random=99956928&ipr=y

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
investigating-embezzlement-dawn-hxg.today/ 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://investigating-embezzlement-dawn-hxg.today/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:cbe8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8e2393b1a33aaf9d53c9748102fbd4f899c690f45e63ba3fcf86eb827d5e152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8ebb23026c0dbb53-FRA
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Mon, 02 Dec 2024 11:56:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZsqquRnPv0Le2YO0o3qhY8j8Fk%2Blj2RZyjjJlkSmLMo4EHWyf6LDHLdgstr7jLtMDaCzSe7QDY4mq2xACAse4NnSKxfk1lB0DPYs9mEtUrn%2FPE1lNyIa%2FAVAxPwEAqshG3Ydr2IOTcIlnK1Apu7K02U2oj8x6rhL3ka52E%2FKkaxktY3h1RCnPw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=6238&min_rtt=5913&rtt_var=1105&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4228&recv_bytes=4497&delivery_rate=889&cwnd=12000&unsent_bytes=0&cid=4a3ec7641118ef6e&ts=194&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOkfkOV3lsGKqQ9j5bagzq3wjNQNxWwn/esVXnQFKykdGNnnz7w5UeA2I4OuWHWvh0oBKk747TbfSyNssqOrybkCAwEAAQ==_E9rpvDZU0QXsUkabBYQgfq04vz2UKLZUPqX0d1LW7vOx1QEM2wiD/GrXojTko670I5AIpoBPLvd6Pp2nnrh/KQ==
caf.js
www.google.com/adsense/domains/ 		149 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js?abp=1&2va64smr560lx5k=true
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce8ad054d9d9c1434b0805f78c6124a0e7dfd4a05638a8aeb00a3f63eed54aa5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

content-encoding
gzip
etag
"14128264973322863844"
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
x-content-type-options
nosniff
expires
Mon, 02 Dec 2024 11:56:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 02 Dec 2024 11:56:58 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
link
<https://syndicatedsearch.goog>; rel="preconnect"
cache-control
private, max-age=3600
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
x-xss-protection
0
server
sffe
6e3a82979a1e73c3323cc8d1a4e46b46.js
ob.togreencolumn.com/i/ 		104 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ob.togreencolumn.com/i/6e3a82979a1e73c3323cc8d1a4e46b46.js
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:7e00:2:17ff:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Caddy /
Resource Hash
1837e96ac6e784d72c5ae4f2f2add69c9d2ae67a1363957c5c5d8d044de657a8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

cache-control
max-age=43200
content-encoding
gzip
etag
"19fd8-CrBoMGhK57ZRT/OCyBGR+TpBuO0"
age
17585
via
1.1 3431ec594cac61983aae2d9ffaf23980.cloudfront.net (CloudFront)
expires
Mon, 02 Dec 2024 19:03:53 GMT
x-cache
Hit from cloudfront
content-length
38847
x-amz-cf-id
yrma_DO4X_5rqtgL8Pu8spOCae5v0m1m6AxPqdOfPcw0CFeplr9C5A==
date
Mon, 02 Dec 2024 07:03:53 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
Caddy
x-amz-cf-pop
FRA56-P4
8424.jpg
www.relevantlinks.net/img.php/image_id/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.relevantlinks.net/img.php/image_id/8424.jpg
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:2b41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28349c38fe446eb7d54a2cde34f39e2e71e02df4c11211331ac029da54ba6f41

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
age
221107
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oemTAFLa%2FzxccQrJoLai9JFL8lXiKsLnqaKoYFZM5UrkZ03hJDLesOt9OMvy%2BBKGR8gDJgXeHN9tjn6wrM6QO9ge0rI5ZKSDCsTuFkQHg8FvnBux7XhCKvqOHxON9vjeIFawAqbM6Kw3I4AX1qCcJmmcpRc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ebb2303db3c68ec-FRA
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=5901&min_rtt=5701&rtt_var=1081&sent=8&recv=12&lost=0&retrans=0&sent_bytes=4036&recv_bytes=2362&delivery_rate=647383&cwnd=254&unsent_bytes=0&cid=9730c22df8beeeac&ts=25&x=0"
content-length
36645
date
Mon, 02 Dec 2024 11:56:58 GMT
content-type
image/jpeg
last-modified
Sat, 23 Nov 2024 10:31:09 GMT
vary
Accept-Encoding
server
cloudflare
ct
obs.togreencolumn.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://obs.togreencolumn.com/ct?id=59128&url=https%3A%2F%2Finvestigating-embezzlement-dawn-hxg.today%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1733140618918&hl=2&op=0&ag=4270235709&rand=13552672106601086619550602511070230210457510597422622512220293817558119056582525111962&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDM0NzhdLFsiYWJuY2giLDE1XSxbLTUsIi0iXSxbLTEwLCItIl0sWy0yMCwiLSJdLFstMzksIltcIjIwMDMwMTA3XCIsMixcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLG51bGwsbnVsbCx0cnVlLDgsZmFsc2UsbnVsbCw1LHRydWUsdHJ1ZSxudWxsLDAsdHJ1ZSx0cnVlXSJdLFstNDMsIjAwMDAwMDAxMDEwMDAwMDEwMDExMTAxMTAwMTAxMTAxMDAwMDAxMCJdLFstNDUsIjYyMCw2NzcsMCwwLDAsNTYyLDAsMCw2NDgsMCwwLDAsMCwwLDAsMCwwLDAsMCw2ODQsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTYwLDIwN10sWy02MywiLSJdLFstNzEsImEwMTEwMDEwMTAwMTAwMTAxMDAwMTAxMDAxMTExMTAxMDAwMDEwIl0sWy0zNCwiLSJdLFstNDEsIi0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy00NiwiMCJdLFstNTAsIi0iXSxbLTU4LCItIl0sWy0xLCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W1wib2c6dGl0bGVcIixcIm9nOmRlc2NyaXB0aW9uXCIsXCJkZXNjcmlwdGlvblwiXX0iXSxbLTEzLCItIl0sWy0yOSwiLSJdLFstNTEsIi0iXSxbLTY5LCJMaW51eCB4ODZfNjR8R29vZ2xlIEluYy58OHwzMnx8MCJdLFstNiwie1wid1wiOltcIjFcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy0xOCwiWzAsMCwwLDFdIl0sWy0xOSwiWzExNzAsMTU3MCwxMTcwLDE1NzAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyODUsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCIsMTYwMCwxMjAwLDBdIl0sWy0yNiwie1widGpoc1wiOjkxNzg2MzYsXCJ1amhzXCI6NjcxNTY4NCxcImpoc2xcIjo0Mjk0NzA1MTUyfSJdLFstMzMsIi0iXSxbLTU5LCJkZWZhdWx0Il0sWy02MSwie1wid2dzbFwiOlwiNDtwYWNrZWRfNHg4X2ludGVnZXJfZG90X3Byb2R1Y3Q7dW5yZXN0cmljdGVkX3BvaW50ZXJfcGFyYW1ldGVycztwb2ludGVyX2NvbXBvc2l0ZV9hY2Nlc3M7cmVhZG9ubHlfYW5kX3JlYWR3cml0ZV9zdG9yYWdlX3RleHR1cmVzO1wiLFwicGNmXCI6XCJiZ3JhOHVub3JtXCJ9Il0sWy03MCwiLSJdLFstMjQsIltdIl0sWy0zNSwiWzE3MzMxNDA2MTg4OTgsLTFdIl0sWy0zNywiLTE0NC02Ni0xODAtIl0sWy01NSwiMCJdLFstNjUsIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIl0iXSxbLTgsIi0iXSxbLTEyLCJudWxsIl0sWy00MCwiMzMiXSxbLTQ4LCIwLDAiXSxbLTQ5LCItIl0sWy02MiwiODAiXSxbLTIxLCItIl0sWy0yNSwiLSJdLFstMzEsImZhbHNlIl0sWy00NywiRXVyb3BlL0JlcmxpbixkZSxsYXRuLGdyZWdvcnkiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNjcsIi0iXSxbLTY4LCItIl0sWzM3LCJbMzMxNjIyNDA0OSxmdW5jdGlvbihuZXdWYWx1ZSkge1xuICAgICAgICAgICAgICBhZGRDb250ZW50V2luZG93UHJveHkodGhpcylcbiAgICAgICAgICAgICAgLy8gUmVzZXQgcHJvcGVydHksIHRoZSBob29rIGlzIG9ubHkgbmVlZGVkIG9uY2VcbiAgICAgICAgICAgICAgT2JqZWN0LmRlZmluZVByb3BlcnR5KGlmcmFtZSwgJ3NyY2RvYycsIHtcbiAgICAgICAgICAgICAgICBjb25maWd1cmFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHdyaXRhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB2YWx1ZTogX3NyY2RvY1xuICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICBfaWZyYW1lLnNyY2RvYyA9IG5ld1ZhbHVlXG4gICAgICAgICAgICB9XSJdLFstMTQsIi0iXSxbLTE1LCItIl0sWy0xNiwiMCJdLFstMTcsIjMyIl0sWy0yNywiWzAsMTAsMCxcIjRnXCIsbnVsbF0iXSxbLTMyLCItIl0sWy03LCItIl0sWy05LCIrIl0sWy0yMywiKyJdLFstNTQsIntcImhcIjpbXCJfM1wiLFwiMTQ0MTM3MDEzMlwiXSxcImRcIjpbXSxcImJcIjpbXSxcInNcIjoxfSJdLFstNjYsImdlb2xvY2F0aW9uLGNodWFmdWxsdmVyc2lvbmxpc3QsY3Jvc3NvcmlnaW5pc29sYXRlZCxzY3JlZW53YWtlbG9jayxwdWJsaWNrZXljcmVkZW50aWFsc2dldCxzaGFyZWRzdG9yYWdlc2VsZWN0dXJsLGNodWFhcmNoLGNvbXB1dGVwcmVzc3VyZSxjaHByZWZlcnNyZWR1Y2VkdHJhbnNwYXJlbmN5LHVzYixjaHNhdmVkYXRhLHB1YmxpY2tleWNyZWRlbnRpYWxzY3JlYXRlLHNoYXJlZHN0b3JhZ2UscnVuYWRhdWN0aW9uLGNodWFmb3JtZmFjdG9ycyxjaGRvd25saW5rLG90cGNyZWRlbnRpYWxzLHBheW1lbnQsY2h1YSxjaHVhbW9kZWwsY2hlY3QsYXV0b3BsYXksY2FtZXJhLHByaXZhdGVzdGF0ZXRva2VuaXNzdWFuY2UsYWNjZWxlcm9tZXRlcixjaHVhcGxhdGZvcm12ZXJzaW9uLGlkbGVkZXRlY3Rpb24scHJpdmF0ZWFnZ3JlZ2F0aW9uLGludGVyZXN0Y29ob3J0LGNodmlld3BvcnRoZWlnaHQsbG9jYWxmb250cyxjaHVhcGxhdGZvcm0sbWlkaSxjaHVhZnVsbHZlcnNpb24seHJzcGF0aWFsdHJhY2tpbmcsY2xpcGJvYXJkcmVhZCxnYW1lcGFkLGRpc3BsYXljYXB0dXJlLGtleWJvYXJkbWFwLGpvaW5hZGludGVyZXN0Z3JvdXAsY2h3aWR0aCxjaHByZWZlcnNyZWR1Y2VkbW90aW9uLGJyb3dzaW5ndG9waWNzLGVuY3J5cHRlZG1lZGlhLGd5cm9zY29wZSxzZXJpYWwsY2hydHQsY2h1YW1vYmlsZSx3aW5kb3dtYW5hZ2VtZW50LHVubG9hZCxjaGRwcixjaHByZWZlcnNjb2xvcnNjaGVtZSxjaHVhd293NjQsYXR0cmlidXRpb25yZXBvcnRpbmcsZnVsbHNjcmVlbixpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LHByaXZhdGVzdGF0ZXRva2VucmVkZW1wdGlvbixoaWQsY2h1YWJpdG5lc3Msc3RvcmFnZWFjY2VzcyxzeW5jeGhyLGNoZGV2aWNlbWVtb3J5LGNodmlld3BvcnR3aWR0aCxwaWN0dXJlaW5waWN0dXJlLG1hZ25ldG9tZXRlcixjbGlwYm9hcmR3cml0ZSxtaWNyb3Bob25lIl0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJpbnRlbCBpbmMuXCIsXCJyXCI6XCJpbnRlbCBpcmlzIG9wZW5nbCBlbmdpbmVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjAgKG9wZW5nbCBlcyBnbHNsIGVzIDEuMCBjaHJvbWl1bSlcIixcImd2ZXJcIjpcIndlYmdsIDEuMCAob3BlbmdsIGVzIDIuMCBjaHJvbWl1bSlcIixcImd2ZW5cIjpcIndlYmtpdFwiLFwiYmVuXCI6NCxcIndnbFwiOjEsXCJncmVuXCI6XCJ3ZWJraXQgd2ViZ2xcIixcInNlZlwiOjE5MzA4MjAyNzksXCJzZWNcIjpcIlwifSJdLFstMiwiMyxlQUhXWDEvZjNxekN2Ymt1eW1Rd2dsSWFGM3BJc2dJSWpTUSs4aUtncUkwb3NJQWlwRkVFUVJJa1VnZEVRUXBVb0pTQXRDQXFTSDlHeXk3WldaK2VyL2QrZTkyYndzQ1NELzFlIl0sWy00LCItIl0sWy0zOCwibCwtMSwtMSwwLDAsMCwwLDExLDE4LDE4NCwtMSwwLDIzNC41LDIzNC41LDMyMywzMjQiXSxbImJuY2giLDU1XSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTM2LCJbXCI0LzNcIixcIjQvM1wiXSJdLFstNDQsIjAsMCwwLDUiXSxbLTUyLCItIl0sWy01MywiMTAwIl0sWy01NywiV0UwWlYxeE9jVmhYWFZWY1N4Y0ZXbFpVU1V4TlhGMEhHV0pZU2hsWVNVbFZRR1FaRVZ4UFdGVVpXRTBaQlZoWFZsZEFWRlpNU2djWkVRTU9Bd2dNQ1FvSkFSQVZHUVZZVjFaWFFGUldURW9IQXdnQkF3b0pFQlZZVFJsNFMwdFlRQmRQWEJrUlVVMU5TVW9ERmhaV1d4ZE5WbDVMWEZ4WFdsWlZURlJYRjFwV1ZCWlFGZzljQ2xnQkN3QU9BRmdJWEE0S1dnb0tDd3BhV2dGZENGZ05YQTBQV3cwUEYxTktBd2dERHc0QkN3b1FGVmhOR1VzWkVWRk5UVWxLQXhZV1Zsc1hUVlplUzF4Y1YxcFdWVXhVVnhkYVZsUVdVQllQWEFwWUFRc0FEZ0JZQ0Z3T0Nsb0tDZ3NLV2xvQlhRaFlEVndORDFzTkR4ZFRTZ01JQXc0TERBPT0iXSxbLTY0LCJbMCxcIlwiLFtdXSJdLFsiZGRiIiwiMCw0LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDUsMCw1LDEsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDQsMCwwLDEsMCwwLDAsMCwwLDAsMSwwIl0sWyJjYiIsIjAsMCwwLDAsMCwwLDAsMCwwLDMsMCwwLDQsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCw0LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdXQ%3D%3D&dep=0&pre=0&sdd=&cri=RwImN4FSJ1&pto=328&ver=62&gac=-&mei=&ap=&fe=1&duid=1.1733140618.0UouISbWUVBK6j5J&suid=1.1733140618.SxPqUvRHc0MVmghQ&tuid=1.1733140618.sGul38spqudDXMmk&fbc=-&gtm=-&it=7%2C228%2C39&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by
Host: ob.togreencolumn.com
URL: https://ob.togreencolumn.com/i/6e3a82979a1e73c3323cc8d1a4e46b46.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
ab1b391cfa10c02cc46f1592987bb0929198b48c61846bf5b35f78bf1d2dd6b0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
https://investigating-embezzlement-dawn-hxg.today
content-encoding
gzip
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
content-length
1274
date
Mon, 02 Dec 2024 11:56:59 GMT
content-type
text/javascript
cookie.js
partner.googleadservices.com/gampad/ 		436 B
284 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=investigating-embezzlement-dawn-hxg.today&client=partner-dp-domainactive23_3ph_xml&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&2va64smr560lx5k=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c3c9f1d9363d1a183c9806f4a86d7710b572b5cc5e602b71f67710765f4a9f5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
263
date
Mon, 02 Dec 2024 11:56:58 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
syndicatedsearch.goog/afs/ Frame 6179 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://syndicatedsearch.goog/afs/ads?adsafe=medium&psid=5733297675&pcsa=false&channel=seg1200%2Cseg4&client=dp-domainactive23_3ph_xml&r=m&hl=de&ivt=0&rpbu=https%3A%2F%2Finvestigating-embezzlement-dawn-hxg.today%2F%3Fcaf_results%3D1%26acid%3D0%26asrc%3D%26at2%3D23%26at3%3Dseg1200%252Cseg4%26atxt%3D%26avid%3D%26ct%3D184%26psqs%3D%26sqs%3D%26t1%3D%26t2%3D%26t3%3D%26tpct%3D%26u%3D%26u2%3D%26uuid%3D10835309-500c-4300-bf8a-f0ceeb480648%26rfpi%3D%26ec%3D%26at4%3D5733297675%26sescnt%3D1&type=3&uiopt=false&swp=as-drid-2226866715478033&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301431%2C17301433%2C17301436%2C17301542%2C17301266%2C72717107%2C49280906%2C72771954&format=r1&nocache=8051733140618923&num=0&output=afd_ads&domain_name=investigating-embezzlement-dawn-hxg.today&v=3&bsl=8&pac=0&u_his=2&u_tz=60&dt=1733140618923&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1200&frm=0&uio=-&cont=kwBlock1&drt=0&jsid=caf&nfp=1&jsv=697661440&rurl=https%3A%2F%2Finvestigating-embezzlement-dawn-hxg.today%2F
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&2va64smr560lx5k=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-1k8Kxd2UuqycFh2G5YNO9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection 0

Request headers

Referer
https://investigating-embezzlement-dawn-hxg.today/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-disposition
inline
content-encoding
br
content-length
2929
content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-1k8Kxd2UuqycFh2G5YNO9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
date
Mon, 02 Dec 2024 11:56:58 GMT
expires
Mon, 02 Dec 2024 11:56:58 GMT
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server
gws
x-xss-protection
0
pxlt.php
investigating-embezzlement-dawn-hxg.today/include/ 		2 B
681 B 		Script
General
Check archive.org
Download Go to
Full URL
https://investigating-embezzlement-dawn-hxg.today/include/pxlt.php?uuid=10835309-500c-4300-bf8a-f0ceeb480648&cb=50087522
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:cbe8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0889a34434e586e918436027c4e8b4c3380f84643731bdeb57024adb8745cf53

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MQ567SzMIqURtJrsm%2B1EdhQPnh%2FL8lexw7ajmc3H0vDtPajK%2BmAwpParAqsbj7p7tGv%2Bd8Vn2zM9U95FLYMOZv%2Fw%2BAWRSPmLqmjWIm55JFeXE1NWC%2F%2Fvg4Uwgs1jkhM5VK7EaSs8QG9EyTK6XmAKcc%2B9xl09HveY65Otu5Z3ij6XS3AnySL42Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ebb23045cd9bb53-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6284&min_rtt=5913&rtt_var=751&sent=18&recv=15&lost=0&retrans=0&sent_bytes=9582&recv_bytes=5064&delivery_rate=897478&cwnd=12000&unsent_bytes=0&cid=4a3ec7641118ef6e&ts=460&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
2
date
Mon, 02 Dec 2024 11:56:59 GMT
content-type
text/javascript;charset=UTF-8
server
cloudflare
priority
u=3,i=?0
px.gif
investigating-embezzlement-dawn-hxg.today/abp/ 		43 B
758 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://investigating-embezzlement-dawn-hxg.today/abp/px.gif?ch=1&abp=1&2va64smr560lx5k=true&rn=1.8079638064906431
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:cbe8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

cf-cache-status
HIT
etag
"2b-6262ca5e61600"
age
0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Ft4iht34qcIXDAYtADSVv1lYXCJ9SP2BNnbKMzPIWMlWvpOX82lOdTcZpz3mYNXzcfzJHlPtd7rP4um9qcru1tlbVqmW%2F%2FRxM6rVMQyEXa2xSfLblCqMOJF2nBcBTzxlI5yhatB%2FR%2B%2Ficq5TT9UFvoc7bW8xFQd8p%2BuU5iBudHll1IBoza09UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6506&min_rtt=5913&rtt_var=766&sent=21&recv=18&lost=0&retrans=0&sent_bytes=11088&recv_bytes=6266&delivery_rate=3816&cwnd=12000&unsent_bytes=0&cid=4a3ec7641118ef6e&ts=722&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 02 Dec 2024 11:56:59 GMT
content-type
image/gif
last-modified
Tue, 05 Nov 2024 16:11:04 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ebb23055d67bb53-FRA
accept-ranges
bytes
content-length
43
server
cloudflare
px.gif
investigating-embezzlement-dawn-hxg.today/abp/ 		43 B
755 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://investigating-embezzlement-dawn-hxg.today/abp/px.gif?ch=2&abp=2&2va64smr560lx5k=true&rn=1.8079638064906431
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:cbe8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

cf-cache-status
MISS
etag
"2b-6262ca5e61600"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vAib3aiemJkmQ9QjFqeqw4Fvs6%2FGnRK0aHTe9QPefh2VtIFmi7pu6oP1i%2FG1BQa1yqYkPr7IujFCIcx1Sy1o9m0l4pRMkwNSl6%2BaAnnIx%2BTR%2BDyEP67wnJXt2zhQ1WdomubfK7zz1KinTswtfpQcQyhCfVkC2PshATQ%2F%2BDw2M2gTDTPGCZXjxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6484&min_rtt=5913&rtt_var=963&sent=20&recv=17&lost=0&retrans=0&sent_bytes=10310&recv_bytes=6222&delivery_rate=4286&cwnd=12000&unsent_bytes=0&cid=4a3ec7641118ef6e&ts=666&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 02 Dec 2024 11:56:59 GMT
content-type
image/gif
last-modified
Tue, 05 Nov 2024 16:11:04 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ebb23055d69bb53-FRA
accept-ranges
bytes
content-length
43
server
cloudflare
main
81bx0feo6k.execute-api.us-west-2.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://81bx0feo6k.execute-api.us-west-2.amazonaws.com/main
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-98.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://investigating-embezzlement-dawn-hxg.today
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
*
content-length
29
content-type
application/json
date
Mon, 02 Dec 2024 11:56:59 GMT
via
1.1 32e3b86ae254a231182567c0124af892.cloudfront.net (CloudFront)
x-amz-apigw-id
CKYF2FeaPHcEfyQ=
x-amz-cf-id
FXrUw4f5-9gf28_pvDzQk9ZtCq7EYWy2aC1zwSrScfuGgwWscdmUDQ==
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
9374694f-e294-4457-8662-9f361702ffe5
x-amzn-trace-id
Root=1-674da08b-5e5e424025c53dab61b719f9
x-cache
Miss from cloudfront
0855d112-e1f1-4463-b0c1-67f911739bd6
https://investigating-embezzlement-dawn-hxg.today/ Frame 		0
0
main
81bx0feo6k.execute-api.us-west-2.amazonaws.com/ 		312 B
671 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://81bx0feo6k.execute-api.us-west-2.amazonaws.com/main
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-98.fra2.r.cloudfront.net
Software
/
Resource Hash
418a9963b95d807e7e0d6f6e51e07ae78c553c2e3f2a8a7f177431b1e21bcdc4

Request headers

Referer
https://investigating-embezzlement-dawn-hxg.today/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
*/*
Content-Type
application/json

Response headers

x-amz-apigw-id
CKYF4H3-vHcEGWw=
x-amzn-trace-id
Root=1-674da08b-48d364596c2f3f47317294c0
x-amzn-requestid
c02a5280-102b-481a-8bb8-01d8040eba73
via
1.1 32e3b86ae254a231182567c0124af892.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
312
x-amz-cf-id
lVN-PKYFVfELZp8LcQNg3DNdTb80uGGos7rXwT3UL-KmRDKyLZRudA==
date
Mon, 02 Dec 2024 11:56:59 GMT
content-type
application/json
x-amz-cf-pop
FRA2-C2
/
www.google.de/pagead/1p-conversion/852667600/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0&ct_cookie_present=false&random=104349351&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWx...
  • https://www.google.com/pagead/1p-conversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0&ct_cookie_present=false&random=104349351&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxA...
  • https://www.google.de/pagead/1p-conversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0&ct_cookie_present=false&random=104349351&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0&ct_cookie_present=false&random=104349351&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIpsva94OJigMVB-O7CB14jjFnMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjJodHRwczovL2ludmVzdGlnYXRpbmctZW1iZXp6bGVtZW50LWRhd24taHhnLnRvZGF5Lw&is_vtc=1&cid=CAQSGwCa7L7duVKHnivYTS92SmhxHB218CcSViEv3A&random=99956928&ipr=y
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H3
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 02 Dec 2024 11:56:59 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.de/pagead/1p-conversion/852667600/?label=pbDuCJuIvakZENDZypYD&guid=ON&script=0&ct_cookie_present=false&random=104349351&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII08WxAg&pscrd=IhMIpsva94OJigMVB-O7CB14jjFnMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOjJodHRwczovL2ludmVzdGlnYXRpbmctZW1iZXp6bGVtZW50LWRhd24taHhnLnRvZGF5Lw&is_vtc=1&cid=CAQSGwCa7L7duVKHnivYTS92SmhxHB218CcSViEv3A&random=99956928&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 02 Dec 2024 11:56:59 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
tc_imp.gif
obs.togreencolumn.com/tracker/ 		43 B
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://obs.togreencolumn.com/tracker/tc_imp.gif?e=37dfbd8ee84e001269edc631ea418b949225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5b188c6f2f17071a10acf9f29f67408a8b815179691ffc7a21508f6eda33c2566654779607050d31560d90bc3d4677be26bb25cb43e2916af05065aa587c7a1b8954ed14f497d7df3dbb2907fe7ccaad5c3e890e6547241793d10264a460b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf62f8ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e82dee03ec1305fd4fdca784a45a2636caf961362ead8a9708f57fd13bb851cc649d9d36d9a6d279c9b23d96d98cefab6cdb3f11338ae6bf2fbb9234e2be58d25c5f706ea1217458e030d98858cc8c6e49d3ecf25d792a3c77eed69777b8e622ed8829c4824cba533e541e1940dce24e13d524c57dd3bb34d8496ff24f6c7398744a7a9fb9b29ce590435ae1054447d092694e223a442d0cb9734a28e25a5d06c94c2e8f43dd7f0e655616ddefb4c459bf9495601e0e7e737e063c5b44ee5f270a060b266c420884d82f678be4e35eebc8f74232d365159570542f4a5f538c008a5585c5f3bbae85dd5f31b0ff7a4dcb8ba70c3ede4fc86e4aef14b4f3fe74686b6596a9f42651bd76441706cf679a76a18c2ebc2629661d72588ac30cca4109a730c3d3d017b1a80dde5d83e67489c184489cedfbbb2a74f17caf5e42984c5617ac6d3153f6af895d95020bf39853ac05f9a5cc975beae6183bc68e7e19ace8a0427b6b429699077b88cb7a8159d683410049c762018d1e23ac98e6c9999e6ae099adfe621122503fb64ff17a047b39f6891314020453a7b7ee944cdf67609ba6783e7b4708dbb25f12928bd0d6e6edfbec30031836de7cc5483153b0156ae6f7dc6feab3798067ac3da4dc38a8aa6df1cc857543e07a622674096930f55a62ea7a3903f85d2f01c1d21f728320207cc1e4cf4d9b35a039a626dc1c8c41298c6b0ce4530e573e8522844c64d2076c9c25b02d894f1dce2ae01b86cf37cdf24dd9d5387fff22d37ef8048de8ce7f1bdb3a4916b11d7bf7b028935c45bc11db4a9&cri=RwImN4FSJ1&ts=423&cb=1733140619341
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
date
Mon, 02 Dec 2024 11:56:59 GMT
pragma
no-cache
content-type
image/gif
2e333550-ee5a-4f43-b024-d740a9742279
https://investigating-embezzlement-dawn-hxg.today/ Frame 		0
0
favicon.ico
investigating-embezzlement-dawn-hxg.today/ 		318 B
986 B 		Other
General
Check archive.org
Download Go to
Full URL
https://investigating-embezzlement-dawn-hxg.today/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:cbe8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63615a2b207899516aa6eb56ec330671ca1bb25ebe8eb4dd703f08e2906e344e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"13e-6262ca5e61600"
age
776971
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GQdi8jw1lcu9uqewYJ4F7dcl9v0KNmpS0X9ujBseLBvxNpRo4YrvBG%2BVOtM8%2FnEBnMnoofR03VF6YRXkKtOqB4rRM53gbaSdAsz2GfH7yE9Z82zDLWtKnoxktlk9sUGZFhFa%2FUMVvazcaxDL5g1C7WPoJjvlnbNgD7oxw9WPk6%2BMSeJ76x7VdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6477&min_rtt=5913&rtt_var=632&sent=23&recv=20&lost=0&retrans=0&sent_bytes=11893&recv_bytes=6856&delivery_rate=24970&cwnd=12000&unsent_bytes=0&cid=4a3ec7641118ef6e&ts=909&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 02 Dec 2024 11:56:59 GMT
content-type
image/vnd.microsoft.icon
last-modified
Tue, 05 Nov 2024 16:11:04 GMT
vary
Accept-Encoding
priority
u=1,i
cache-control
public, max-age=2678400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ebb2307ee79bb53-FRA
server
cloudflare
abpc.php
investigating-embezzlement-dawn-hxg.today/ 		0
678 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://investigating-embezzlement-dawn-hxg.today/abpc.php
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:cbe8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://investigating-embezzlement-dawn-hxg.today/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=py1pcw7aU4O99Gdng2bAN%2BV76XXW5IVslTkC%2BOAPkFmm1QtsaMBnYm1UHqsDJDL0kztuoE66brvV78lB0d6VMOAorvUktWH%2B0kpqkt4xs1ySZev4tuagR2fAb2Cr8oeDH4V0Q4ATTcykvVOhh2Ty3BLN6RnPCKwJoQTuo%2FxMfjCmDh5YBE9n0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ebb23087ec4bb53-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6422&min_rtt=5913&rtt_var=446&sent=27&recv=25&lost=0&retrans=0&sent_bytes=13801&recv_bytes=8307&delivery_rate=4808&cwnd=12000&unsent_bytes=0&cid=4a3ec7641118ef6e&ts=1217&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 02 Dec 2024 11:56:59 GMT
content-type
text/html; charset=UTF-8
server
cloudflare
priority
u=1,i
da.php
investigating-embezzlement-dawn-hxg.today/ 		0
829 B 		Script
General
Check archive.org
Download Go to
Full URL
https://investigating-embezzlement-dawn-hxg.today/da.php?act=2&gal=true&giev=0&gtp=%7B%22cafRequestAccepted%22%3Atrue%2C%22cafStatus%22%3A%7B%22client%22%3A%22partner-dp-domainactive23_3ph_xml%22%2C%22adult%22%3Afalse%7D%7D&acid=0&asrc=&at2=23&at3=seg1200%2Cseg4&atxt=&avid=&ct=184&psqs=&sqs=&t1=&t2=&t3=&tpct=&u=&u2=&uuid=10835309-500c-4300-bf8a-f0ceeb480648&rfpi=&ec=&at4=5733297675&sescnt=1&impact=
Requested by
Host: investigating-embezzlement-dawn-hxg.today
URL: https://investigating-embezzlement-dawn-hxg.today/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:cbe8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uLsHNCvG%2Bnysc2TM%2BsikoTt9mbd0sRUY5xJpgScxaUmCTrW08hgdoTkwZID4sdiruuI5Ngf1jWCbN4sAJPxHjlRtTa2ZSSD9UZOE%2BxVF3oJUE3KmQmh8wlEZlIpHYWJx1DugM9NMjIhbgCA3YkokW3TZUc0Mv4dUbgLpyzxXmcNpmsfuLnlHyw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
POST, GET
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6439&min_rtt=5913&rtt_var=550&sent=26&recv=24&lost=0&retrans=0&sent_bytes=12949&recv_bytes=8263&delivery_rate=54256&cwnd=12000&unsent_bytes=0&cid=4a3ec7641118ef6e&ts=1138&x=1", cfExtPri, cfHdrFlush;dur=0
p3p
policyref="/w3c/p3p.xml",CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
date
Mon, 02 Dec 2024 11:56:59 GMT
content-type
text/javascript;charset=UTF-8
priority
u=3,i=?0
cache-control
no-cache, no-store, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8ebb23087ec7bb53-FRA
access-control-allow-origin
*
content-length
0
server
cloudflare
mon
obs.togreencolumn.com/ 		0
16 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.togreencolumn.com/mon
Requested by
Host: ob.togreencolumn.com
URL: https://ob.togreencolumn.com/i/6e3a82979a1e73c3323cc8d1a4e46b46.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

access-control-allow-origin
https://investigating-embezzlement-dawn-hxg.today
content-length
0
date
Mon, 02 Dec 2024 11:57:00 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
mon
obs.togreencolumn.com/ 		0
166 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.togreencolumn.com/mon
Requested by
Host: ob.togreencolumn.com
URL: https://ob.togreencolumn.com/i/6e3a82979a1e73c3323cc8d1a4e46b46.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

access-control-allow-origin
https://investigating-embezzlement-dawn-hxg.today
content-length
0
date
Mon, 02 Dec 2024 11:57:00 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
gen_204
syndicatedsearch.goog/afs/ 		0
508 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-domainactive23_3ph_xml&output=uds_ads_only&zx=mgex3t7t8adp&aqid=iqBNZ9ykPOrOjuwPqYSloQQ&psid=5733297675&pbt=bs&adbx=540&adby=30&adbh=557&adbw=520&adbah=166%2C166%2C166&adbn=master-1&eawp=partner-dp-domainactive23_3ph_xml&errv=697661440&csala=2%7C0%7C118%7C36%7C14&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-C-recG8Mj27fAcJYPb3rDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-C-recG8Mj27fAcJYPb3rDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 02 Dec 2024 11:57:00 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
gws
x-frame-options
SAMEORIGIN
gen_204
syndicatedsearch.goog/afs/ 		0
211 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-domainactive23_3ph_xml&output=uds_ads_only&zx=f5rm3isvd286&aqid=iqBNZ9ykPOrOjuwPqYSloQQ&psid=5733297675&pbt=bv&adbx=540&adby=30&adbh=557&adbw=520&adbah=166%2C166%2C166&adbn=master-1&eawp=partner-dp-domainactive23_3ph_xml&errv=697661440&csala=2%7C0%7C118%7C36%7C14&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-OFgrrQ1e2cvcJmHJ1a-DBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-OFgrrQ1e2cvcJmHJ1a-DBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 02 Dec 2024 11:57:00 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
gws
x-frame-options
SAMEORIGIN
mon
obs.togreencolumn.com/ 		0
39 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.togreencolumn.com/mon
Requested by
Host: ob.togreencolumn.com
URL: https://ob.togreencolumn.com/i/6e3a82979a1e73c3323cc8d1a4e46b46.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd06:e361:a2ce:b047:17c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://investigating-embezzlement-dawn-hxg.today/

Response headers

access-control-allow-origin
https://investigating-embezzlement-dawn-hxg.today
content-length
0
date
Mon, 02 Dec 2024 11:57:02 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
investigating-embezzlement-dawn-hxg.today
URL
blob:https://investigating-embezzlement-dawn-hxg.today/0855d112-e1f1-4463-b0c1-67f911739bd6
Domain
investigating-embezzlement-dawn-hxg.today
URL
blob:https://investigating-embezzlement-dawn-hxg.today/2e333550-ee5a-4f43-b024-d740a9742279

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| obtscript function| onCheqResponse function| __ctcg_ct_59128_exec number| googleNDT_ number| googleAltLoader object| google boolean| gAccepted object| gData number| gActionType boolean| adsLoaded object| pageOptions object| kwBlock1 object| adBlock1 function| _obpb function| add_adblock_channel function| getUrlVars function| getx function| post function| cafCallback function| adCallback function| hideElementsByClassName function| recordAction function| loadAds object| s function| __sasCookie object| _cq object| dataLayer

6 Cookies

Domain/Path Name / Value
investigating-embezzlement-dawn-hxg.today/ Name: uuid
Value: 10835309-500c-4300-bf8a-f0ceeb480648
.investigating-embezzlement-dawn-hxg.today/ Name: _cq_duid
Value: 1.1733140618.0UouISbWUVBK6j5J
.investigating-embezzlement-dawn-hxg.today/ Name: _cq_suid
Value: 1.1733140618.SxPqUvRHc0MVmghQ
.investigating-embezzlement-dawn-hxg.today/ Name: __gsas
Value: ID=d802bc51ef321f0b:T=1733140618:RT=1733140618:S=ALNI_MYUsUGBGw6rZG__oEAfZHz6lDWNlA
obs.togreencolumn.com/ Name: cg_uuid
Value: 9888fef422fd8e5a5bfad5e5b4bbf2f9
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

2 Console Messages

Source Level URL
Text
rendering warning URL: https://investigating-embezzlement-dawn-hxg.today/(Line 265)
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0E0B004A4070000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
worker verbose URL: blob:https://investigating-embezzlement-dawn-hxg.today/0855d112-e1f1-4463-b0c1-67f911739bd6(Line 1)
Message:
Error

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

81bx0feo6k.execute-api.us-west-2.amazonaws.com
googleads.g.doubleclick.net
investigating-embezzlement-dawn-hxg.today
ob.togreencolumn.com
obs.togreencolumn.com
partner.googleadservices.com
syndicatedsearch.goog
www.google.com
www.google.de
www.googleadservices.com
www.relevantlinks.net
investigating-embezzlement-dawn-hxg.today
13.225.78.98
142.250.185.66
2600:1f18:e8a:cd06:e361:a2ce:b047:17c
2600:9000:223e:7e00:2:17ff:2c80:93a1
2606:4700:3033::ac43:cbe8
2606:4700:3108::ac42:2b41
2a00:1450:4001:806::2002
2a00:1450:4001:810::2003
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::200e
2a00:1450:4001:82b::2004
0889a34434e586e918436027c4e8b4c3380f84643731bdeb57024adb8745cf53
1837e96ac6e784d72c5ae4f2f2add69c9d2ae67a1363957c5c5d8d044de657a8
28349c38fe446eb7d54a2cde34f39e2e71e02df4c11211331ac029da54ba6f41
418a9963b95d807e7e0d6f6e51e07ae78c553c2e3f2a8a7f177431b1e21bcdc4
63615a2b207899516aa6eb56ec330671ca1bb25ebe8eb4dd703f08e2906e344e
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
a8e2393b1a33aaf9d53c9748102fbd4f899c690f45e63ba3fcf86eb827d5e152
ab1b391cfa10c02cc46f1592987bb0929198b48c61846bf5b35f78bf1d2dd6b0
c3c9f1d9363d1a183c9806f4a86d7710b572b5cc5e602b71f67710765f4a9f5d
ce8ad054d9d9c1434b0805f78c6124a0e7dfd4a05638a8aeb00a3f63eed54aa5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629