simplyludovick.tw Open in urlscan Pro
157.245.79.75 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://v.ht/n9bZc
Effective URL:
https://simplyludovick.tw/?p=me2tsylggm5gi3bpgi2tmma&sub1=cridles&sub2=flickss
Submission Tags: falconsandbox
Submission: On February 25 via api (February 25th 2021, 4:36:34 am UTC) from US

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 5 countries across 12 domains to perform 21 HTTP transactions. The main IP is 157.245.79.75, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is simplyludovick.tw.
TLS certificate: Issued by R3 on February 18th 2021. Valid for: 3 months.

This is the only time simplyludovick.tw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	69.61.26.121 69.61.26.121	141518 (SUBHOST-A...) (SUBHOST-AS-IN Subhosting Innovations Pvt Ltd)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1 1	192.185.113.226 192.185.113.226	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	51.89.92.108 51.89.92.108	16276 (OVH) (OVH)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1 2	51.195.108.239 51.195.108.239	16276 (OVH) (OVH)
1	157.245.79.75 157.245.79.75	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
21	13

1 69.61.26.121 (United States)

ASN141518 (SUBHOST-AS-IN Subhosting Innovations Pvt Ltd, IN)

v.ht	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

58ebeff9e4bca1a5a29681acc4b102a4.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.185.113.226 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-113-226.unifiedlayer.com

elimkids.edu.np	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.92.108 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: cloud.msk.network

for.dontkinhooot.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.195.108.239 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: cloud.msk.network

click.travelfornamewalking.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.245.79.75 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

simplyludovick.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	googlesyndication.com 58ebeff9e4bca1a5a29681acc4b102a4.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	25 KB
2	travelfornamewalking.ga click.travelfornamewalking.ga Failed	973 B
2	doubleclick.net securepubads.g.doubleclick.net	103 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	simplyludovick.tw simplyludovick.tw	12 KB
1	dontkinhooot.tw for.dontkinhooot.tw	777 B
1	elimkids.edu.np 1 redirects elimkids.edu.np	282 B
1	google.com adservice.google.com	553 B
1	google.de adservice.google.de	799 B
1	googletagmanager.com www.googletagmanager.com	39 KB
1	googletagservices.com www.googletagservices.com	19 KB
1	v.ht v.ht	2 KB
21	12

	Domain	Requested by
3	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
2	click.travelfornamewalking.ga	for.dontkinhooot.tw click.travelfornamewalking.ga
2	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	simplyludovick.tw	click.travelfornamewalking.ga
1	for.dontkinhooot.tw	v.ht
1	elimkids.edu.np	1 redirects
1	58ebeff9e4bca1a5a29681acc4b102a4.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.googletagmanager.com	v.ht
1	www.googletagservices.com	v.ht
1	v.ht
21	14

This site contains no links.

Subject Issuer	Validity	Valid
www.v.ht Let's Encrypt Authority X3	`2020-12-01` - `2021-03-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
for.dontkinhooot.tw R3	`2021-02-09` - `2021-05-10`	3 months	crt.sh
click.travelfornamewalking.ga R3	`2021-02-01` - `2021-05-02`	3 months	crt.sh
simplyludovick.tw R3	`2021-02-18` - `2021-05-19`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://simplyludovick.tw/?p=me2tsylggm5gi3bpgi2tmma&sub1=cridles&sub2=flickss
Frame ID: 8F021F7AA6A53E87C4A25BF6CC11BCD8
Requests: 20 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: C9737562A265E6B7018CDC86BC5DC6BB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://v.ht/n9bZc Page URL
http://elimkids.edu.np/pdfj/xoj/qvo/xoa/bhg/tft/missing/contact_form.php/bwb/nfeq/?opposite=w1r1r2c... HTTP 302
https://for.dontkinhooot.tw/walkers?id=0092 Page URL
https://click.travelfornamewalking.ga/zet.php?id=5572594&sid=5954452&uid=5115232 Page URL
https://click.travelfornamewalking.ga/ner.php?v=325&id=524567 HTTP 302
https://simplyludovick.tw/?p=me2tsylggm5gi3bpgi2tmma&sub1=cridles&sub2=flickss Page URL

Page Statistics

21
Requests

90 %
HTTPS

54 %
IPv6

12
Domains

14
Subdomains

13
IPs

5
Countries

222 kB
Transfer

560 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://v.ht/n9bZc Page URL
http://elimkids.edu.np/pdfj/xoj/qvo/xoa/bhg/tft/missing/contact_form.php/bwb/nfeq/?opposite=w1r1r2cws00p HTTP 302
https://for.dontkinhooot.tw/walkers?id=0092 Page URL
https://click.travelfornamewalking.ga/zet.php?id=5572594&sid=5954452&uid=5115232 Page URL
https://click.travelfornamewalking.ga/ner.php?v=325&id=524567 HTTP 302
https://simplyludovick.tw/?p=me2tsylggm5gi3bpgi2tmma&sub1=cridles&sub2=flickss Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

http://elimkids.edu.np/pdfj/xoj/qvo/xoa/bhg/tft/missing/contact_form.php/bwb/nfeq/?opposite=w1r1r2cws00p HTTP 302
https://for.dontkinhooot.tw/walkers?id=0092

21 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK n9bZc Show response
v.ht/ 3 KB
2 KB 751ms
321ms Document
text/html 69.61.26.121
SUBHOST-AS-IN Sub...

General

Check archive.org

Show headers Download Go to

Full URL

https://v.ht/n9bZc

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.61.26.121 , United States, ASN141518 (SUBHOST-AS-IN Subhosting Innovations Pvt Ltd, IN),

Reverse DNS

Software

Hotcores.com /

Resource Hash

34aae4569320883f349b5337ee33211bc0108b82779d01c9b00bbfa3974d581f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Host: v.ht
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: Hotcores.com
Date: Thu, 25 Feb 2021 04:36:15 GMT
Content-Type: text/html; Charset=UTF-8;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Robots-Tag: noindex, nofollow
I-AM: Alpha
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 56 KB
19 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: v.ht
URL: https://v.ht/n9bZc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02caad24b4a8e4689ddeb02380ddcf42e8105ea0b7b0ba073ff8fbd7b3a5fe3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Feb 2021 04:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "794 / 555 of 1000 / last-modified: 1614208158"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19433
x-xss-protection: 0
expires: Thu, 25 Feb 2021 04:36:16 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 18ms
18ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-31510493-3

Requested by

Host: v.ht
URL: https://v.ht/n9bZc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fa4745b062dad3ef1fac61ab172b1e61b02ba13df5cc9c9299b01a2474f78477

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Feb 2021 04:36:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39387
x-xss-protection: 0
last-modified: Thu, 25 Feb 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 25 Feb 2021 04:36:16 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 2020
date: Thu, 25 Feb 2021 04:02:36 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Thu, 25 Feb 2021 06:02:36 GMT

GET
H2 200 pubads_impl_2021022201.js Show response
securepubads.g.doubleclick.net/gpt/ 290 KB
102 KB 80ms
29ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021022201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

c979556e6d59f675264f916e5fe174676eabca2942f2fda0d758d0c3cf46849f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Feb 2021 04:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Feb 2021 09:37:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104000
x-xss-protection: 0
expires: Thu, 25 Feb 2021 04:36:16 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
117 B 13ms
12ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=1436462873&t=pageview&_s=1&dl=https%3A%2F%2Fv.ht%2Fn9bZc&ul=en-us&de=UTF-8&dt=n9bZc&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1187291599&gjid=678922614&cid=596952284.1614227776&tid=UA-31510493-3&_gid=2061552708.1614227776&_r=1&gtm=2ou2h0&z=340220989

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 25 Feb 2021 04:36:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://v.ht
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js
adservice.google.de/adsid/ 107 B
799 B 37ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=v.ht

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021022201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Feb 2021 04:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js
adservice.google.com/adsid/ 107 B
553 B 36ms
14ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=v.ht

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021022201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Feb 2021 04:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads
securepubads.g.doubleclick.net/gampad/ 433 B
932 B 86ms
58ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2871016406634714&correlator=1527765584292146&output=ldjh&impl=fif&eid=21068530%2C21068891%2C21069919%2C44733567&vrg=2021022201&ptt=17&sc=1&sfv=1-0-37&ecs=20210225&iu_parts=5837603%2CVht_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1614227776&dt=1614227776185&dlt=1614227775987&idt=179&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=495576698&ucis=1&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fv.ht%2Fn9bZc&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x423&msz=0x0&ga_vid=596952284.1614227776&ga_sid=1614227776&ga_hid=1436462873&fws=128&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021022201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Feb 2021 04:36:16 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://v.ht
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
58ebeff9e4bca1a5a29681acc4b102a4.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 49ms
14ms Other
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://58ebeff9e4bca1a5a29681acc4b102a4.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021022201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 27ms
7ms Other
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021022201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H/1.1

200
OK

walkers
for.dontkinhooot.tw/
Redirect Chain

http://elimkids.edu.np/pdfj/xoj/qvo/xoa/bhg/tft/missing/contact_form.php/bwb/nfeq/?opposite=w1r1r2cws00p
https://for.dontkinhooot.tw/walkers?id=0092

952 B
777 B

182ms
103ms

Document
text/html

51.89.92.108
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://for.dontkinhooot.tw/walkers?id=0092
Requested by: Host: v.ht
URL: https://v.ht/n9bZc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.89.92.108 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: cloud.msk.network
Software: nginx /
Resource Hash

Request headers

Host: for.dontkinhooot.tw
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://v.ht/n9bZc

Response headers

Server: nginx
Date: Thu, 25 Feb 2021 04:36:17 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip

Redirect headers

Date: Thu, 25 Feb 2021 04:36:16 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://for.dontkinhooot.tw/walkers?id=0092
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

GET
H2 200 sodar
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 37ms
17ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021022201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021022201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 25 Feb 2021 04:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6430
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 42ms
27ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021022201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Feb 2021 04:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Thu, 25 Feb 2021 04:36:16 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/221/ Frame C973 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://v.ht/n9bZc
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://v.ht/n9bZc

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Wed, 24 Feb 2021 23:07:54 GMT
expires: Thu, 24 Feb 2022 23:07:54 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19702
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 LmfE5ZMlM8QjZWyylbaJdeYzodpJKK3mlCt6sCr3jaw.js
pagead2.googlesyndication.com/bg/ Frame C973 14 KB
6 KB 54ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LmfE5ZMlM8QjZWyylbaJdeYzodpJKK3mlCt6sCr3jaw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 24 Feb 2021 22:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 11:15:00 GMT
server: sffe
age: 20578
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6256
x-xss-protection: 0
expires: Thu, 24 Feb 2022 22:53:18 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
224 B 28ms
28ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021022201&jk=2871016406634714&bg=!urmlufrNAAXB_3NtwTsAKQB2-Dxa-jawvqwYT1F_DEqTVqZBhL0f9RSqIY9WHezEWPhOGWQ7U9GkAgAAAD5SAAAACWgBBwoBXf7PtB5WH0DEy5M-Aed8wSFVI2Qfh2DgrQfA8cs-IFPY82f0sFf8XkquCRLHVDXvq281JwbBCNHls1QUXbhv-AUNx8aOrwvK6dfTVCXogxYyosMq53-eU-aQp8qQBFSNmI3z41DOoS-OIW8XujrkhuEuP97YEuK33r2nMboMu4RB6LM1BouCZEJutrKitbA4_R4sjpyB0TrGQYRJrMs1z6EkqdPzcR8NmRCZo3Inv8EhaYUhoL2rD16dqKpUvWkakBCxEwo0dbK3KXHHK52qk1IZGiGOogryRvREJSdTGRbbBjX6nZ5HSlZUv6ymEZPZpYN14zwIcizrS9OgHU-fc3rjtDyzBIxl_CAhOTog9IPyptXH-sAf7BzfciTl1ikA31C6F9BkCOTs8xOokDsPhpSFvlcOP32oQv18cQp1sYtjNpaUiArBytp9FEYGbhVjZS2FB_w9522S8pP3vpqZAbtGP6IDiutSIeS-41Ptme9C6LkfTU4zD8vHogJa898aCeHpvmxsH_ftstkOisrH9K2C7a8mlOqZhg-eUkI6UDF0C5giiwpFQuk07rp67x3i-tvZ2VnwpnfFConm-cc-9Bz_koNgd80y-hXPfvELioZdvyxFuZwwCvVYZc7-tgWN57oOrjQRAnfhOv1hIdzlx90Hfrs5Bt5aQ8f6l7kN87xxYCngLB42ueyuYSRqhnS_UJf-RgKDOjc565NCzeXtZSRQ8ui0n56srCONhtHecAgDDoulUVvRixhcUYaKr7M2BIjUk7PPSENeEeRERq_y7B9Uc6gSyq9-3_40JC5LVtBKb6be6Y2QlO6Ev7MUTgDTxJqJfHE8pchlhEfHlgJCG40OuYUQ-264DVJTM22QWdlXhYXSbMIW5aqqclS2JRsmkTo3HgaylW6cbf-s08N1fLMbBouzd9F7gusD_hkocnvnrWHe5OHGCFZsW6P3h5YksCrt3-srn037Wg1Qb7WVMD3mh1ISRTLiF1hQqG0lVk4ij4Ln81LYYXTxtP3XdaMGRW5yBhytaqCqQbMzrC17fraXQyCcFts3OPuEwQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://v.ht/n9bZc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 25 Feb 2021 04:36:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET zet.php
click.travelfornamewalking.ga/ 0
0

GET
H/1.1 200
OK zet.php Show response
click.travelfornamewalking.ga/ 470 B
676 B 103ms
35ms Document
text/html 51.195.108.239
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://click.travelfornamewalking.ga/zet.php?id=5572594&sid=5954452&uid=5115232
Requested by: Host: for.dontkinhooot.tw
URL: https://for.dontkinhooot.tw/walkers?id=0092
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.195.108.239 , France, ASN16276 (OVH, FR),
Reverse DNS: cloud.msk.network
Software: nginx / PHP/5.4.16
Resource Hash: 9ffada0249a2361453e1b9bfa9b3cae69f59c558dde1cce9952dfe79bc2fa27d

Request headers

Host: click.travelfornamewalking.ga
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://for.dontkinhooot.tw/walkers?id=0092
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://for.dontkinhooot.tw/walkers?id=0092

Response headers

Server: nginx
Date: Thu, 25 Feb 2021 04:36:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 470
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.16

GET ner.php
click.travelfornamewalking.ga/ 0
0

GET
H2

200

Primary Request / Show response
simplyludovick.tw/
Redirect Chain

https://click.travelfornamewalking.ga/ner.php?v=325&id=524567
https://simplyludovick.tw/?p=me2tsylggm5gi3bpgi2tmma&sub1=cridles&sub2=flickss

12 KB
12 KB

159ms
32ms

Document
text/html

157.245.79.75
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://simplyludovick.tw/?p=me2tsylggm5gi3bpgi2tmma&sub1=cridles&sub2=flickss

Requested by

Host: click.travelfornamewalking.ga
URL: https://click.travelfornamewalking.ga/zet.php?id=5572594&sid=5954452&uid=5115232

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

157.245.79.75 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

566585d4489030db32e3dcabc1c418a2cf62c402c1a802509fbd5a47779d7ee0

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: simplyludovick.tw
:scheme: https
:path: /?p=me2tsylggm5gi3bpgi2tmma&sub1=cridles&sub2=flickss
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://click.travelfornamewalking.ga/zet.php?id=5572594&sid=5954452&uid=5115232
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://click.travelfornamewalking.ga/zet.php?id=5572594&sid=5954452&uid=5115232

Response headers

server: nginx
date: Thu, 25 Feb 2021 04:36:17 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=3f665ae2-852f-4a5f-b3e0-d7be8734c73f; expires=Sat, 27-Mar-2021 04:36:17 GMT; Max-Age=2592000; path=/; domain=simplyludovick.tw
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests

Redirect headers

Server: nginx
Date: Thu, 25 Feb 2021 04:36:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.16
Location: https://simplyludovick.tw/?p=me2tsylggm5gi3bpgi2tmma&sub1=cridles&sub2=flickss

GET
DATA 200
OK truncated
/ 748 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: click.travelfornamewalking.ga
URL: https://click.travelfornamewalking.ga/zet.php?id=5572594&sid=5954452&uid=5115232

Domain: click.travelfornamewalking.ga
URL: https://click.travelfornamewalking.ga/ner.php?v=325&id=524567

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.simplyludovick.tw/	1970-01-19 17:06:59	Name: uuid Value: 3f665ae2-852f-4a5f-b3e0-d7be8734c73f

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

58ebeff9e4bca1a5a29681acc4b102a4.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
click.travelfornamewalking.ga
elimkids.edu.np
for.dontkinhooot.tw
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
simplyludovick.tw
tpc.googlesyndication.com
v.ht
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
click.travelfornamewalking.ga
142.250.185.162
157.245.79.75
192.185.113.226
2a00:1450:4001:800::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:827::2008
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
51.195.108.239
51.89.92.108
69.61.26.121
02caad24b4a8e4689ddeb02380ddcf42e8105ea0b7b0ba073ff8fbd7b3a5fe3e
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
34aae4569320883f349b5337ee33211bc0108b82779d01c9b00bbfa3974d581f
566585d4489030db32e3dcabc1c418a2cf62c402c1a802509fbd5a47779d7ee0
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
9ffada0249a2361453e1b9bfa9b3cae69f59c558dde1cce9952dfe79bc2fa27d
a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23
c979556e6d59f675264f916e5fe174676eabca2942f2fda0d758d0c3cf46849f
fa4745b062dad3ef1fac61ab172b1e61b02ba13df5cc9c9299b01a2474f78477

simplyludovick.tw Open in urlscan Pro 157.245.79.75 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

21 Requests

90 %HTTPS

54 %IPv6

12 Domains

14 Subdomains

13 IPs

5 Countries

222 kBTransfer

560 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

simplyludovick.tw Open in urlscan Pro
157.245.79.75 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

90 %
HTTPS

54 %
IPv6

12
Domains

14
Subdomains

13
IPs

5
Countries

222 kB
Transfer

560 kB
Size

1
Cookies

21 HTTP transactions
1 data transactions