lbg3ncntw5z2.com Open in urlscan Pro
188.114.97.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://y9tocksyvbnd.com:443/
Effective URL:
https://lbg3ncntw5z2.com/QMRB9g
Submission: On October 24 via api (October 24th 2024, 1:05:28 am UTC) from US — Scanned from DE

Summary HTTP 39 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 4 countries across 15 domains to perform 39 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is lbg3ncntw5z2.com.
TLS certificate: Issued by WE1 on September 26th 2024. Valid for: 3 months.

This is the only time lbg3ncntw5z2.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	172.67.167.14 172.67.167.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	45.133.44.52 45.133.44.52	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	45.133.44.24 45.133.44.24	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	172.67.164.241 172.67.164.241	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	168.119.25.64 168.119.25.64	24940 (HETZNER-AS) (HETZNER-AS)
2	45.133.44.53 45.133.44.53	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	157.90.84.242 157.90.84.242	24940 (HETZNER-AS) (HETZNER-AS)
2	94.130.198.6 94.130.198.6	24940 (HETZNER-AS) (HETZNER-AS)
4	2a01:4f8:1060... 2a01:4f8:1060:13eb::2	24940 (HETZNER-AS) (HETZNER-AS)
3	2a02:b48:8301... 2a02:b48:8301::24	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	45.133.44.25 45.133.44.25	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
39	14

2 172.67.167.14 (United States)

ASN13335 (CLOUDFLARENET, US)

y9tocksyvbnd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

kordooso.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lbg3ncntw5z2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.52 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

js.mbidadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.133.44.24 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

bid.mbidtg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.164.241 (United States)

ASN13335 (CLOUDFLARENET, US)

storage.mbidstorage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 168.119.25.64 (Düsseldorf, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.64.25.119.168.clients.your-server.de

metricswpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.53 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

js.mbidinp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.90.84.242 (Ismaning, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.242.84.90.157.clients.your-server.de

fp.metricswpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.130.198.6 (Bendorf, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.6.198.130.94.clients.your-server.de

mbddip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a01:4f8:1060:13eb::2 (Germany)

ASN24940 (HETZNER-AS, DE)

mbdippex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:b48:8301::24 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

static.bookmsg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.133.44.25 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

gfxdn.pics	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	kordooso.net kordooso.net	21 KB
4	mbdippex.com mbdippex.com — Cisco Umbrella Rank: 174564	8 KB
3	bookmsg.com static.bookmsg.com — Cisco Umbrella Rank: 34001	5 KB
3	metricswpsh.com metricswpsh.com — Cisco Umbrella Rank: 34746 fp.metricswpsh.com — Cisco Umbrella Rank: 37699	634 B
2	lbg3ncntw5z2.com lbg3ncntw5z2.com	2 KB
2	mbddip.com mbddip.com — Cisco Umbrella Rank: 168081	401 B
2	mbidinp.com js.mbidinp.com — Cisco Umbrella Rank: 176549	177 KB
2	mbidadm.com js.mbidadm.com — Cisco Umbrella Rank: 158022	39 KB
2	y9tocksyvbnd.com y9tocksyvbnd.com	22 KB
1	gfxdn.pics gfxdn.pics — Cisco Umbrella Rank: 100863	6 KB
1	mbidstorage.com storage.mbidstorage.com — Cisco Umbrella Rank: 181520
1	mbidtg.com bid.mbidtg.com — Cisco Umbrella Rank: 168153	3 KB
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 10912	545 B
0	a64x.com Failed p.a64x.com Failed
0	google.com Failed accounts.google.com — Cisco Umbrella Rank: 18 Failed
39	15

	Domain	Requested by
12	kordooso.net	y9tocksyvbnd.com kordooso.net
4	mbdippex.com	js.mbidinp.com
3	static.bookmsg.com
2	lbg3ncntw5z2.com	y9tocksyvbnd.com
2	mbddip.com	js.mbidinp.com
2	fp.metricswpsh.com	js.mbidadm.com
2	js.mbidinp.com	js.mbidadm.com js.mbidinp.com
2	js.mbidadm.com	y9tocksyvbnd.com js.mbidadm.com
2	y9tocksyvbnd.com	kordooso.net
1	gfxdn.pics
1	metricswpsh.com	js.mbidadm.com
1	storage.mbidstorage.com	js.mbidadm.com
1	bid.mbidtg.com	js.mbidadm.com
1	my.rtmark.net	kordooso.net
0	p.a64x.com Failed
0	accounts.google.com Failed
39	16

This site contains no links.

Subject Issuer	Validity	Valid
y9tocksyvbnd.com WE1	`2024-10-09` - `2025-01-07`	3 months	crt.sh
kordooso.net WE1	`2024-10-13` - `2025-01-11`	3 months	crt.sh
js.mbidadm.com R10	`2024-10-15` - `2025-01-13`	3 months	crt.sh
rtmark.net R11	`2024-08-30` - `2024-11-28`	3 months	crt.sh
bid.mbidtg.com R10	`2024-08-29` - `2024-11-27`	3 months	crt.sh
mbidstorage.com WE1	`2024-10-21` - `2025-01-19`	3 months	crt.sh
notification.tubecup.net E5	`2024-10-07` - `2025-01-05`	3 months	crt.sh
js.mbidinp.com R10	`2024-10-19` - `2025-01-17`	3 months	crt.sh
static.bookmsg.com R11	`2024-10-02` - `2024-12-31`	3 months	crt.sh
gfxdn.pics R10	`2024-10-01` - `2024-12-30`	3 months	crt.sh
lbg3ncntw5z2.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://lbg3ncntw5z2.com/QMRB9g
Frame ID: 497B30EDBBEC24046981910E835F5818
Requests: 34 HTTP requests in this frame

Frame: https://storage.mbidstorage.com/log/count.html
Frame ID: 3126434AC965759425B1F8969D16730E
Requests: 1 HTTP requests in this frame

Frame: https://static.bookmsg.com/creatives/MyBid_Logo_500px_Color.webp
Frame ID: EE37EBF2630ACB1E5965F99B8BD6EA88
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404 Not Found

Page URL History Show full URLs

http://y9tocksyvbnd.com:443/ HTTP 307
https://y9tocksyvbnd.com/ Page URL
https://lbg3ncntw5z2.com/QMRB9g Page URL

Page Statistics

39
Requests

92 %
HTTPS

15 %
IPv6

15
Domains

16
Subdomains

14
IPs

4
Countries

284 kB
Transfer

1018 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://y9tocksyvbnd.com:443/ HTTP 307
https://y9tocksyvbnd.com/ Page URL
https://lbg3ncntw5z2.com/QMRB9g Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://y9tocksyvbnd.com:443/ HTTP 307
https://y9tocksyvbnd.com/

Request Chain 23

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AcMMx-fveNWzJcvP93XMIVhbGyz7T7Ex-jGGABoqHt1VJso4230UxwxOxYfHsb8U9_AXc2JmxM2kNw HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-fXHI6hP_xW_ky_isLeYOFF7E_xtvtlTkwvN3qC_OrwJQOlLosmpoMfyVa6ExTTOkKFl_mJ4w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1494317628%3A1729731921771041&ddm=0

39 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/ Show response
y9tocksyvbnd.com/
Redirect Chain

http://y9tocksyvbnd.com:443/
https://y9tocksyvbnd.com/

47 KB
21 KB

353ms
72ms

Document
text/html

172.67.167.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://y9tocksyvbnd.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.167.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.4.16
Resource Hash: 5f74f98608d2a754bce3b3b352a567a16032e66a2e47f048c74c0ede22f1f9fa

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d760ed6fa3d3a82-FRA
content-encoding: br
content-type: text/html
date: Thu, 24 Oct 2024 01:05:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sQd%2BiSk6vKPHEJIkfKPVC2gAf%2BXMwvLsJ5A2vSnbFtTibsJ5K1o2zLWY9Zv4cwD1dl8DAmJ4euGp1h4CNrF3DvYb2dI5HcnVEPiBauJFJwnn6TqLpP2h%2B1vAU7Ue6UjzSwgH"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=38826&sent=11&recv=8&lost=0&retrans=0&sent_bytes=4171&recv_bytes=4399&delivery_rate=78542&cwnd=12000&unsent_bytes=0&cid=8303aeddc5a3c512&ts=308&x=1" cfExtPri cfHdrFlush;dur=0
vary: accept-encoding
x-powered-by: PHP/5.4.16

Redirect headers

Location: https://y9tocksyvbnd.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 micro.tag.min.js Show response
kordooso.net/pfe/current/ 45 KB
19 KB 145ms
72ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Requested by: Host: y9tocksyvbnd.com
URL: https://y9tocksyvbnd.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c003752f66895b19eead2f05e004a1c92ab021aeae17a6b8d69810ec24f5d61

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

content-encoding: gzip
cf-cache-status: EXPIRED
etag: W/"6716523e-b56d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aBmCn34z5yBzo97YvgTcsYEhzE3ISb%2By3BJpLxYY9nrmLZKUUmY842mTKq2aoX10kBNmq148OBhR%2FfNjfpN88izxe0FfO2LEk9zacZSENUBOq0LBreXPhio1IjKuXxw%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=39622&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4134&recv_bytes=4293&delivery_rate=80103&cwnd=12000&unsent_bytes=0&cid=626015527a6e8da9&ts=83&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 01:05:20 GMT
content-type: application/javascript
last-modified: Mon, 21 Oct 2024 13:08:14 GMT
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
cf-ray: 8d760ed87924dc60-FRA
server: cloudflare

GET
DATA 200
OK truncated
/ 19 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6678fbb34f3ef18c5649c7cfc1302c671ff5b1c8e9f4365fb51f3d629dab2924

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
H2 200 scripts.js Show response
js.mbidadm.com/static/ 2 KB
1 KB 179ms
51ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.mbidadm.com/static/scripts.js
Requested by: Host: y9tocksyvbnd.com
URL: https://y9tocksyvbnd.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: cf31e107e8cb091c9477fe99de3a57a65486fe87becf0e8f469846949beff9f3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: max-age=300
content-encoding: gzip
etag: W/"6719092e-6c4"
expires: Thu, 24 Oct 2024 01:10:20 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 01:05:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 23 Oct 2024 14:33:18 GMT
server: nginx/1.18.0
x-cdn-host-id: ah1742

GET
H2 200 scripts.m.js Show response
js.mbidadm.com/static/ 117 KB
38 KB 55ms
54ms Script
application/javascript 45.133.44.52
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.mbidadm.com/static/scripts.m.js
Requested by: Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 6913bf4f4d12c66c839af4bfb16272410ec65ac9ab8d703a23f42a677aef06d3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: max-age=300
content-encoding: gzip
etag: W/"67190937-1d4b9"
expires: Thu, 24 Oct 2024 01:10:20 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 01:05:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 23 Oct 2024 14:33:27 GMT
server: nginx/1.18.0
x-cdn-host-id: ah1742

GET
H3 200 sw-check-permissions-ea38e.js
y9tocksyvbnd.com/ 0
972 B 67ms
67ms Other
application/javascript 172.67.167.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://y9tocksyvbnd.com/sw-check-permissions-ea38e.js?var=null&ymid=null&zoneId=3439771
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.167.14 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"620bf1ad-236"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8UyvzZ2TdwmIqQaCBek%2BtGpbQGNK7JQSNSZsoRxz%2BKmIG3yqJi38NEYyFXI6AUxCmxGamQA1TMsCqJGa4586zx3dMqpnn7Ii0hR5XOAfKkwJWf8YXnsOdWpoSlMWXfDx1PQo"}],"group":"cf-nel","max_age":604800}
expires: Fri, 25 Oct 2024 01:05:20 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=50225&sent=34&recv=22&lost=0&retrans=0&sent_bytes=26456&recv_bytes=5401&delivery_rate=163792&cwnd=22800&unsent_bytes=0&cid=8303aeddc5a3c512&ts=692&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 01:05:20 GMT
content-type: application/javascript
last-modified: Tue, 15 Feb 2022 18:32:13 GMT
vary: Accept-Encoding
priority: u=4,i
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d760ed95b973a82-FRA
server: cloudflare

POST
H3 200 zone
kordooso.net/ 0
764 B 64ms
63ms Ping
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kordooso.net/zone?pub=0&zone_id=3439771&is_mobile=false&domain=y9tocksyvbnd.com&var=null&ymid=null&var_3=&var_4=&dsig=&tg=1&sw=3.1.565&trace_id=92999c7c-5150-4d07-ae11-51938381c1e2&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=&drf=

Requested by

Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n1CvubfCPUsc5Uau99o1CshlGc0pqvF10NX0lZrua6WwxjCB82pZVfhNmkGX%2BbvlmV60fRlW0%2Bti%2FVHaC6pCci%2FMT3VgWNRS6Y2Nrtg2inzQ%2FH1usT1NkyCUh6IQFFE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=41873&sent=38&recv=30&lost=0&retrans=0&sent_bytes=25152&recv_bytes=9472&delivery_rate=120651&cwnd=24000&unsent_bytes=0&cid=626015527a6e8da9&ts=216&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 01:05:20 GMT
priority: u=4,i
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials: true
cf-ray: 8d760ed96a3ddc60-FRA
access-control-allow-origin: https://y9tocksyvbnd.com
content-length: 0
server: cloudflare

POST
H3 200 event
kordooso.net/ 0
0 61ms
58ms Ping
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/event
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 188ms
53ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=3439771&checkDuplicate=true&ymid=null&var=null&source=pusher

Requested by

Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

520311a1a8cde8fef9424993cc8fda35d1859fb4e7a2cdfbe6327c2a5c3cd3bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

strict-transport-security: max-age=1
access-control-expose-headers: Authorization
timing-allow-origin: *, *
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
x-content-type-options: nosniff
access-control-allow-origin: https://y9tocksyvbnd.com
content-length: 65
date: Thu, 24 Oct 2024 01:05:21 GMT
content-type: application/json; charset=utf-8
server: nginx
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token

POST
H3 200 event
kordooso.net/ 0
0 62ms
61ms Ping
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/event
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

POST
H3 200 event
kordooso.net/ 0
0 64ms
61ms Ping
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/event
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

POST
H3 200 event
kordooso.net/ 0
0 66ms
64ms Ping
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/event
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

POST
H3 200 event
kordooso.net/ 0
0 64ms
62ms Ping
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/event
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

GET
H3 200 zone Show response
kordooso.net/ 566 B
1 KB 59ms
58ms Fetch
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kordooso.net/zone?pub=0&zone_id=3439771&is_mobile=false&domain=y9tocksyvbnd.com&var=null&ymid=null&var_3=&var_4=&dsig=&tg=1&sw=3.1.565&trace_id=92999c7c-5150-4d07-ae11-51938381c1e2&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=

Requested by

Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

063e11a56c9f75960ee583ce89a99ff9673d9572b6a071134f48daaad5284f11

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9jll%2F0JeI3nAiG9z%2FDJ1LgdoES0hO7EA3eEwxFJo3g94dnTKPuxTiCaWdFxLmSIFTav%2BrJ8c%2FFBBEguu%2F%2FwfLJoc3MTIFampP%2FlPv7l6PIJ2WMXaY7WQNvlNB2Ba68s%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=41873&sent=46&recv=33&lost=0&retrans=0&sent_bytes=30217&recv_bytes=10886&delivery_rate=120651&cwnd=24000&unsent_bytes=0&cid=626015527a6e8da9&ts=239&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 01:05:20 GMT
content-type: application/json; charset=utf-8
priority: u=1,i
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials: true
cf-ray: 8d760ed98a8adc60-FRA
access-control-allow-origin: https://y9tocksyvbnd.com
server: cloudflare

POST
H3 200 event
kordooso.net/ 0
0 52ms
51ms Ping
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/event
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

GET
H2 200 242901 Show response
bid.mbidtg.com/tags/ 2 KB
3 KB 253ms
101ms XHR
application/json 45.133.44.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.mbidtg.com/tags/242901?version_name=b&domain=y9tocksyvbnd.com
Requested by: Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: e444b7862c76704a9b96180dbdc6ef23edb69e13c532331418fcd43e82401a2b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

x-proxy-cache: MISS
cache-control: max-age=300, public
access-control-allow-origin: *
date: Thu, 24 Oct 2024 01:05:21 GMT
content-type: application/json
server: nginx/1.24.0
x-cdn-host-id: ds9203

POST
H3 200 event
kordooso.net/ 0
0 87ms
85ms Ping
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/event
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

POST
H3 200 event
kordooso.net/ 0
0 54ms
52ms Ping
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/event
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

GET
H3 200 count.html
storage.mbidstorage.com/log/ Frame 3126 0
0 695ms
316ms Document
text/html 172.67.164.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.mbidstorage.com/log/count.html
Requested by: Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.m.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.164.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://y9tocksyvbnd.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d760edeef6e8d2d-DFW
content-encoding: br
content-type: text/html
date: Thu, 24 Oct 2024 01:05:21 GMT
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3RYQbSL4dEHraT8LmrBZPGzwfC8bJWyPvAKkz92u0krBNjcGoqsHA7fsr6UmVEzxXTv6sXqyvuS7nCOLkT5ylcKygLNjmhWMGz9HSFkxA9RihMXvckM0WG5aAm83%2BSC2CbnSaEuCCH50fQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=159067&sent=11&recv=8&lost=0&retrans=0&sent_bytes=4175&recv_bytes=4425&delivery_rate=21375&cwnd=12000&unsent_bytes=0&cid=89d88fb2e9630c5b&ts=539&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding
x-request-id: b51eeb52419b1e464f977952bf630b16

GET
H2 200 track Show response
metricswpsh.com/in/ 0
201 B 173ms
42ms XHR
text/plain 168.119.25.64
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://metricswpsh.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTE0Njg5NzM3NDM3NjQyMzAwMCIsInRpbWV6b25lIjoyLCJ2ZXIiOiIzLjEzMS4xIiwidGFnX2lkIjoyNDI5MDEsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTYwMHgxMjAwIiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJFdXJvcGUvQmVybGluIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMjcsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MH0=
Requested by: Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 168.119.25.64 Düsseldorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.64.25.119.168.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: *
access-control-allow-origin: *
content-length: 0
date: Thu, 24 Oct 2024 01:05:21 GMT
vary: Origin
server: nginx/1.18.0
access-control-allow-headers: Content-Type

GET
H2 200 npush.m.js Show response
js.mbidinp.com/npc/sdk/wpu/ 185 KB
51 KB 196ms
52ms Script
application/javascript 45.133.44.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.mbidinp.com/npc/sdk/wpu/npush.m.js
Requested by: Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e515313a3b4f38bca8e2e85b2147ede397c086dc829b815215ce057d23b5c6aa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: max-age=300
content-encoding: gzip
etag: W/"671780aa-2e315"
expires: Thu, 24 Oct 2024 01:10:21 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 01:05:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 22 Oct 2024 10:38:34 GMT
server: nginx/1.18.0
x-cdn-host-id: ah1742

POST
H/1.1 200
OK fp Show response
fp.metricswpsh.com/ 56 B
433 B 125ms
40ms XHR
application/json 157.90.84.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=242901
Requested by: Host: js.mbidadm.com
URL: https://js.mbidadm.com/static/scripts.m.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 157.90.84.242 Ismaning, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.242.84.90.157.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: 7d3007fd9647232df34bcc3ac9cdbbcb9509c03220bede69330e1ae0d1092ad1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://y9tocksyvbnd.com
Content-Length: 56
Date: Thu, 24 Oct 2024 01:05:21 GMT
Content-Type: application/json; charset=UTF-8
Vary: Origin
Server: nginx/1.20.1

OPTIONS
H/1.1 204
No Content fp
fp.metricswpsh.com/ Frame 0
0 154ms
41ms Preflight 157.90.84.242
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://fp.metricswpsh.com/fp?tag_id=242901
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 157.90.84.242 Ismaning, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.242.84.90.157.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://y9tocksyvbnd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://y9tocksyvbnd.com
Connection: keep-alive
Date: Thu, 24 Oct 2024 01:05:21 GMT
Server: nginx/1.20.1
Vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AcMMx-fveNWzJcvP93XMIVhbGyz7T7Ex-jGGABoqHt1VJso4230UxwxOxYfHs...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-fXHI6hP_xW_ky_isLeYOFF7E_xtvtlTkwvN3qC_OrwJQOlLosmpoMfyVa6ExTTOkKFl_mJ4w&passive...

0
0

GET
H2 200 nmain.m.js Show response
js.mbidinp.com/skins/ 535 KB
127 KB 52ms
52ms Script
application/javascript 45.133.44.53
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.mbidinp.com/skins/nmain.m.js
Requested by: Host: js.mbidinp.com
URL: https://js.mbidinp.com/npc/sdk/wpu/npush.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 3bd07f8473833018a981c20ef4c2faad96989ee59540635827dce4b8dda1d03f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: max-age=300
content-encoding: gzip
etag: W/"671780a4-85bed"
expires: Thu, 24 Oct 2024 01:10:21 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
date: Thu, 24 Oct 2024 01:05:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 22 Oct 2024 10:38:28 GMT
server: nginx/1.18.0
x-cdn-host-id: ah1742

GET
H2 200 dip Show response
mbddip.com/in/ 0
201 B 138ms
39ms XHR
text/plain 94.130.198.6
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mbddip.com/in/dip?site=native-push&wl=1&event_id=4d4915c0-eeca-4c07-89c3-540c1f9091f5&subid=1338910650&sid=1321297533&spot_id=2004487&created_at=2024-10-24&timezone=2&ver=8.196.0&is_native=1
Requested by: Host: js.mbidinp.com
URL: https://js.mbidinp.com/npc/sdk/wpu/npush.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 94.130.198.6 Bendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.6.198.130.94.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: *
access-control-allow-origin: *
content-length: 0
date: Thu, 24 Oct 2024 01:05:21 GMT
vary: Origin
server: nginx/1.20.1
access-control-allow-headers: Content-Type

POST
H2 200 multy Show response
mbdippex.com/in/ 54 KB
7 KB 454ms
453ms XHR
application/json 2a01:4f8:1060:13eb::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mbdippex.com/in/multy
Requested by: Host: js.mbidinp.com
URL: https://js.mbidinp.com/npc/sdk/wpu/npush.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: da77b4f0631bfbdb8595ca32974454ebadd51685e900aba0394f842af30e650e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: no-transform, no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-methods: *
access-control-allow-origin: *
content-length: 7393
date: Thu, 24 Oct 2024 01:05:22 GMT
content-type: application/json
vary: Origin
server: nginx/1.20.1
access-control-allow-headers: Content-Type

OPTIONS
H2 204 multy
mbdippex.com/in/ Frame 0
0 137ms
37ms Preflight 2a01:4f8:1060:13eb::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mbdippex.com/in/multy
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://y9tocksyvbnd.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
date: Thu, 24 Oct 2024 01:05:21 GMT
pragma: no-cache
server: nginx/1.20.1
vary: Origin

GET
H2 200 SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp
static.bookmsg.com/creatives/SG/ 486 B
716 B 158ms
50ms Image
image/webp 2a02:b48:8301::24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:b48:8301::24 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: max-age=31536000
etag: "6572ed5b-1e6"
expires: Fri, 24 Oct 2025 01:05:22 GMT
x-proxy-cache: HIT
accept-ranges: bytes
content-length: 486
date: Thu, 24 Oct 2024 01:05:22 GMT
content-type: image/webp
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
server: nginx/1.24.0
x-cdn-host-id: ds9203

GET
H2 200 SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
static.bookmsg.com/creatives/SG/ 1 KB
1 KB 156ms
48ms Image
image/webp 2a02:b48:8301::24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:b48:8301::24 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: max-age=31536000
etag: "6572ed5b-42a"
expires: Fri, 24 Oct 2025 01:05:22 GMT
x-proxy-cache: HIT
accept-ranges: bytes
content-length: 1066
date: Thu, 24 Oct 2024 01:05:22 GMT
content-type: image/webp
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
server: nginx/1.24.0
x-cdn-host-id: ds9203

GET
H2 200 /
mbdippex.com/in/show/ 0
201 B 113ms
37ms Image
text/plain 2a01:4f8:1060:13eb::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbdippex.com/in/show/?tag_ab=b&site_id=312004487&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fy9tocksyvbnd.com%2F&refdom=y9tocksyvbnd.com&auction_time=1729731921&subid=1338910650&sid=1321297533&tcid=0&ver=8.196.0&ver_c=&spot_id=2004487&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-10-24&iabcat=IAB25-3&keywords=&user_fp=7076845274008808295&score=98.29309613889875&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1338910650%26spot_id%3D2004487%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fy9tocksyvbnd.com%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fledgesrv.com%252FRedirect.eng%253FMediaSegmentId%253D62260%2526dcid%253D3_ctx_4deacbed-15c0-4c2e-b881-85fa6801c51c%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DcMt6zD2py3BcE1fFTkzTF8EH5mzHsJdyGcCp1Df4e1maQgQl2dDlt0NPb3s_NHxuCP088FptgdLImn6R5UjGrpxZ12L3SDZ4g6LOAJPRjYKPDVPldWwB5IaZItkYGr_RHFUkFw0DxFnzwKzg8_7t2mFxnpUCd2j7Istu6g0WBcahJJJk3ZGiRZRbUavFOaXs4VovCsH-bTqUV0Hmvr8wcVoQk46NyBNOzuoEwhxxpEUWAxyhYyRg5fcGo9ChrJWvTNDTUjbrtvJtt6xVrXl4hZU-qJN-b017kZ-hbWgRtK7P4j7fiQ0T0yU0hnlMBzXd9YRkBuMT1AqV2LRy98ykrHx8SkHLv88jbTcKNkD83VCzClWOjT73eUT2x8d8jQ1MaLRAjm2XrfMU4njY43ro3x_PZCly760SNbsKhS0-nKiKAYPMRtoFR-wJi2xY3e7dKCp0MxXPv996qMFDSBMh7_OMlgQJtohjz-4KjCkrHaWgd5Sovr7WshagVALLk88_BQvvoADK-NeHcpcavs90U6U0G_wOf4hdt04onNncvG8F53doh023vuA8n06XXxsyX2G4DtqPZ1baFocY3IRGnU-5semVk7byW309EsubW0c0k6UYfggXLIBAcvrjGV2Kpvw5bMpbPckA4O-Q1AYP65PztbK6AuBG02ylrFzPRv0GsKpeJotCZOCtOKoYyQvo4Ld4RV0GiwOiIvPAaE3RMs69BAiAaFVCi1jNPSizrEx-V1GLMZU-pGxf1fJ-KZ36p856vr8Mbs4QQG5JZaq7IONtw3Q1FxJrZxsQF51Z_VakDQU5HghiNNa4a1P2ZXqufmmWyCv10uXaanWBF2ubA-l9xHpXZhY9Fx-n5igCVg6k1QN8Nr-JkE-oqojiU61cnSYcsAns37jGWIo3HU08rTeBxYNXb5A-h7GGAc9QnBIQ-iJvSbR0A8HhzCkUND7bB8RnEYzmLVgtI-k4OJ56wdlRIxdion5kCYnEgHIknRbdjB8Mx9380pssf8JH61tfeNX_MzF43nTuGkhxr9Cbew2%2526kw%253D%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253DeyJhbiI6IkpXUyBJbnRlcm5hdGlvbmFsIFMuw6Agci5sLiIsImFjIjoiTHV4ZW1ib3VyZyIsInRyIjpbMSwyLDNdLCJnIjp0cnVlfQ%253D%253D&icons=02DpNRrtIDFUoyvPb9GS1G03xwxK2kbmcBV_KnAZFfv8bt42q2qSBp3Mm6dGmZf4cnx9J3Rtx4kkb2PclakwR65BBbw8GYUr5Pt-_evubeYoUqUjY6-ZAUiwo8OYvI75TZe_4wrveTVo_BjJTL2EFc1VNVwqr__vsDuQj8y3WGdd0f-Hew&ext_cid=0&px_id=552004487&min_cpm=0.011861018190715248&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=4056152369606343730&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.10031095380442824&cpm=0&verify_hash=07c5b901abb19edfaef70f48414524b9&is_native=2&real_bid=0.0016020550668239704&original_bid_usd=0.00245&original_bid=0.00245&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F130.0.0.0%20Safari%2F537.36&ip_mismatch=2a01:4a0:1338:92::5&geo=DE&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00245&hostname=auc-inpage-hz-2-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Berlin&topics=&historical_keywords=&pop_cpc=0.00000245&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&mlf=1&mlc=1&st=0.02&cpa=6e888707-4941-4705-8097-1aa8420b43e6&prev_step_diff=598
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: *
access-control-allow-origin: *
content-length: 0
date: Thu, 24 Oct 2024 01:05:22 GMT
vary: Origin
server: nginx/1.20.1
access-control-allow-headers: Content-Type

GET
H2 200 /
mbdippex.com/in/show/ 0
200 B 115ms
39ms Image
text/plain 2a01:4f8:1060:13eb::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mbdippex.com/in/show/?tag_ab=b&site_id=312004487&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip&ssp=3964&page=https%3A%2F%2Fy9tocksyvbnd.com%2F&refdom=y9tocksyvbnd.com&auction_time=1729731921&subid=1338910650&sid=1321297533&tcid=0&ver=8.196.0&ver_c=&spot_id=2004487&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-10-24&iabcat=IAB25-3&keywords=&user_fp=7076845274008808295&score=98.29309613889875&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D1338910650%26spot_id%3D2004487%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fy9tocksyvbnd.com%252F%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=23960&crtid=e0d41cb1b8b518b70ea6c1e22a005700&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DMHbVz8vCsJdnZfCidTtpk3nacC6kFxDnc1JBTUOh-a3Mk27Pxgc3epx5Q7fZZU_H5niHLnuAemVl90HfYBdjSyozatlxeigWmMFmHnR_-twqh41GmJfG9f9vKJr4tGrkqnH5NhWlkYTdiX95eZFG5VdcnzWlIj_7Ee_iOmPt1gBCDUSTzRCcJrPJin6GIFKkULbznW7NwZN5HQG4QvLUC6aX18b-vgISWmG9X2XLv_4RF85_us9Fu4l5G8VylsHDdQeqUhULfaqk_0nf3aMnfNHVb1IYAc1sdsoUF9FeLzvWJ1EjsXAAwtP2_iGguG8nXmSJ1Q4qRIVpsuhB8-CrlV6V32iUcp-vbRZ-sXcnuhE0OWEABsqfAvcEynexMDIsU6NIRRLGYlk92_ePKmrYeeN-9PZUow84zJ2HcSePJOhnxiO_9LU86hF8ABG-9UwytUvi32m-iF0-6HJUZLFVjaVtRZKcta71EMhPwrKnDKLia7EE7TON-_njT7uIOL7xzTCwBA8qXOF8kPHYuv18FvXyXl157VOjQjbMGnBzjr6WOkV6LNlrWg1weqzJcmu4bf6nF73Im_8gf_z_1dAzFNpMAu5Ftsb5NmXXE3fixfYJ5AGIo5qUr8BrxlZ5cKhUNaCOVsDKdXcDnFQAKhYhBxsE86fFctn6KUZiN5LdDHWEROzbnImeXB_CoPzv28REjyVbicd1fptJlEnryvtxHV9QHAEILZBZmzeTjIxR7omL47G5sghEkotlZtYPoEirgB3oXOmKp1KNhcHBlMN2zNwVAe3CvoGMcXgVUUV4sBuNhWs7Nnl8PkKV7F5-MHRYcfJT1GJhVHxsd3xniGCsSYW9JlSTnCHtgYfURl9YT_69dfhNgnRRzsNxUUVkt_Y4XkvUPI_xbUa4YmnfXmkS3A7ctDfAP-XtdJHGHBMs44F4PZjIj9jJu2DvkOJRXOtD4e_jvtzBBMf69eMiJujfAFYuaTi2L3FC9o1jpb5xpy-ZrAk2dOTDNLiuUstgdwbe45-cpfAnEMqObwaXeWeAI_EubSyj27rzLNwrM_SwvGRPdjIaTauI-LcaTKYaD_4MhQwLeUQh-9F1j8i9HAJ1PfWQnknqvmPUSbrXUGNEl9DwIGGtAV0v0KsyjD5cehQSEVyfviPoG8eKyAQMBCNtnrup7VHsisCmVHEMP9VPJvs7--7l3rAIW3x1mVR2xnCjG88Cg_k2Y7X6diOBNCubTFDzgAFIb6thFiJEaKiX%26bid%3D0.020605122296669418&icons=dpb50j1oXsE8uYOa8Z1An4r3KStyD3A89obwZqa2ouaHiCaw2EhxVp6rH5FyssyWrsM6ihloBL9XYOanxnPqdj29mXgKtAvjsTyjf0TKei-_lEq0Q38GtJx4i_xLIQgNmEdYzoEq8o2Snto3dH3qiUO5MbvZpQCEf77eEl36uGzny27zrRS8oEN-Fbx5n7hOZnkXy-gx6KgWeQpc6R96hRIr4PTKp2cumICfLU6Z46_wQ0epUpqeh2EnpEIGD0qaM2_uaNob2bazHejsTeFiKlo61CMJaNszmS0Ps-irTPgRBE9PTu72a53wjHVVecnN7pRVGuwacwFlp4uu9b7GOfwsgGthmAFB_IH0x9FbwK_7_zSTrpeJcNFj6Gdju84z8OWKAEVckb_8sY7qdCDGkvds9tvfGKE5p4DQy_vfTs8GbyVNN5Z3tw22vhdzNIuwydbqXr6EZnsQDDuhs2oqyYcN1h1TXz9J6HWgdOanpQyYNdjYoAeZ_eh_WU_QSM-_07mjtsna6zD7kxNZ4dNndsfeFvGqKtT9DFnMvcE6GenVfAxtnpWrHPx4FFpKVJfN7OUaBjY7g1Gw6ycbjvSBdyGBneU1g3xm21_LO1cscbvO75GTl2kxY0eBdM6TfEViOhNuBKCfHpoZTYoeGKFAcsFUE7FR4-TVd2STNFuKJLO8iMdh3ZGGJD2cgJKItvDKz8wHZyegtir3YD4bTaMbfOVkHmRnlOH2gKYi0T0IdsicI7bjRLlNyMaYusjrkFyICzgWVVB5TkojlwWuBXdUaiCqCoVQw4BZXwe0_46IKvDPyKgEU2NIDatEpL_3X2ncEl1Goi-AHcttVm1clxu5EVJbS9fZrYtz2Au1ORSxTGgfMtPgsYcuSdBw8g7clT8bChCgqh0RUV8Yul1l9DE4pJEYbki-Z4id8ycEYkMu26k52IbgvrqCRJX2s93Pq3ePRSfonWOZyN6mVyH9Fo9Ti4zacRPfLkLld9mYGs0b6tlDYnjtIGpNNVzGGHtuPZPTIWU3Gb3-0ltQrGjuG9ok4E-yKC4FVjkqLM5vOJ11TGDH8HW3m-SXJz6ljSIMzrMrl4rRY2pCzRYWGPCnpLknEKfDMN0OL_1nV7D8fqcXFgyZv7rC-9Tc1Pw0J1KHPrrONFVPdwiBLqy84poT05XTSO1UQFaAA8mxZBas1SUQ6zIwBglLe89Dwn5rcDEeZgF5NpAYQ27uoTIDDf9MHKZgEfeuKiJlSS8PMNV3WDVXf5lleXdsHYcFKlGF_s812MF1xYMSVv4x2RVwJSZR58t-EMxxH9kIpbSlpBcyXZYZ8vXLLKommzH2LZ33-tuczC7VR3Mvz66DA9mKUJaoZ32okZi5TXYMxlqs9cQAEi2R6IXcg4-6t6bilkwAkS7Dbr1dlNs210Uv6n8H_rvAWBxIPP1Gvyn8_7IAMURP&ext_cid=296064&px_id=732004487&min_cpm=0.00047179027926684634&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=da3f7b9ab2a26b7c5b6a8957900dd06ab63e583e7cbb4e753259f6e7d8920e61&mid=4056152369606343730&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.11642082989223036&cpm=0.020605122296669418&verify_hash=79b336d0551a1d8fb455213bd3e8e324&is_native=1&real_bid=0.020151809301558802&original_bid_usd=0.11903970516551057&original_bid=0.11903970516551057&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F130.0.0.0%20Safari%2F537.36&ip_mismatch=2a01:4a0:1338:92::5&geo=DE&carrier=-&label_ids=4,90,5,70,98&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1729904721&image_url=https%3A%2F%2Fgfxdn.pics%2Fm%2Fp%2F0%2F883%2F883209%2Fconversions%2FtT8F2vTt-in-page-ad-images.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-2-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=Europe/Berlin&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=296064&is_webview=0&client_price=0.007726199883222595&direct_client_price=0&priority=0&client_payment_model=cpc&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-body&st=0.02&cpa=6ab7f714-635e-4d14-920f-65af221a67b6&prev_step_diff=598
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a01:4f8:1060:13eb::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: *
access-control-allow-origin: *
content-length: 0
date: Thu, 24 Oct 2024 01:05:22 GMT
vary: Origin
server: nginx/1.20.1
access-control-allow-headers: Content-Type

GET
H2 200 MyBid_Logo_500px_Color.webp
static.bookmsg.com/creatives/ Frame EE37 3 KB
3 KB 155ms
48ms Image
image/webp 2a02:b48:8301::24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.bookmsg.com/creatives/MyBid_Logo_500px_Color.webp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:b48:8301::24 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: ac36997bf879617c0d68612fcf9c49a6eb1c11046127b4dbbf618e80978b7e0a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=31536000
etag: "6659aceb-b7e"
expires: Fri, 24 Oct 2025 01:05:22 GMT
x-proxy-cache: HIT
accept-ranges: bytes
content-length: 2942
date: Thu, 24 Oct 2024 01:05:22 GMT
content-type: image/webp
last-modified: Fri, 31 May 2024 10:56:43 GMT
server: nginx/1.24.0
x-cdn-host-id: ds9203

GET /
p.a64x.com/in/tip_shows/ Frame EE37 0
0

GET
H2 200 tT8F2vTt-in-page-ad-images.jpg
gfxdn.pics/m/p/0/883/883209/conversions/ Frame EE37 6 KB
6 KB 159ms
48ms Image
image/jpeg 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gfxdn.pics/m/p/0/883/883209/conversions/tT8F2vTt-in-page-ad-images.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx /
Resource Hash: 68957505fcf78bec0c335f896ae10461036bc7bfa3da7e438e749ed10cbea0c6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

x-request-id: b25f11b47d2e60490af447805d1c5e7a
cache-control: no-cache, no-store, must-revalidate
etag: "66cd789d-1633"
pragma: no-cache, no-cache
expires: 0
x-proxy-cache: HIT, HIT
accept-ranges: bytes
content-length: 5683
date: Thu, 24 Oct 2024 01:05:22 GMT
content-type: image/jpeg
last-modified: Tue, 27 Aug 2024 06:56:29 GMT
server: nginx

GET
DATA 200
OK truncated
/ Frame EE37 483 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 444a68f8495f8630e1a536a36db8f87ae01cc45e59a3ebf341e1568cc0904cf0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 dip
mbddip.com/in/ 0
200 B 39ms
38ms XHR
text/plain 94.130.198.6
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mbddip.com/in/dip?site=native-push&wl=1&event_id=0f4a6a69-21a7-42f9-9095-0110f58480f8&subid=1183913782&sid=824542005&spot_id=2004488&created_at=2024-10-24&timezone=2&ver=8.196.0&is_native=1
Requested by: Host: js.mbidinp.com
URL: https://js.mbidinp.com/npc/sdk/wpu/npush.m.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 94.130.198.6 Bendorf, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.6.198.130.94.clients.your-server.de
Software: nginx/1.20.1 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://y9tocksyvbnd.com/

Response headers

cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-methods: *
access-control-allow-origin: *
content-length: 0
date: Thu, 24 Oct 2024 01:05:22 GMT
vary: Origin
server: nginx/1.20.1
access-control-allow-headers: Content-Type

POST multy
mbdippex.com/in/ 0
0

POST
H3 200 event
kordooso.net/ 0
0 59ms
57ms Ping
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kordooso.net/event
Requested by: Host: kordooso.net
URL: https://kordooso.net/pfe/current/micro.tag.min.js?z=3439771&sw=/sw-check-permissions-ea38e.js&ymid=null&var=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://y9tocksyvbnd.com/

Response headers

GET
H3 404 Primary Request QMRB9g Show response
lbg3ncntw5z2.com/ 147 B
791 B 135ms
75ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbg3ncntw5z2.com/QMRB9g
Requested by: Host: y9tocksyvbnd.com
URL: https://y9tocksyvbnd.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecf14b9ebe7061cddc7e2097a66c90692cc9c1d70d96b5f7ebdd14a0dbb61f54

Request headers

Referer: https://y9tocksyvbnd.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8d760ee46fbebbd9-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 24 Oct 2024 01:05:22 GMT
expires: Thu, 24 Oct 2024 01:05:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pA%2FzVAZumlKjGXHcOzqW4%2FI%2FbFXQPEq1awPHNy%2Buf2kpgtxqCBj1noNamwCevS305rpk%2BFzavTZiDyOx0KpYaA%2BeoInKABfmth8qaE1OlYE4Ij2pWToNmse7J2CQd88uSfpF"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=39386&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4148&recv_bytes=4366&delivery_rate=79746&cwnd=12000&unsent_bytes=0&cid=d5c7ae5be59ec07d&ts=82&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding

GET
H3 404 favicon.ico
lbg3ncntw5z2.com/ 548 B
753 B 69ms
68ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lbg3ncntw5z2.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://lbg3ncntw5z2.com/QMRB9g

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7AFW%2FltGkv0HuUrmtM0LWfQ6kMCktE8IEVc5BOlmtTvIzeJd1aIz3mHxTdIbw8r6PmGKvwmMHRxo9edsNnIISvulwrS431nQUoCOKBshlrUKDXIooSQOWlG9THZVFTFuX5JO"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d760ee51809bbd9-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=39793&sent=15&recv=12&lost=0&retrans=0&sent_bytes=5038&recv_bytes=4894&delivery_rate=13528&cwnd=12000&unsent_bytes=0&cid=d5c7ae5be59ec07d&ts=184&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 01:05:22 GMT
content-type: text/html
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: accounts.google.com
URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AcMMx-fXHI6hP_xW_ky_isLeYOFF7E_xtvtlTkwvN3qC_OrwJQOlLosmpoMfyVa6ExTTOkKFl_mJ4w&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1494317628%3A1729731921771041&ddm=0

Domain: p.a64x.com
URL: https://p.a64x.com/in/tip_shows/?katds_ep=oCUdp5yiQlALSln9Ij6cxuU_Ur79bm05kIM1FQHmib5mWI_7SDEDWGdoTSMDus0mQuXzXPKRjZvaaE29gJOpbjfnKep9Hc2gXcTgKTWSBwY3x-LlWvid8QEhfQJsD6z8MMhB8gp5ttdxduCE-wBtFeYkpTIjadX6iz3sczS-weTTWL8Oe5BYGucXrsXDtuX89N2C22W8A9lc-O3ZSC9p8U2gvH9jSmS5WZNV7BGWvY20wV5aNoUsuzxvayfoTSR_yPBDqHKqx3Js4BsPl4FBM2VI07YdhYbhRRkXPOMUoACATGTIYi61r2mjuUbcp59Oli9OXlqGNQ1P-sbBlNCTm3qivi4bOzUppcTARc6RWs5GATiWjSxDBT6bYHxJC7iwqaVnS2u7zgaZXq0EKXxeI6knUFt2vX4K8XzarXLRuzlQzRQ3-cn-bwYio5oz44fpoVwAvl_KaRIm_eMhmOT0u1jK-CGjk3F-zZdBLvzzvdTjS5GlFPob1ui8DjHws9JZg-SKKyH-248Knc3jDEot6t0tPpGct-LoBNzdMf8uOhigJaOzWc4qPrTNcfanY1Nnei0-riaZ_V5jC1Is0omjRfxWNDZYPOR-x1WkHrE7ewapdMD9Zu2BMecvo3oPM2a7qQqhbyuBueDxMfFoTMsuXGugOEOD-A0MYZLhWy0WCRbPIBqpqR-WxQE1keWdbHHOMuCQ35rnmZFsXjgYX0ocwyv_kf1g0AQEc1aTMn3tJOiqTMR8qpfGIUHodCqsQfTvYAmf3IY4ag3zqB7AFWJoHLbG1KfgOjyCz2vz0tsYIvAj3Dp9_YBjJaWAVuj-PmrwHawb2GsyuglA82qpFx8BT3jXSl1FckHdzbE9OXlwh1WXGokd2ViTRTyIMd7v3voZI6L3XdoiPcq2v2IH_djbTMDFxzbFXaxKriNuTpebHqVhh6Lta_-Mx1hSXyk0VjGBKMwyyZNKfqPMOdXe&bid=0.020605122296669418

Domain: mbdippex.com
URL: https://mbdippex.com/in/multy

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			my.rtmark.net/	1970-01-21 09:14:27	Name: ID Value: 0180ffcb27f5496af01a1c88c03137ef
			fp.metricswpsh.com/	1970-01-21 09:14:27	Name: id Value: 14632922776960209361

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://y9tocksyvbnd.com/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A0B05C02BC1C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://y9tocksyvbnd.com/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A0006900BC1C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network	error	URL: https://lbg3ncntw5z2.com/QMRB9g Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://lbg3ncntw5z2.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
bid.mbidtg.com
fp.metricswpsh.com
gfxdn.pics
js.mbidadm.com
js.mbidinp.com
kordooso.net
lbg3ncntw5z2.com
mbddip.com
mbdippex.com
metricswpsh.com
my.rtmark.net
p.a64x.com
static.bookmsg.com
storage.mbidstorage.com
y9tocksyvbnd.com
accounts.google.com
mbdippex.com
p.a64x.com
139.45.195.8
157.90.84.242
168.119.25.64
172.67.164.241
172.67.167.14
188.114.97.3
2a01:4f8:1060:13eb::2
2a02:b48:8301::24
45.133.44.24
45.133.44.25
45.133.44.52
45.133.44.53
94.130.198.6
063e11a56c9f75960ee583ce89a99ff9673d9572b6a071134f48daaad5284f11
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
3bd07f8473833018a981c20ef4c2faad96989ee59540635827dce4b8dda1d03f
444a68f8495f8630e1a536a36db8f87ae01cc45e59a3ebf341e1568cc0904cf0
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
520311a1a8cde8fef9424993cc8fda35d1859fb4e7a2cdfbe6327c2a5c3cd3bd
5f74f98608d2a754bce3b3b352a567a16032e66a2e47f048c74c0ede22f1f9fa
6678fbb34f3ef18c5649c7cfc1302c671ff5b1c8e9f4365fb51f3d629dab2924
68957505fcf78bec0c335f896ae10461036bc7bfa3da7e438e749ed10cbea0c6
6913bf4f4d12c66c839af4bfb16272410ec65ac9ab8d703a23f42a677aef06d3
7d3007fd9647232df34bcc3ac9cdbbcb9509c03220bede69330e1ae0d1092ad1
8c003752f66895b19eead2f05e004a1c92ab021aeae17a6b8d69810ec24f5d61
ac36997bf879617c0d68612fcf9c49a6eb1c11046127b4dbbf618e80978b7e0a
cf31e107e8cb091c9477fe99de3a57a65486fe87becf0e8f469846949beff9f3
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
da77b4f0631bfbdb8595ca32974454ebadd51685e900aba0394f842af30e650e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e444b7862c76704a9b96180dbdc6ef23edb69e13c532331418fcd43e82401a2b
e515313a3b4f38bca8e2e85b2147ede397c086dc829b815215ce057d23b5c6aa
ecf14b9ebe7061cddc7e2097a66c90692cc9c1d70d96b5f7ebdd14a0dbb61f54

lbg3ncntw5z2.com Open in urlscan Pro 188.114.97.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

39 Requests

92 %HTTPS

15 %IPv6

15 Domains

16 Subdomains

14 IPs

4 Countries

284 kBTransfer

1018 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

lbg3ncntw5z2.com Open in urlscan Pro
188.114.97.3 Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

92 %
HTTPS

15 %
IPv6

15
Domains

16
Subdomains

14
IPs

4
Countries

284 kB
Transfer

1018 kB
Size

2
Cookies

39 HTTP transactions
2 data transactions