urlscan.io logo urlscan.io
SecurityTrails logo

www.offermyvist.com Open in urlscan Pro
51.68.85.158  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://gtbks2.cn/burl/index.php?type=web&_f=Kaufland-M2022&_p=Pop
Effective URL: https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7128420692214677539&website=21977-8cea1752&plac...
Submission: On August 05 via manual from PL — Scanned from SE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 10 domains to perform 10 HTTP transactions. The main IP is 51.68.85.158, located in France and belongs to OVH, FR. The main domain is www.offermyvist.com. The Cisco Umbrella rank of the primary domain is 708496.
TLS certificate: Issued by R3 on July 3rd 2022. Valid for: 3 months.
This is the only time www.offermyvist.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 188.114.97.3 13335 (CLOUDFLAR...)
1 185.66.201.42 201702 (SKHOSTING-EU)
1 185.66.201.8 201702 (SKHOSTING-EU)
1 1 174.137.133.18 27257 (WEBAIR-IN...)
1 1 185.66.200.220 201702 (SKHOSTING-EU)
1 185.66.201.58 201702 (SKHOSTING-EU)
1 185.66.201.7 201702 (SKHOSTING-EU)
3 65.60.9.236 32475 (SINGLEHOP...)
1 51.68.85.158 16276 (OVH)
10 8
1    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
gtbks2.cn
1    185.66.201.42 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: affilist.com
qoaaa.com
1    185.66.201.8 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.201.8.skhosting.eu
ecaba.live
1    174.137.133.18 (United States)

ASN27257 (WEBAIR-INTERNET, US)
xml.blueparrot.media
1    185.66.200.220 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.220.skhosting.eu
vdbaa.com
1    185.66.201.58 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.201.58.skhosting.eu
namel.net
1    185.66.201.7 (Nitra, Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.201.7.skhosting.eu
oqaaa.com
3    65.60.9.236 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
us.r-q.media
1    51.68.85.158 (France)

ASN16276 (OVH, FR)
www.offermyvist.com
Apex Domain
Subdomains		 Transfer
3 r-q.media
us.r-q.media — Cisco Umbrella Rank: 344324
8 KB
1 offermyvist.com
www.offermyvist.com — Cisco Umbrella Rank: 708496
5 KB
1 oqaaa.com
oqaaa.com
308 B
1 namel.net
namel.net
756 B
1 vdbaa.com
vdbaa.com — Cisco Umbrella Rank: 960954
940 B
1 blueparrot.media
xml.blueparrot.media — Cisco Umbrella Rank: 345722
140 B
1 ecaba.live
ecaba.live
291 B
1 qoaaa.com
qoaaa.com — Cisco Umbrella Rank: 258151
817 B
1 gtbks2.cn
gtbks2.cn
648 B
0 goldensevenseas.net Failed
t2.goldensevenseas.net Failed
10 10
Domain Requested by
3 us.r-q.media oqaaa.com
us.r-q.media
1 www.offermyvist.com us.r-q.media
1 oqaaa.com namel.net
1 namel.net ecaba.live
1 vdbaa.com 1 redirects
1 xml.blueparrot.media 1 redirects
1 ecaba.live qoaaa.com
1 qoaaa.com gtbks2.cn
1 gtbks2.cn
0 t2.goldensevenseas.net Failed www.offermyvist.com
10 10

This site contains no links.

Subject Issuer Validity Valid
*.gtbks2.cn
E1		 2022-07-17 -
2022-10-15		 3 months crt.sh
qoaaa.com
R3		 2022-06-06 -
2022-09-04		 3 months crt.sh
ecaba.live
R3		 2022-07-17 -
2022-10-15		 3 months crt.sh
namel.net
R3		 2022-07-11 -
2022-10-09		 3 months crt.sh
oqaaa.com
R3		 2022-06-10 -
2022-09-08		 3 months crt.sh
us.r-q.media
R3		 2022-06-30 -
2022-09-28		 3 months crt.sh
www.offermyvist.com
R3		 2022-07-03 -
2022-10-01		 3 months crt.sh

This page contains 1 frames:

Frame: http://t2.goldensevenseas.net/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=62ed3cdb25a69400016e7692&s=503
Frame ID: 1DA205D114C13CA0BB226F740AFDAA22
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://gtbks2.cn/burl/index.php?type=web&_f=Kaufland-M2022&_p=Pop Page URL
  2. https://qoaaa.com/e8ff0088ab/1c337ce436/?placementName=mPop Page URL
  3. https://ecaba.live/go.php?go=http%3A%2F%2Fxml.blueparrot.media%2Fredirect%3Ffeed%3D392228%26aut... Page URL
  4. http://xml.blueparrot.media/redirect?feed=392228&auth=QUqHQ7&subid=26233199&postback_id=30affC1659714776... HTTP 302
    https://vdbaa.com/fullpage.php?section=fallback&pub=344296&ga=g HTTP 302
    https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XrkpCZkkZpjGdACiGkkjd... Page URL
  5. https://oqaaa.com/go.php?go=https%3A%2F%2Fus.r-q.media%2F%3Futm_medium%3D35f01c022e5d4ea753f23... Page URL
  6. https://us.r-q.media/?utm_medium=35f01c022e5d4ea753f23df180ff68e0ad428e85&utm_campaign=PUSH-MS-SL... Page URL
  7. https://us.r-q.media/?utm_term=7128420692214677539&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
  8. https://us.r-q.media/proc.php?01bb173dadfae06c2417badc6570208c0d27d005 Page URL
  9. https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7128420692214677539&website... Page URL

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

8
IPs

4
Countries

16 kB
Transfer

25 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://gtbks2.cn/burl/index.php?type=web&_f=Kaufland-M2022&_p=Pop Page URL
  2. https://qoaaa.com/e8ff0088ab/1c337ce436/?placementName=mPop Page URL
  3. https://ecaba.live/go.php?go=http%3A%2F%2Fxml.blueparrot.media%2Fredirect%3Ffeed%3D392228%26auth%3DQUqHQ7%26subid%3D26233199%26postback_id%3D30affC1659714776affc33440cd87081a440a588&do=08200379c41b903cfd04c4c613dda5fd Page URL
  4. http://xml.blueparrot.media/redirect?feed=392228&auth=QUqHQ7&subid=26233199&postback_id=30affC1659714776affc33440cd87081a440a588 HTTP 302
    https://vdbaa.com/fullpage.php?section=fallback&pub=344296&ga=g HTTP 302
    https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XrkpCZkkZpjGdACiGkkjdCpCrjANrpGNZriNrjZCrCZZZCCrixCrxpCrCrGCxCZrrpxdiGdCCAiA_76023&adApiR=loaded_string_9999158c8dd630f28d91efe9066904dcc801e_2633077_1659714777.2762_93648&refferer=336248842_aHR0cDovLzM0NDI5Ni55bGxpeC5jb20=&yxDom=dmRiYWEuY29t_9f0199818f55a7669128123a276be0b0 Page URL
  5. https://oqaaa.com/go.php?go=https%3A%2F%2Fus.r-q.media%2F%3Futm_medium%3D35f01c022e5d4ea753f23df180ff68e0ad428e85%26utm_campaign%3DPUSH-MS-SL-NA%26cid%3D90affC1659714777affd05712a790429a513a89%261%3D27596841&do=51a73cd4ea7aeaa3d61e6e889afb0062 Page URL
  6. https://us.r-q.media/?utm_medium=35f01c022e5d4ea753f23df180ff68e0ad428e85&utm_campaign=PUSH-MS-SL-NA&cid=90affC1659714777affd05712a790429a513a89&1=27596841 Page URL
  7. https://us.r-q.media/?utm_term=7128420692214677539&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91 Page URL
  8. https://us.r-q.media/proc.php?01bb173dadfae06c2417badc6570208c0d27d005 Page URL
  9. https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7128420692214677539&website=21977-8cea1752&placement=21977&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • http://xml.blueparrot.media/redirect?feed=392228&auth=QUqHQ7&subid=26233199&postback_id=30affC1659714776affc33440cd87081a440a588 HTTP 302
  • https://vdbaa.com/fullpage.php?section=fallback&pub=344296&ga=g HTTP 302
  • https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XrkpCZkkZpjGdACiGkkjdCpCrjANrpGNZriNrjZCrCZZZCCrixCrxpCrCrGCxCZrrpxdiGdCCAiA_76023&adApiR=loaded_string_9999158c8dd630f28d91efe9066904dcc801e_2633077_1659714777.2762_93648&refferer=336248842_aHR0cDovLzM0NDI5Ni55bGxpeC5jb20=&yxDom=dmRiYWEuY29t_9f0199818f55a7669128123a276be0b0
Request Chain 8
  • https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7128420692214677539&website=21977-8cea1752&placement=21977&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90&eyeg=0d2c79c18f6593628552458065b0f18e&eyer=0.8475835157954923&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=us.r-q.media HTTP 302
  • https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7128420692214677539&website=21977-8cea1752&placement=21977&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90&eyeg=3&eyer=0.8475835157954923&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=us.r-q.media HTTP 302
  • https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300030276224de6db920761967cd7f669e0d0805-202208-flb*5504646-65846*M7128420692214677539*sl_5504646-65846*c8c7eb62decba443d29207a32fa9334ff19afa6c*21977-8cea1752*21977 HTTP 302
  • http://t2.goldensevenseas.net/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=62ed3cdb25a69400016e7692&s=503

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.php
gtbks2.cn/burl/ 		131 B
648 B 		Document
General
Check archive.org
Download Go to
Full URL
https://gtbks2.cn/burl/index.php?type=web&_f=Kaufland-M2022&_p=Pop
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7360b3e6ef64737f-CPH
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 15:52:56 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9MasMv12bp%2BP9p%2Fky9gb31kI1JPS%2B%2FohAiZaLRP3QuDluwvlmiMn23Jk%2FEmQhrIgqM9FTrdijMKZ2HEXhk7AWVklJ%2BHz5zbdCO13M39c451TcMN9TyVrzgIqHnI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
/
qoaaa.com/e8ff0088ab/1c337ce436/ 		626 B
817 B 		Document
General
Check archive.org
Download Go to
Full URL
https://qoaaa.com/e8ff0088ab/1c337ce436/?placementName=mPop
Requested by
Host: gtbks2.cn
URL: https://gtbks2.cn/burl/index.php?type=web&_f=Kaufland-M2022&_p=Pop
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.201.42 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
affilist.com
Software
nginx /
Resource Hash

Request headers

Referer
https://gtbks2.cn/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 15:52:56 GMT
expires
Sun, 01 Jan 2014 00:00:00 GMT
pragma
no-cache
server
nginx
x-robots-tag
noindex,nofollow
go.php
ecaba.live/ 		617 B
291 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ecaba.live/go.php?go=http%3A%2F%2Fxml.blueparrot.media%2Fredirect%3Ffeed%3D392228%26auth%3DQUqHQ7%26subid%3D26233199%26postback_id%3D30affC1659714776affc33440cd87081a440a588&do=08200379c41b903cfd04c4c613dda5fd
Requested by
Host: qoaaa.com
URL: https://qoaaa.com/e8ff0088ab/1c337ce436/?placementName=mPop
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.201.8 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.201.8.skhosting.eu
Software
nginx /
Resource Hash

Request headers

Referer
https://qoaaa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 15:52:56 GMT
server
nginx
/
namel.net/d0d63e31e7/070a954047/
Redirect Chain
  • http://xml.blueparrot.media/redirect?feed=392228&auth=QUqHQ7&subid=26233199&postback_id=30affC1659714776affc33440cd87081a440a588
  • https://vdbaa.com/fullpage.php?section=fallback&pub=344296&ga=g
  • https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XrkpCZkkZpjGdACiGkkjdCpCrjANrpGNZriNrjZCrCZZZCCrixCrxpCrCrGCxCZrrpxdiGdCCAiA_76023&adApiR=loaded_string_9999158c8dd630f28d91...
678 B
756 B 		Document
General
Check archive.org
Download Go to
Full URL
https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XrkpCZkkZpjGdACiGkkjdCpCrjANrpGNZriNrjZCrCZZZCCrixCrxpCrCrGCxCZrrpxdiGdCCAiA_76023&adApiR=loaded_string_9999158c8dd630f28d91efe9066904dcc801e_2633077_1659714777.2762_93648&refferer=336248842_aHR0cDovLzM0NDI5Ni55bGxpeC5jb20=&yxDom=dmRiYWEuY29t_9f0199818f55a7669128123a276be0b0
Requested by
Host: ecaba.live
URL: https://ecaba.live/go.php?go=http%3A%2F%2Fxml.blueparrot.media%2Fredirect%3Ffeed%3D392228%26auth%3DQUqHQ7%26subid%3D26233199%26postback_id%3D30affC1659714776affc33440cd87081a440a588&do=08200379c41b903cfd04c4c613dda5fd
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.201.58 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.201.58.skhosting.eu
Software
nginx /
Resource Hash

Request headers

Referer
https://ecaba.live/go.php?go=http%3A%2F%2Fxml.blueparrot.media%2Fredirect%3Ffeed%3D392228%26auth%3DQUqHQ7%26subid%3D26233199%26postback_id%3D30affC1659714776affc33440cd87081a440a588&do=08200379c41b903cfd04c4c613dda5fd
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 15:52:57 GMT
expires
Sun, 01 Jan 2014 00:00:00 GMT
pragma
no-cache
server
nginx
x-robots-tag
noindex,nofollow

Redirect headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 15:52:57 GMT
expires
Fri, 05 Aug 2022 15:52:57 GMT
last-modified
Fri, 05 Aug 2022 15:52:57 GMT
location
https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XrkpCZkkZpjGdACiGkkjdCpCrjANrpGNZriNrjZCrCZZZCCrixCrxpCrCrGCxCZrrpxdiGdCCAiA_76023&adApiR=loaded_string_9999158c8dd630f28d91efe9066904dcc801e_2633077_1659714777.2762_93648&refferer=336248842_aHR0cDovLzM0NDI5Ni55bGxpeC5jb20=&yxDom=dmRiYWEuY29t_9f0199818f55a7669128123a276be0b0
pragma
no-cache
server
nginx
x-robots-tag
noindex, nofollow, noarchive, nosnippet
go.php
oqaaa.com/ 		671 B
308 B 		Document
General
Check archive.org
Download Go to
Full URL
https://oqaaa.com/go.php?go=https%3A%2F%2Fus.r-q.media%2F%3Futm_medium%3D35f01c022e5d4ea753f23df180ff68e0ad428e85%26utm_campaign%3DPUSH-MS-SL-NA%26cid%3D90affC1659714777affd05712a790429a513a89%261%3D27596841&do=51a73cd4ea7aeaa3d61e6e889afb0062
Requested by
Host: namel.net
URL: https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XrkpCZkkZpjGdACiGkkjdCpCrjANrpGNZriNrjZCrCZZZCCrixCrxpCrCrGCxCZrrpxdiGdCCAiA_76023&adApiR=loaded_string_9999158c8dd630f28d91efe9066904dcc801e_2633077_1659714777.2762_93648&refferer=336248842_aHR0cDovLzM0NDI5Ni55bGxpeC5jb20=&yxDom=dmRiYWEuY29t_9f0199818f55a7669128123a276be0b0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.201.7 Nitra, Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.201.7.skhosting.eu
Software
nginx /
Resource Hash

Request headers

Referer
https://namel.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 15:52:57 GMT
server
nginx
/
us.r-q.media/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://us.r-q.media/?utm_medium=35f01c022e5d4ea753f23df180ff68e0ad428e85&utm_campaign=PUSH-MS-SL-NA&cid=90affC1659714777affd05712a790429a513a89&1=27596841
Requested by
Host: oqaaa.com
URL: https://oqaaa.com/go.php?go=https%3A%2F%2Fus.r-q.media%2F%3Futm_medium%3D35f01c022e5d4ea753f23df180ff68e0ad428e85%26utm_campaign%3DPUSH-MS-SL-NA%26cid%3D90affC1659714777affd05712a790429a513a89%261%3D27596841&do=51a73cd4ea7aeaa3d61e6e889afb0062
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
65.60.9.236 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.0.11
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Referer
https://oqaaa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 15:52:58 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://us.r-q.media/?utm_term=7128420692214677539&ver=4viyaptcjo
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-powered-by
PHP/8.0.11
/
us.r-q.media/ 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://us.r-q.media/?utm_term=7128420692214677539&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91
Requested by
Host: us.r-q.media
URL: https://us.r-q.media/?utm_medium=35f01c022e5d4ea753f23df180ff68e0ad428e85&utm_campaign=PUSH-MS-SL-NA&cid=90affC1659714777affd05712a790429a513a89&1=27596841
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
65.60.9.236 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.0.11
Resource Hash
15253b667ff3ace6666f08bc6cffe7bb7f46e3ee4cd45f9790d8b2bc6cb911bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Referer
https://us.r-q.media/?utm_medium=35f01c022e5d4ea753f23df180ff68e0ad428e85&utm_campaign=PUSH-MS-SL-NA&cid=90affC1659714777affd05712a790429a513a89&1=27596841
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 15:52:58 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-powered-by
PHP/8.0.11
proc.php
us.r-q.media/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://us.r-q.media/proc.php?01bb173dadfae06c2417badc6570208c0d27d005
Requested by
Host: us.r-q.media
URL: https://us.r-q.media/?utm_term=7128420692214677539&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
65.60.9.236 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.0.11
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Referer
https://us.r-q.media/?utm_term=7128420692214677539&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea91
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 05 Aug 2022 15:52:58 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7128420692214677539&website=21977-8cea1752&placement=21977
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-powered-by
PHP/8.0.11
Primary Request /
www.offermyvist.com/ 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7128420692214677539&website=21977-8cea1752&placement=21977&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf0f1f1fff4fde8efe9edecefe5ebea90
Requested by
Host: us.r-q.media
URL: https://us.r-q.media/proc.php?01bb173dadfae06c2417badc6570208c0d27d005
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.68.85.158 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://us.r-q.media/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Type
text/html
Date
Fri, 05 Aug 2022 15:52:59 GMT
Transfer-Encoding
chunked
l.php
t2.goldensevenseas.net/
Redirect Chain
  • https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7128420692214677539&website=21977-8cea1752&placement=21977&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd8...
  • https://www.offermyvist.com/?sl=5504646-65846&data1=Track1&data2=Track2&tag=M7128420692214677539&website=21977-8cea1752&placement=21977&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd8...
  • https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300030276224de6db920761967cd7f669e0d0805-202208-flb*5504646-65846*M7128420692214677539*sl_5504646-65846*c8c7eb62decba4...
  • http://t2.goldensevenseas.net/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=62ed3cdb25a69400016e7692&s=503
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
t2.goldensevenseas.net
URL
http://t2.goldensevenseas.net/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=62ed3cdb25a69400016e7692&s=503

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation

6 Cookies

Domain/Path Name / Value
.vdbaa.com/ Name: used_ad2633077
Value: 1
.vdbaa.com/ Name: total_impressions
Value: 1
.vdbaa.com/ Name: cap_51853
Value: 1
.vdbaa.com/ Name: cpa_673873
Value: popup_299248765_4
us.r-q.media/ Name: u
Value: a90e5808ed1967f1e508de22a9a37be6
admoustache.go2affise.com/ Name: afclick
Value: 62ed3cdb25a69400016e7692