URL: http://mail-download-file.xyz/
Submission: On June 01 via manual from US

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 30 HTTP transactions. The main IP is 74.117.219.198, located in Cayman Islands and belongs to DNC-HOLDINGS-INC, US. The main domain is mail-download-file.xyz.
This is the only time mail-download-file.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
19 www.google.com pagead2.googlesyndication.com
050005.voodoo.com
www.google.com
4 050005.voodoo.com mail-download-file.xyz
050005.voodoo.com
2 ajax.googleapis.com 050005.voodoo.com
1 afs.googleusercontent.com www.google.com
1 syndication.voodoo.com 050005.voodoo.com
1 redirection20.directnic.com 050005.voodoo.com
1 pagead2.googlesyndication.com 050005.voodoo.com
1 mail-download-file.xyz
30 8

This site contains no links.

Subject Issuer Validity Valid
www.google.com
GTS CA 1C3
2021-05-03 -
2021-07-26
3 months crt.sh
*.google.com
GTS CA 1O1
2021-05-03 -
2021-07-26
3 months crt.sh
*.googleusercontent.com
GTS CA 1C3
2021-05-03 -
2021-07-26
3 months crt.sh

This page contains 11 frames:

Primary Page: http://mail-download-file.xyz/
Frame ID: 772A89C9336DFEDE8A85060986DF2795
Requests: 4 HTTP requests in this frame

Frame: http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
Frame ID: F5D6BB5842CBCAA5E1504CEA9EDE45F3
Requests: 15 HTTP requests in this frame

Frame: https://www.google.com/afs/ads/i/iframe.html
Frame ID: 72D58F3963856A80F2140A236BC87781
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/afs/ads/i/iframe.html
Frame ID: AB0DD2CB8D91CC2DC97C46D95D737B73
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/afs/ads/i/iframe.html
Frame ID: 72BFED4415A8595FCF7CFFAA0A49409C
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/dp/ads?adtest=off&cpp=0&domain_name=mail-download-file.xyz&hl=ro&client=dp-voodoo21_3ph&r=m&max_radlink_len=32&swp=as-drid-2464369813134582&afdt=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300703%2C17300706%2C17300707&format=s%7Cr5%7Cr5%7Cr3&num=0&output=afd_ads&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1622563610907&u_w=1600&u_h=1200&biw=-12245933&bih=-12245933&isw=1600&ish=1200&psw=-1&psh=-1&frm=2&uio=sl1sr1--sa16sv16st22lt35-sa16sv16st22lt35-sa12st12&cont=related-3%7Crelated-2%7Crelated-1&csize=%7C%7C&inames=slave-1-1%7Cslave-2-1%7Cslave-3-1&jsv=27785&rurl=http%3A%2F%2F050005.voodoo.com%2Fpartner.php%3Fdsess%3DChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA%26ref%3D%26domain%3Dmail-download-file.xyz%26token%3D1ff6974c8a66fc8f0dde9946bd6f2045%26drid%3Das-drid-2464369813134582&referer=http%3A%2F%2Fmail-download-file.xyz%2F
Frame ID: B46907181EAC7E2D7D78BF3EF74D2D2A
Requests: 2 HTTP requests in this frame

Frame: http://050005.voodoo.com/status.php?domain=mail-download-file.xyz&trackingtoken=1ff6974c8a66fc8f0dde9946bd6f2045&status=caf&u_his=2&u_h=1200&u_w=1600&d_h=1200&d_w=1600&u_top=0&u_left=0&http_referrer=http%3A%2F%2Fmail-download-file.xyz%2F
Frame ID: 4A462F0F672099972CCF8EF5C0AF459D
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/js/bg/G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
Frame ID: A5CE42EC27FB7C106F7BC3804BADBA4E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/js/bg/G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
Frame ID: 32D1EEA06763239C9901205631FB45C3
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/js/bg/G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
Frame ID: D2F8AC15B3300919B49B7E8B81A14D1E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/js/bg/G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
Frame ID: 79BD5C33A424760455F4C43B53DE82F9
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

30
Requests

63 %
HTTPS

57 %
IPv6

7
Domains

8
Subdomains

7
IPs

3
Countries

344 kB
Transfer

674 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
mail-download-file.xyz/
794 B
1 KB
Document
General
Full URL
http://mail-download-file.xyz/
Protocol
HTTP/1.1
Server
74.117.219.198 , Cayman Islands, ASN53997 (DNC-HOLDINGS-INC, US),
Reverse DNS
Software
nginx /
Resource Hash
8ba09ba5217a1cef3033e1e419795c010ae67782abbe8a0ababb1e8edbb13c04

Request headers

Host
mail-download-file.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Tue, 01 Jun 2021 16:06:49 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMLl0RJYcDS0N2xIgi01rOAcEtvCUTUq+IuNz5PA8eXYsfPLRkgnNehO+NbOZAlLoQnSpB5rXuRxRCTF+T1iU9sCAwEAAQ==_FzrU0O/DzPHwhUHqvo1zsrZd6OYhY/CKmMbfkIpM4HkqpULVsnDaZNpBRyCVeu0ugpO2Xos2NXdjGtQoX27wGQ==
Content-Encoding
gzip
partner.js
050005.voodoo.com/js/
4 KB
2 KB
Script
General
Full URL
http://050005.voodoo.com/js/partner.js
Requested by
Host: mail-download-file.xyz
URL: http://mail-download-file.xyz/
Protocol
HTTP/1.1
Server
192.64.147.158 , United States, ASN19867 (VOODOO1, US),
Reverse DNS
192.64.147.158.voodoo.com
Software
Apache/2.2.3 (CentOS) / PHP/5.3.8
Resource Hash
1a491221ddfe84fdc206fb26c682ecf0f07ac530e6116c9f841699aeb6e3ace4

Request headers

Referer
http://mail-download-file.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 01 Jun 2021 16:06:50 GMT
Content-Encoding
gzip
Last-Modified
Mon, 24 May 2021 16:06:50 GMT
Server
Apache/2.2.3 (CentOS)
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMLl0RJYcDS0N2xIgi01rOAcEtvCUTUq+IuNz5PA8eXYsfPLRkgnNehO+NbOZAlLoQnSpB5rXuRxRCTF+T1iU9sCAwEAAQ==_sDzdmXzeqEhjvj0JdTVitFpua+YHRhv9DRXcZxIPa/wDyAjt/pyHGdISzGGw3cUTEmYj7p48YLJQa5qpBjbIhQ==
X-Powered-By
PHP/5.3.8
Vary
Accept-Encoding,User-Agent
P3P
CP="CAO PSA OUR"
Connection
close
Content-Type
text/javascript
Content-Length
1504
Expires
Thu, 9 Dec 1993 00:00:00
show_afd_ads.js
pagead2.googlesyndication.com/apps/domainpark/
3 KB
2 KB
Script
General
Full URL
http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js
Requested by
Host: 050005.voodoo.com
URL: http://050005.voodoo.com/js/partner.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5bfe95d0b1aaba7381b62b6115184b9d0db623917aa589d664dae861667793cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://mail-download-file.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 01 Jun 2021 16:06:50 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
sffe
ETag
"6126896914240740145"
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Cache-Control
private, max-age=3600
Cross-Origin-Resource-Policy
cross-origin
Accept-Ranges
bytes
Content-Length
1437
X-XSS-Protection
0
Expires
Tue, 01 Jun 2021 16:06:50 GMT
ads
www.google.com/dp/
151 B
302 B
XHR
General
Full URL
https://www.google.com/dp/ads?output=afd_ads&client=dp-voodoo21_3ph&domain_name=mail-download-file.xyz&afdt=create&swp=as-drid-2464369813134582&dt=1622563610183&u_tz=120&u_his=2&u_h=1200&u_w=1600&frm=0
Requested by
Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
54b09e5f23bc52a6ebea561204c60a7ca0c256e7da332384b9eb6baec81c5984
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://mail-download-file.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:50 GMT
content-encoding
br
server
gws
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
*
cache-control
private, max-age=3600
content-disposition
inline
content-type
application/json; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
136
x-xss-protection
0
expires
Tue, 01 Jun 2021 16:06:50 GMT
partner.php
050005.voodoo.com/ Frame F5D6
14 KB
5 KB
Document
General
Full URL
http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
Requested by
Host: 050005.voodoo.com
URL: http://050005.voodoo.com/js/partner.js
Protocol
HTTP/1.1
Server
192.64.147.158 , United States, ASN19867 (VOODOO1, US),
Reverse DNS
192.64.147.158.voodoo.com
Software
Apache/2.2.3 (CentOS) / PHP/5.3.8
Resource Hash
e2a2eb231650c39dbcc6367a21da1da8cc5e741c7d22a51e02312dcc4077a500

Request headers

Host
050005.voodoo.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://mail-download-file.xyz/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://mail-download-file.xyz/

Response headers

Date
Tue, 01 Jun 2021 16:06:50 GMT
Server
Apache/2.2.3 (CentOS)
X-Powered-By
PHP/5.3.8
Cache-Control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires
Mon, 31 Dec 2001 7:32:00 GMT
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
P3P
CP="CAO PSA OUR"
Pragma
no-cache
Content-Length
4751
Connection
close
Content-Type
text/html; charset=UTF-8
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.2/ Frame F5D6
91 KB
33 KB
Script
General
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js
Requested by
Host: 050005.voodoo.com
URL: http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
Protocol
HTTP/1.1
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 01 Jun 2021 09:37:52 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
23338
Cross-Origin-Resource-Policy
cross-origin
Content-Length
33621
X-XSS-Protection
0
Last-Modified
Tue, 03 Mar 2020 19:15:00 GMT
Server
sffe
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Wed, 01 Jun 2022 09:37:52 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.7.2/ Frame F5D6
93 KB
93 KB
Script
General
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Requested by
Host: 050005.voodoo.com
URL: http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
Protocol
HTTP/1.1
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 01 Jun 2021 15:11:21 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 03 Mar 2020 19:15:00 GMT
Server
sffe
Age
3329
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Cross-Origin-Resource-Policy
cross-origin
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
94840
X-XSS-Protection
0
Expires
Wed, 01 Jun 2022 15:11:21 GMT
caf.js
050005.voodoo.com/js/ Frame F5D6
8 KB
3 KB
Script
General
Full URL
http://050005.voodoo.com/js/caf.js
Requested by
Host: 050005.voodoo.com
URL: http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
Protocol
HTTP/1.1
Server
192.64.147.158 , United States, ASN19867 (VOODOO1, US),
Reverse DNS
192.64.147.158.voodoo.com
Software
Apache/2.2.3 (CentOS) / PHP/5.3.8
Resource Hash
5cd5a07b3182874ae2d7c446f05de7543680eb02d7c516cf3942395cd92f076d

Request headers

Referer
http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 01 Jun 2021 16:06:50 GMT
Content-Encoding
gzip
Server
Apache/2.2.3 (CentOS)
X-Powered-By
PHP/5.3.8
Vary
Accept-Encoding,User-Agent
P3P
CP="CAO PSA OUR"
Connection
close
Content-Type
text/html; charset=UTF-8
Content-Length
2533
caf.js
www.google.com/adsense/domains/ Frame F5D6
168 KB
60 KB
Script
General
Full URL
http://www.google.com/adsense/domains/caf.js
Requested by
Host: 050005.voodoo.com
URL: http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
Protocol
HTTP/1.1
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5e9d7688d3b4d14a501ae0d9bedff48a41b36ce23baddaea1f6c2c26ceb4078
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 01 Jun 2021 16:06:50 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Server
sffe
X-Content-Type-Options
nosniff
ETag
"6006595276363939588"
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Content-Type
text/javascript; charset=UTF-8
Cache-Control
private, max-age=3600
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Accept-Ranges
bytes
X-XSS-Protection
0
Expires
Tue, 01 Jun 2021 16:06:50 GMT
parked_header.png
redirection20.directnic.com/assets/images/ Frame F5D6
46 KB
46 KB
Image
General
Full URL
http://redirection20.directnic.com/assets/images/parked_header.png
Requested by
Host: 050005.voodoo.com
URL: http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
Protocol
HTTP/1.1
Server
74.117.219.198 , Cayman Islands, ASN53997 (DNC-HOLDINGS-INC, US),
Reverse DNS
Software
nginx /
Resource Hash
f23c65d2cf0c22fdf0c6d6667aa9925b322860ae8846aac8b6a2c6950be3d5eb

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Tue, 01 Jun 2021 16:06:50 GMT
Last-Modified
Sun, 17 Nov 2019 19:59:05 GMT
Server
nginx
ETag
"5dd1a689-b6e8"
Content-Type
image/png
Cache-Control
max-age=31104000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
46824
Expires
Fri, 27 May 2022 16:06:50 GMT
dnic-search-bg.png
syndication.voodoo.com/images/ Frame F5D6
4 KB
5 KB
Image
General
Full URL
http://syndication.voodoo.com/images/dnic-search-bg.png
Requested by
Host: 050005.voodoo.com
URL: http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
Protocol
HTTP/1.1
Server
192.64.147.153 , United States, ASN19867 (VOODOO1, US),
Reverse DNS
192.64.147.153.voodoo.com
Software
Apache/2.2.3 (CentOS) /
Resource Hash
f1766d9c26242a6a17c856c3458e93d88f5ec85687be2b982d526fbe24c287f6

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 01 Jun 2021 16:06:51 GMT
Last-Modified
Wed, 03 Jul 2019 18:58:59 GMT
Server
Apache/2.2.3 (CentOS)
ETag
"117d-58ccb742e62c0"
P3P
CP="CAO PSA OUR"
Cache-Control
max-age=2592000, public
Connection
close
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
4477
Expires
Thu, 01 Jul 2021 16:06:51 GMT
iframe.html
www.google.com/afs/ads/i/ Frame 72D5
1 KB
669 B
Document
General
Full URL
https://www.google.com/afs/ads/i/iframe.html
Requested by
Host: www.google.com
URL: http://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9cf47a1a75063b1642d3d1c9b05eefb61fa3b2ab7deb18d8296c63bc726c8596
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-O7vYkftMWTaPwixWLnxMzw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/afs/ads/i/iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://050005.voodoo.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://050005.voodoo.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
content-security-policy
script-src 'nonce-O7vYkftMWTaPwixWLnxMzw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
cross-origin-resource-policy
cross-origin
content-length
639
date
Tue, 01 Jun 2021 16:06:50 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
last-modified
Mon, 25 May 2020 08:30:00 GMT
x-content-type-options
nosniff
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
iframe.html
www.google.com/afs/ads/i/ Frame AB0D
1 KB
671 B
Document
General
Full URL
https://www.google.com/afs/ads/i/iframe.html
Requested by
Host: www.google.com
URL: http://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33460b48ecd5f32324b21007872527ca513e3c8d47cd6c858c914550e53466fc
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-n0JiFK1qVuvHDMxHlyS8VQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/afs/ads/i/iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://050005.voodoo.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://050005.voodoo.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
content-security-policy
script-src 'nonce-n0JiFK1qVuvHDMxHlyS8VQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
cross-origin-resource-policy
cross-origin
content-length
641
date
Tue, 01 Jun 2021 16:06:50 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
last-modified
Mon, 25 May 2020 08:30:00 GMT
x-content-type-options
nosniff
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
iframe.html
www.google.com/afs/ads/i/ Frame 72BF
1 KB
668 B
Document
General
Full URL
https://www.google.com/afs/ads/i/iframe.html
Requested by
Host: www.google.com
URL: http://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d85e634ea8ce8de4b7b943b89e3ad01f94a3222512efb559b832965e2006537
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-roXxOhpbsA_FFdeKsT6bXQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/afs/ads/i/iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://050005.voodoo.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://050005.voodoo.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
content-security-policy
script-src 'nonce-roXxOhpbsA_FFdeKsT6bXQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
cross-origin-resource-policy
cross-origin
content-length
638
date
Tue, 01 Jun 2021 16:06:50 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
last-modified
Mon, 25 May 2020 08:30:00 GMT
x-content-type-options
nosniff
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
www.google.com/dp/ Frame B469
13 KB
8 KB
Document
General
Full URL
https://www.google.com/dp/ads?adtest=off&cpp=0&domain_name=mail-download-file.xyz&hl=ro&client=dp-voodoo21_3ph&r=m&max_radlink_len=32&swp=as-drid-2464369813134582&afdt=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300703%2C17300706%2C17300707&format=s%7Cr5%7Cr5%7Cr3&num=0&output=afd_ads&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1622563610907&u_w=1600&u_h=1200&biw=-12245933&bih=-12245933&isw=1600&ish=1200&psw=-1&psh=-1&frm=2&uio=sl1sr1--sa16sv16st22lt35-sa16sv16st22lt35-sa12st12&cont=related-3%7Crelated-2%7Crelated-1&csize=%7C%7C&inames=slave-1-1%7Cslave-2-1%7Cslave-3-1&jsv=27785&rurl=http%3A%2F%2F050005.voodoo.com%2Fpartner.php%3Fdsess%3DChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA%26ref%3D%26domain%3Dmail-download-file.xyz%26token%3D1ff6974c8a66fc8f0dde9946bd6f2045%26drid%3Das-drid-2464369813134582&referer=http%3A%2F%2Fmail-download-file.xyz%2F
Requested by
Host: www.google.com
URL: http://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
16b8ec474390cbb9fe8687cb046b09ad4159071a33deeb3d6c5452e7a5a73b5f
Security Headers
Name Value
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/dp/ads?adtest=off&cpp=0&domain_name=mail-download-file.xyz&hl=ro&client=dp-voodoo21_3ph&r=m&max_radlink_len=32&swp=as-drid-2464369813134582&afdt=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300703%2C17300706%2C17300707&format=s%7Cr5%7Cr5%7Cr3&num=0&output=afd_ads&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1622563610907&u_w=1600&u_h=1200&biw=-12245933&bih=-12245933&isw=1600&ish=1200&psw=-1&psh=-1&frm=2&uio=sl1sr1--sa16sv16st22lt35-sa16sv16st22lt35-sa12st12&cont=related-3%7Crelated-2%7Crelated-1&csize=%7C%7C&inames=slave-1-1%7Cslave-2-1%7Cslave-3-1&jsv=27785&rurl=http%3A%2F%2F050005.voodoo.com%2Fpartner.php%3Fdsess%3DChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA%26ref%3D%26domain%3Dmail-download-file.xyz%26token%3D1ff6974c8a66fc8f0dde9946bd6f2045%26drid%3Das-drid-2464369813134582&referer=http%3A%2F%2Fmail-download-file.xyz%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://050005.voodoo.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://050005.voodoo.com/

Response headers

content-type
text/html; charset=UTF-8
content-disposition
inline
date
Tue, 01 Jun 2021 16:06:50 GMT
expires
Tue, 01 Jun 2021 16:06:50 GMT
cache-control
private, max-age=3600
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding
br
server
gws
content-length
7864
x-xss-protection
0
set-cookie
CONSENT=PENDING+692; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
caf.js
www.google.com/adsense/domains/ Frame B469
168 KB
59 KB
Script
General
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: www.google.com
URL: https://www.google.com/dp/ads?adtest=off&cpp=0&domain_name=mail-download-file.xyz&hl=ro&client=dp-voodoo21_3ph&r=m&max_radlink_len=32&swp=as-drid-2464369813134582&afdt=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300703%2C17300706%2C17300707&format=s%7Cr5%7Cr5%7Cr3&num=0&output=afd_ads&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1622563610907&u_w=1600&u_h=1200&biw=-12245933&bih=-12245933&isw=1600&ish=1200&psw=-1&psh=-1&frm=2&uio=sl1sr1--sa16sv16st22lt35-sa16sv16st22lt35-sa12st12&cont=related-3%7Crelated-2%7Crelated-1&csize=%7C%7C&inames=slave-1-1%7Cslave-2-1%7Cslave-3-1&jsv=27785&rurl=http%3A%2F%2F050005.voodoo.com%2Fpartner.php%3Fdsess%3DChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA%26ref%3D%26domain%3Dmail-download-file.xyz%26token%3D1ff6974c8a66fc8f0dde9946bd6f2045%26drid%3Das-drid-2464369813134582&referer=http%3A%2F%2Fmail-download-file.xyz%2F
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
221b8a609db9bdd4b8145ee0f246f91864eb744200dcd3da53f7eb94a2c2b9d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1118212604869738230"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Tue, 01 Jun 2021 16:06:51 GMT
bullet_doublearrow_orange.png
afs.googleusercontent.com/dp-voodoo/ Frame 72BF
896 B
1 KB
Image
General
Full URL
https://afs.googleusercontent.com/dp-voodoo/bullet_doublearrow_orange.png
Requested by
Host: www.google.com
URL: https://www.google.com/dp/ads?adtest=off&cpp=0&domain_name=mail-download-file.xyz&hl=ro&client=dp-voodoo21_3ph&r=m&max_radlink_len=32&swp=as-drid-2464369813134582&afdt=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300703%2C17300706%2C17300707&format=s%7Cr5%7Cr5%7Cr3&num=0&output=afd_ads&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1622563610907&u_w=1600&u_h=1200&biw=-12245933&bih=-12245933&isw=1600&ish=1200&psw=-1&psh=-1&frm=2&uio=sl1sr1--sa16sv16st22lt35-sa16sv16st22lt35-sa12st12&cont=related-3%7Crelated-2%7Crelated-1&csize=%7C%7C&inames=slave-1-1%7Cslave-2-1%7Cslave-3-1&jsv=27785&rurl=http%3A%2F%2F050005.voodoo.com%2Fpartner.php%3Fdsess%3DChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA%26ref%3D%26domain%3Dmail-download-file.xyz%26token%3D1ff6974c8a66fc8f0dde9946bd6f2045%26drid%3Das-drid-2464369813134582&referer=http%3A%2F%2Fmail-download-file.xyz%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f51944cc7f8309ad0b375720813c3f17969701741b6315583b1d3faddedf482c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 31 May 2021 22:10:33 GMT
x-content-type-options
nosniff
last-modified
Wed, 10 Apr 2013 22:28:15 GMT
server
sffe
age
64578
content-type
image/png
cache-control
public, max-age=82800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
896
x-xss-protection
0
expires
Tue, 01 Jun 2021 21:10:33 GMT
Cookie set status.php
050005.voodoo.com/ Frame 4A46
0
529 B
Document
General
Full URL
http://050005.voodoo.com/status.php?domain=mail-download-file.xyz&trackingtoken=1ff6974c8a66fc8f0dde9946bd6f2045&status=caf&u_his=2&u_h=1200&u_w=1600&d_h=1200&d_w=1600&u_top=0&u_left=0&http_referrer=http%3A%2F%2Fmail-download-file.xyz%2F
Requested by
Host: 050005.voodoo.com
URL: http://050005.voodoo.com/js/caf.js
Protocol
HTTP/1.1
Server
192.64.147.158 , United States, ASN19867 (VOODOO1, US),
Reverse DNS
192.64.147.158.voodoo.com
Software
Apache/2.2.3 (CentOS) / PHP/5.3.8
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host
050005.voodoo.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://050005.voodoo.com/partner.php?dsess=ChMIjbfxvOj28AIVRYH9Bx3Rqg6dEkvcHWCRX6Fj04j7Z_nC9Mw5IaaomVLEaRQ1hsitf2xzNKP7-OzLvmY1ure0wWy2t-ZjcsyaUZNeG928pRyV7HVcCoLFctGFIAuMNMA&ref=&domain=mail-download-file.xyz&token=1ff6974c8a66fc8f0dde9946bd6f2045&drid=as-drid-2464369813134582

Response headers

Date
Tue, 01 Jun 2021 16:06:51 GMT
Server
Apache/2.2.3 (CentOS)
X-Powered-By
PHP/5.3.8
Set-Cookie
session=1ff6974c8a66fc8f0dde9946bd6f2045; expires=Tue, 01-Jun-2021 16:36:51 GMT; path=/
Cache-Control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires
Mon, 31 Dec 2001 7:32:00 GMT
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
P3P
CP="CAO PSA OUR"
Pragma
no-cache
Content-Length
20
Connection
close
Content-Type
text/html; charset=UTF-8
G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
www.google.com/js/bg/ Frame A5CE
14 KB
6 KB
Script
General
Full URL
https://www.google.com/js/bg/G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b62ce0d201d75d16a6a1e458484e2e1f0d2b233ea2ca3cfd95e068070f8cf62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 12:02:53 GMT
content-encoding
br
x-content-type-options
nosniff
age
14638
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5733
x-xss-protection
0
last-modified
Tue, 25 May 2021 09:00:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 01 Jun 2022 12:02:53 GMT
G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
www.google.com/js/bg/ Frame 32D1
14 KB
6 KB
Script
General
Full URL
https://www.google.com/js/bg/G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b62ce0d201d75d16a6a1e458484e2e1f0d2b233ea2ca3cfd95e068070f8cf62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 12:02:53 GMT
content-encoding
br
x-content-type-options
nosniff
age
14638
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5733
x-xss-protection
0
last-modified
Tue, 25 May 2021 09:00:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 01 Jun 2022 12:02:53 GMT
G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
www.google.com/js/bg/ Frame D2F8
14 KB
6 KB
Script
General
Full URL
https://www.google.com/js/bg/G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b62ce0d201d75d16a6a1e458484e2e1f0d2b233ea2ca3cfd95e068070f8cf62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 12:02:53 GMT
content-encoding
br
x-content-type-options
nosniff
age
14638
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5733
x-xss-protection
0
last-modified
Tue, 25 May 2021 09:00:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 01 Jun 2022 12:02:53 GMT
G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
www.google.com/js/bg/ Frame 79BD
14 KB
6 KB
Script
General
Full URL
https://www.google.com/js/bg/G2LODSAdddFqah5FhITi4fDSsjPqLKPP2V4GgHD4z2I.js
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b62ce0d201d75d16a6a1e458484e2e1f0d2b233ea2ca3cfd95e068070f8cf62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 12:02:53 GMT
content-encoding
br
x-content-type-options
nosniff
age
14638
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5733
x-xss-protection
0
last-modified
Tue, 25 May 2021 09:00:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 01 Jun 2022 12:02:53 GMT
gen_204
www.google.com/afs/ Frame F5D6
0
21 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-voodoo21_3ph&output=uds_ads_only&zx=tb3fnplyfx8o&aqid=Glu2YNqRPJLT3gOUi4P4Dg&pbt=bs&adbx=939&adby=145&adbh=28&adbw=300&adbn=master-1&eawp=partner-dp-voodoo21_3ph&errv=2778577214847641062&csadii=32&csadr=205&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:52 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/ Frame F5D6
0
21 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-voodoo21_3ph&output=uds_ads_only&zx=8o515opoboqt&pbt=bs&adbx=344&adby=228&adbh=326&adbw=454&adbn=slave-1-1&eawp=partner-dp-voodoo21_3ph&errv=2778577214847641062&csadii=30&csadr=208&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:52 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/ Frame F5D6
0
21 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-voodoo21_3ph&output=uds_ads_only&zx=te2ed73e8upb&pbt=bs&adbx=802&adby=228&adbh=326&adbw=454&adbn=slave-2-1&eawp=partner-dp-voodoo21_3ph&errv=2778577214847641062&csadii=27&csadr=211&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:52 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/ Frame F5D6
0
21 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-voodoo21_3ph&output=uds_ads_only&zx=d22t4qo0k4c8&pbt=bs&adbx=321&adby=185&adbh=22&adbw=958&adbn=slave-3-1&eawp=partner-dp-voodoo21_3ph&errv=2778577214847641062&csadii=24&csadr=214&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:52 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/ Frame F5D6
0
21 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-voodoo21_3ph&output=uds_ads_only&zx=scp2dsrg4o0e&aqid=Glu2YNqRPJLT3gOUi4P4Dg&pbt=bv&adbx=939&adby=145&adbh=28&adbw=300&adbn=master-1&eawp=partner-dp-voodoo21_3ph&errv=2778577214847641062&csadii=32&csadr=205&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:53 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/ Frame F5D6
0
21 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-voodoo21_3ph&output=uds_ads_only&zx=e8duyofx241l&pbt=bv&adbx=344&adby=228&adbh=326&adbw=454&adbn=slave-1-1&eawp=partner-dp-voodoo21_3ph&errv=2778577214847641062&csadii=30&csadr=208&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:53 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/ Frame F5D6
0
21 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-voodoo21_3ph&output=uds_ads_only&zx=iin8jiu0bh8o&pbt=bv&adbx=802&adby=228&adbh=326&adbw=454&adbn=slave-2-1&eawp=partner-dp-voodoo21_3ph&errv=2778577214847641062&csadii=27&csadr=211&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:53 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/ Frame F5D6
0
21 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-voodoo21_3ph&output=uds_ads_only&zx=ydsgjpikndz7&pbt=bv&adbx=321&adby=185&adbh=22&adbw=958&adbn=slave-3-1&eawp=partner-dp-voodoo21_3ph&errv=2778577214847641062&csadii=24&csadr=214&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://050005.voodoo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 16:06:53 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| pM string| token object| google_afd_request function| google_afd_ad_request_done object| vrs number| googleNDT_ string| _googCsaExpIds number| _googCsaAlwaysHttps number| _googEnableCcpaForCanoeV2 number| _enableLazyLoading number| _googEnableQup number| _googErrorTurnOffPersonalization number| _googTimeoutTurnOffPersonalization string| _googLazyLoadingDenyList string| _googLazyLoadingEnableList number| _googLazyLoadingRootMargin number| _googUspApiTimeout number| googleAltLoader

0 Cookies

6 Console Messages

Source Level URL
Text
console-api log URL: http://050005.voodoo.com/js/partner.js(Line 12)
Message:
[object Object]
console-api log URL: http://050005.voodoo.com/js/caf.js(Line 77)
Message:
requestAccepted in cafCallback
console-api log URL: http://050005.voodoo.com/js/caf.js(Line 78)
Message:
[object Object]
console-api log URL: http://050005.voodoo.com/js/caf.js(Line 21)
Message:
[object Object]
console-api log URL: http://050005.voodoo.com/js/caf.js(Line 22)
Message:
[object Object]
console-api log URL: http://050005.voodoo.com/js/caf.js(Line 24)
Message:
requestAccepted

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

050005.voodoo.com
afs.googleusercontent.com
ajax.googleapis.com
mail-download-file.xyz
pagead2.googlesyndication.com
redirection20.directnic.com
syndication.voodoo.com
www.google.com
192.64.147.153
192.64.147.158
2a00:1450:4001:801::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:827::2004
2a00:1450:4001:82a::200a
74.117.219.198
16b8ec474390cbb9fe8687cb046b09ad4159071a33deeb3d6c5452e7a5a73b5f
1a491221ddfe84fdc206fb26c682ecf0f07ac530e6116c9f841699aeb6e3ace4
1b62ce0d201d75d16a6a1e458484e2e1f0d2b233ea2ca3cfd95e068070f8cf62
221b8a609db9bdd4b8145ee0f246f91864eb744200dcd3da53f7eb94a2c2b9d2
33460b48ecd5f32324b21007872527ca513e3c8d47cd6c858c914550e53466fc
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
54b09e5f23bc52a6ebea561204c60a7ca0c256e7da332384b9eb6baec81c5984
5bfe95d0b1aaba7381b62b6115184b9d0db623917aa589d664dae861667793cd
5cd5a07b3182874ae2d7c446f05de7543680eb02d7c516cf3942395cd92f076d
8ba09ba5217a1cef3033e1e419795c010ae67782abbe8a0ababb1e8edbb13c04
8d85e634ea8ce8de4b7b943b89e3ad01f94a3222512efb559b832965e2006537
9cf47a1a75063b1642d3d1c9b05eefb61fa3b2ab7deb18d8296c63bc726c8596
a5e9d7688d3b4d14a501ae0d9bedff48a41b36ce23baddaea1f6c2c26ceb4078
e2a2eb231650c39dbcc6367a21da1da8cc5e741c7d22a51e02312dcc4077a500
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1766d9c26242a6a17c856c3458e93d88f5ec85687be2b982d526fbe24c287f6
f23c65d2cf0c22fdf0c6d6667aa9925b322860ae8846aac8b6a2c6950be3d5eb
f51944cc7f8309ad0b375720813c3f17969701741b6315583b1d3faddedf482c
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729