oxygen.promorrewesting.gq

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3034::6815:4bc6, located in United States and belongs to CLOUDFLARENET, US. The main domain is oxygen.promorrewesting.gq.

This is the only time oxygen.promorrewesting.gq was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3034::6815:4bc6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	211.47.29.21 211.47.29.21	38688 (WISEN-AS-...) (WISEN-AS-KR GSNeotek)
1	2a04:4e42:46::84 2a04:4e42:46::84	54113 (FASTLY) (FASTLY)
1	2600:141b:13:... 2600:141b:13::17d7:8279	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	4

1 2606:4700:3034::6815:4bc6 (United States)

ASN13335 (CLOUDFLARENET, US)

oxygen.promorrewesting.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 211.47.29.21 (Korea, Republic Of)

ASN38688 (WISEN-AS-KR GSNeotek, KR)

nrbe.pstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:46::84 (United States)

ASN54113 (FASTLY, US)

i.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:8279 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

t1.daumcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	daumcdn.net t1.daumcdn.net — Cisco Umbrella Rank: 13451	166 KB
1	pinimg.com i.pinimg.com — Cisco Umbrella Rank: 1660	77 KB
1	pstatic.net nrbe.pstatic.net — Cisco Umbrella Rank: 403025	85 B
1	promorrewesting.gq oxygen.promorrewesting.gq	14 KB
4	4

	Domain	Requested by
1	t1.daumcdn.net	oxygen.promorrewesting.gq
1	i.pinimg.com	oxygen.promorrewesting.gq
1	nrbe.pstatic.net	oxygen.promorrewesting.gq
1	oxygen.promorrewesting.gq
4	4

This site contains no links.

Subject Issuer	Validity	Valid
*.pstatic.net GeoTrust ECC CA 2018	`2022-05-17` - `2023-06-17`	a year	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-28` - `2023-08-08`	a year	crt.sh
*.daumcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-08-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://oxygen.promorrewesting.gq/
Frame ID: 2CD26828969E57A21EBD72A3DEE26B5D
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

제출문 세종특별자치시귀하 본보고서를귀시가의뢰한 세종특별자치시인권보장및증진기본계획수 립 연구의최종보고서로제출합니다 년 3 월 ( 사 ) 인권정책연구소소장김형완

Page Statistics

4
Requests

75 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

258 kB
Transfer

282 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response oxygen.promorrewesting.gq/	38 KB 14 KB	736ms 178ms	Document text/html	2606:4700:3034::6815:4bc6 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://oxygen.promorrewesting.gq/ Protocol HTTP/1.1 Server 2606:4700:3034::6815:4bc6 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cbc984c82c6e7430802870f7921f534185451a372eb2fefe8b88b7f533167b83` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-US,en;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 79ff643368ec8c96-EWR Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 27 Feb 2023 08:01:14 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iCgEJr8T92KQCDVODjpTnwBqiNXZ6At72C2hfZ5lZ66ITCnZhqd9IjtEBoov%2BOu%2FT%2B5kr8R7N6PLUkBy4nG0QlKGVc0rEvMFczD3hgSB9lL6TswxQdhNlh9%2Be2HczH7T4pVcpcOW8WZGLiSyXzvrbYi7Hw42%2Ba%2Fw"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	404	102488@2x.png nrbe.pstatic.net/styles/basic/1611213719/18/223722/	0 85 B	1209ms 200ms	Image text/plain	211.47.29.21 WISEN-AS-KR GSNeotek
General Check archive.org Show headers Download Go to Show image Full URL https://nrbe.pstatic.net/styles/basic/1611213719/18/223722/102488@2x.png?mt=bg.ol.sw.ar.lko Requested by Host: oxygen.promorrewesting.gq URL: http://oxygen.promorrewesting.gq/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 211.47.29.21 , Korea, Republic Of, ASN38688 (WISEN-AS-KR GSNeotek, KR), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language en-US,en;q=0.9 Referer http://oxygen.promorrewesting.gq/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 27 Feb 2023 08:01:15 GMT last-modified Fri, 24 Feb 2023 10:42:25 GMT server nginx age 0 content-length 0
GET H2	200	b7ff9b3afee4d73f2aa52681adc48de2.jpg i.pinimg.com/originals/b7/ff/9b/	77 KB 77 KB	32ms 13ms	Image image/jpeg	2a04:4e42:46::84 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.pinimg.com/originals/b7/ff/9b/b7ff9b3afee4d73f2aa52681adc48de2.jpg Requested by Host: oxygen.promorrewesting.gq URL: http://oxygen.promorrewesting.gq/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:46::84 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `f14d81fdc4442ea9f052e93e4fe08e579d016c52538418892f048546f36350d2` Request headers accept-language en-US,en;q=0.9 Referer http://oxygen.promorrewesting.gq/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 27 Feb 2023 08:01:14 GMT x-cdn fastly etag "95fa3d24d2156ac46248f730b800521a" vary Origin content-type image/jpeg cache-control max-age=31536000, immutable accept-ranges bytes alt-svc h3=":443";ma=600,h3-29=":443";ma=600,h3-27=":443";ma=600 content-length 79035
GET H2	200	9992BD3F5C519C1110 t1.daumcdn.net/cfile/tistory/	166 KB 166 KB	749ms 68ms	Image image/jpeg	2600:141b:13::17d7:8279 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://t1.daumcdn.net/cfile/tistory/9992BD3F5C519C1110 Requested by Host: oxygen.promorrewesting.gq URL: http://oxygen.promorrewesting.gq/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13::17d7:8279 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software openresty / Resource Hash `53a48c7e46d55652131f0b5000e605bfacad12c5494084897328ad7840b18370` Request headers accept-language en-US,en;q=0.9 Referer http://oxygen.promorrewesting.gq/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 27 Feb 2023 08:01:15 GMT last-modified Wed, 30 Jan 2019 12:44:01 GMT server openresty content-type image/jpeg cache-control max-age=116181 x-wcss dC1jb21tb24wMS1id2NhY2hlNzc6MDpjaHR0cDoyMQ== accept-ranges bytes content-length 169915 expires Tue, 28 Feb 2023 16:17:36 GMT

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			oxygen.promorrewesting.gq/	1969-12-31 23:59:59	Name: ch1c Value: b

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nrbe.pstatic.net/styles/basic/1611213719/18/223722/102488@2x.png?mt=bg.ol.sw.ar.lko Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i.pinimg.com
nrbe.pstatic.net
oxygen.promorrewesting.gq
t1.daumcdn.net
211.47.29.21
2600:141b:13::17d7:8279
2606:4700:3034::6815:4bc6
2a04:4e42:46::84
53a48c7e46d55652131f0b5000e605bfacad12c5494084897328ad7840b18370
cbc984c82c6e7430802870f7921f534185451a372eb2fefe8b88b7f533167b83
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f14d81fdc4442ea9f052e93e4fe08e579d016c52538418892f048546f36350d2

oxygen.promorrewesting.gq Open in urlscan Pro 2606:4700:3034::6815:4bc6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

4 Requests

75 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

258 kBTransfer

282 kBSize

1 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

oxygen.promorrewesting.gq Open in urlscan Pro
2606:4700:3034::6815:4bc6 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

258 kB
Transfer

282 kB
Size

1
Cookies

4 HTTP transactions
0 data transactions