oxygensignkeep.pics Open in urlscan Pro
104.21.40.186  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request refresher Show response oxygensignkeep.pics/	16 KB 5 KB	173ms 105ms	Document text/html	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5e7b525bbe2fedb4618a9aa8d385dc127bb5b63f62699b91abc28fe196915d55 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8b9db1c64f8c9c04-FRA content-encoding br content-type text/html; charset=UTF-8 date Tue, 27 Aug 2024 17:13:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tx6cbZZ%2B9znsg952jFUxzXcZYWdqVIleWZShzIVy3d6BO8gDNd%2BHidZMVX3%2FBAq6zQnk%2FgnfZU0%2B4gA6O84NRloRNIEkvT4w4FsJk0vR9gtX1ZQ%2FzoIzlBUSDnerRLBnUaWNxPdY"}],"group":"cf-nel","max_age":604800} server cloudflare x-request-id b78f1904-dac0-4dd3-847d-ad71bf55a5e4
GET H2	200	css2 fonts.googleapis.com/	5 KB 1 KB	75ms 29ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash b09b0920822a9385cac1bb34a1df9f96489dbbef839a5f33cf73c84b730410b5 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://oxygensignkeep.pics/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 27 Aug 2024 17:13:49 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 27 Aug 2024 15:27:11 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 27 Aug 2024 17:13:49 GMT
GET H3	200	intlTelInput.css cdnjs.cloudflare.com/ajax/libs/intl-tel-input/19.2.16/css/	25 KB 3 KB	59ms 33ms	Stylesheet text/css	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/19.2.16/css/intlTelInput.css Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8a0a9e2acfa9985df9605a42298a1a5a61ecf03ec550b028192c0073360e8585 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://oxygensignkeep.pics/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:49 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 1020479 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 2194 last-modified Wed, 31 Jan 2024 15:05:28 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "65ba61b8-892" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NDe%2FBiosyzD2jehk0x9zcc6PJg3AHP075lhngYWbZxi3djKpg%2BaQ2TbCwzlsLmINdgsdL3Pko3WYTWSw9hJknDqBZtJd%2FkxU8U9Ghj9mQX%2FjVWa5QRq8aF6Q1mqBdXPN%2BUeU3vy3AOCfMf1eK9or0OuS"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 8b9db1c71bda4dbb-FRA expires Sun, 17 Aug 2025 17:13:49 GMT
GET H3	200	main.css oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/	5 KB 2 KB	86ms 85ms	Stylesheet text/css	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/main.css Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 75406290a36c4f1b84f31a09098495f37951172a97f2a8931e57d5a56eb8036b Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:49 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 09 Jul 2024 07:34:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668ce7ea-12ec" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5cN0t6rDP6Q1uzqxjdifh%2FqHRtE5n5LWsVVxq0o4qEu2NfIae%2FMcbcv6kPB5yrtUqI57YP2iHErRhK7jVNbTrrFMYY3Pkg6ZT%2BMp37MWOXF0TG5QWJMocVovygh5zirYCzYGmEAY"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c6f82d9c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:49 GMT
GET H3	200	form.css oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/	2 KB 1 KB	103ms 102ms	Stylesheet text/css	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/form.css Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 81c9f9c685786d7e90fa0d877d41b52abb1ba68ea875c856b3a022c3cf410365 Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:49 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 09 Jul 2024 07:34:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668ce7ea-8e0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r9S5faMs3ICuNtNMdGf9XET1DZhPA6a4zk7cf8pUZdHJQCA14GosfIvsXwOtoYinQEomgPBQR1lYBdhh5UUaMVaYdyuGwNtBwr9rVSSzJPpXC7sHH3RUvpGROhnyp%2F6a8kETZb2A"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c6f82e9c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:49 GMT
GET H2	500	events.js api.imotech.video/ad/	0 0	98ms 36ms	Script application/javascript	202.168.102.27 NETSTAR-AS-AP NET...
General Check archive.org Show headers Download Go to Full URL https://api.imotech.video/ad/events.js?pixel_id= Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 202.168.102.27 Amsterdam, Netherlands, ASN10122 (NETSTAR-AS-AP NETSTAR SG PTE. LTD., SG), Reverse DNS Software openresty / Resource Hash Request headers Referer https://oxygensignkeep.pics/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers access-control-allow-origin * date Tue, 27 Aug 2024 17:13:50 GMT cache-control private, max-age=900 server openresty bigotraceresponse 00-7782d7ef5d0648bb4a851c91c6ce792e-0-01 content-length 0 content-type application/javascript;charset=utf-8
GET H3	200	back.svg oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/	526 B 832 B	91ms 91ms	Image image/svg+xml	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/back.svg Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6e4b0d0b71acb766482f7952dcf75855b2b20a33b4025051fcd02e2f8bd600c8 Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:49 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 09 Jul 2024 07:34:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668ce7ea-20e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sWx4aV28hsiyOpcNKghPNVKDrOyo1VIlsaYyLnyg2Cis98IfwagRLvOvUsYgRFoA833zigxdsaJ5nMO7Vnfs9MFjyEkhBOY09yy5Ux8nqOr3Sod4A%2FampfU%2B2qjL2hhd0KIuAzSB"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c6f82f9c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:49 GMT
GET H3	200	logo.svg oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/	138 KB 96 KB	119ms 118ms	Image image/svg+xml	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/logo.svg Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b0da0439a71471db884fbd654518df5c4f9a1d08ad09abaf1e4ee34ab716e8b6 Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding gzip cf-cache-status MISS last-modified Mon, 15 Jul 2024 10:07:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6694f4e4-22690" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m5kvgrPMYHqEHulxUIWTx4ErUquGsgsryZnmHOyXCbByx0pybt4hQ412%2B2aH9dmIHCiIQIbKzdsw6rQ%2BH18mxNas7R11GVQmOt6paYKsoMU9BBHz0urYh9eJzOodH8E3UJPmzfqO"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c6f8319c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:49 GMT
GET H3	200	verified.svg oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/	830 B 982 B	86ms 86ms	Image image/svg+xml	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/verified.svg Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f832ceba3c99c4edc245a71fef30c6aaaf790d13c8f8de5a3964f2fdcfbd13cd Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 09 Jul 2024 07:34:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668ce7ea-33e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MakAJ3RsKYZi8aeAUPTREuFf3QSxsBLCt8pjSULNX6LHAEDZkHUMQ%2F9R0diwAbPLBZ32uiHovaJTCEvvPJ6%2F89txRNK2pNrGWgkGxs030pjZ5gj24O1mFTpyREZ2A1mXOYqWWdkv"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c788d09c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:50 GMT
GET H3	200	phone.svg oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/	2 KB 1 KB	141ms 139ms	Image image/svg+xml	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/phone.svg Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa1632b7087051eb51c59abe05908789ebec4311af5ed212c81059cebd2d29e8 Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 09 Jul 2024 07:34:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668ce7ea-601" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XwOHSVGZ7j37yGNyazULebOnLV4GEbN9iVUboYw2Zsw05HBSsC%2F%2FdQnZ5VgWKNay8pUIX8PjGTOZAknduwy0F3N%2BmONeuk27mfae6rvjskTiWsyC6i1puGh%2BYzE%2B2Q60XWjHi%2Fdd"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c7a8e99c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:50 GMT
GET H3	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/	85 KB 27 KB	30ms 28ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://oxygensignkeep.pics/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 414419 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27446 last-modified Tue, 29 Aug 2023 04:36:11 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "64ed75bb-6b36" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xl9x7N3Agc8PFUj61uyEWR4%2Bs%2Fom9mGvTkTRnHlR02M0QgKznP32Oun0l%2FEnXpM0GcMi6R7UDL%2BpTQUdIiEj0g9WiglWOkUQPtIf3EaF3iJRoiHuCLZErQwNYvUEAz6C9pODKWkn4uqjZv%2FkZ983D8Ix"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 8b9db1c7ac554dbb-FRA expires Sun, 17 Aug 2025 17:13:50 GMT
GET H3	200	libphonenumber-js.min.js Show response cdnjs.cloudflare.com/ajax/libs/libphonenumber-js/1.10.58/	172 KB 35 KB	49ms 47ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/libphonenumber-js/1.10.58/libphonenumber-js.min.js Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e4396841a7c3b2805e113d3c72d7719158f36bb3d8938c1dbc0c5fc9394b8b57 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://oxygensignkeep.pics/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 1187746 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 35539 last-modified Mon, 11 Mar 2024 23:01:31 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "65ef8d4b-8ad3" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=50v7%2FidjGqnkM7ji6DIL6QcdSYL6ctvpbPXgpC2fyE0TGNGjdWkop8ZlYv%2Bo7FPAEDfoty3A0MqRQRfVhmJIUsjd9bOCyukRfhpvjudpykl6Fhq8i1uL96AOT1kAOt8JLfeUlEbx%2BaCmkXhBKMEopik9"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 8b9db1c7ac564dbb-FRA expires Sun, 17 Aug 2025 17:13:50 GMT
GET H3	200	intlTelInput.min.js Show response cdnjs.cloudflare.com/ajax/libs/intl-tel-input/19.2.16/js/	32 KB 10 KB	92ms 90ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/19.2.16/js/intlTelInput.min.js Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 31a653d3eef4fee8a0f663943e6da108d433da1103312e7ecca6fabea7dc7048 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://oxygensignkeep.pics/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 421110 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 9521 last-modified Wed, 31 Jan 2024 15:05:28 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "65ba61b8-2531" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2AkvMueyx10znXOqlsIfQMP1ptQJfokP6dpJuHRo0MvH%2BaIPwiCfNeu5vBrIExbp%2F7qqy%2Fr7qUFAUU%2BmuzkgorlnM%2FZAx0ftuji79GoTyQuEHBgWp2B2uXkE%2F3EJXmzen%2F4Iy%2BZkQZ8Nl8%2B%2F29kJ4IpV"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 8b9db1c7ac584dbb-FRA expires Sun, 17 Aug 2025 17:13:50 GMT
GET H3	200	custom.js Show response oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/js/	581 B 782 B	92ms 90ms	Script application/javascript	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/js/custom.js Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1b8b0f2c83b395b520b9c94b76dff417814ea6fad694e36c7fa6bbaa36bfc644 Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 09 Jul 2024 07:34:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668ce7ea-245" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NN%2B%2BcCXMdwqDmwv8W541uuR4QUhpnIb%2Btxdi4ZlkyXHcU253xRGMnGD8JUSLVV4TOKscnKX5UrPOqnHWgxoEDTpDVY8ihcnCxD5pjaatVAYfPLCMo1FhomC6vOcyGnwpirgeT%2F5o"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c7a8ea9c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:50 GMT
GET H3	200	chat.js Show response oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/js/	11 KB 3 KB	92ms 90ms	Script application/javascript	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/js/chat.js Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 58bb3b616f7195b1e3bd21db3b83106af7009babca399e4565a19fd5b79dfa25 Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 09 Jul 2024 07:34:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668ce7ea-2c77" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y7YSMLHN2J6mBms2I%2BQ2e%2F3LCJq7lGpu1%2F3x3sO3JgqJFjawz%2BwtmrSYdIdr2MfnjsNTeuqiJAVsu%2Bvr3liAZSJjxz7qP7krbcUX6uc0N5xDpWc3rXwZw8aJIz4TwBUVlL7bG46g"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c7a8ec9c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:50 GMT
GET H3	200	form.js Show response oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/js/	10 KB 3 KB	89ms 87ms	Script application/javascript	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/js/form.js Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6779549ff8ce89b4a3fcf08b50a497b73084674a7d136d5f81973cc48a79e737 Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 09 Jul 2024 07:34:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668ce7ea-2624" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2tXpoilhyTIS%2BR9GlikHZT0TcpaYeaFsXq4ToN6v5dBYrc%2BYVJkjxcnjGWACcy6feSyBzvtlr1x26zONEaFczJAYemsWXMVt9tHAvvEXgvffi%2F4QLlPS2xEBUGOLrxeSY5rpnK64"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c7a8ee9c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:50 GMT
GET H3	200	fbevents.js Show response connect.facebook.net/en_US/	225 KB 58 KB	54ms 21ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://oxygensignkeep.pics/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Tue, 27 Aug 2024 17:13:50 GMT document-policy force-load-at-top x-fb-server-load 75 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 58936 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=19, rtx=0, c=23, mss=1232, tbw=4320, tp=9, tpl=0, uplat=0, ullat=-1 pragma public x-fb-debug Ft7JpFOCEn/XWqZrlIzXuOWINolq8GTg55Q6f+EHhD6+FVCeup5WIxOhQwlRJQzyeclSD4y/DmyxiJ7x1ZXf7g== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	loader.gif oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/	40 KB 40 KB	109ms 108ms	Image image/gif	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/loader.gif Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/main.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b360359ffe7d46d32329b6a454b0540e6d34bd444a6f9ecface6663e1cb98aba Request headers Referer https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT cf-cache-status MISS last-modified Mon, 15 Jul 2024 10:07:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "6694f4e3-9ffd" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X8tZW2rQrUSdxaE5OOVFBC7FkVsY18GUrSeQ4JZ8sNzC%2BJdTSNL%2FGdKeQeQFpdsBUHlwvMzQK0%2BOSZfgQV6w85O6boHKNAttaDK2tcF8L6mVlpLkPCRupMddw%2F4zakGCQaeaSoZh"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control public, max-age=31536000, no-transform accept-ranges bytes cf-ray 8b9db1c7b8fc9c04-FRA alt-svc h3=":443"; ma=86400 content-length 40957 expires Wed, 27 Aug 2025 17:13:50 GMT
GET H3	200	bg.png oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/	238 KB 239 KB	134ms 134ms	Image image/png	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/bg.png Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/main.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9e0c93ff9ff4c5837e632e0be3840d7bb6692d64851df3768d62000896680976 Request headers Referer https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT cf-cache-status MISS last-modified Mon, 15 Jul 2024 10:07:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "6694f4e4-3b909" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N2A%2F07HqtFoY%2B37dcXqaTAdn3LiFO%2BvmHrRAz4QKLD260f5mNttKMZ2v48OsCSmChum34HVzaia7g6RHmqgX3Cnk1K2d5agEV%2F5mKg9PwCUzF39luVQ9MaBEuaVytNqZ0wQY8o9z"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=31536000, no-transform accept-ranges bytes cf-ray 8b9db1c7b9009c04-FRA alt-svc h3=":443"; ma=86400 content-length 243977 expires Wed, 27 Aug 2025 17:13:50 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2 fonts.gstatic.com/s/roboto/v32/	10 KB 10 KB	96ms 50ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9f226239b7cb86705238ec5a036a05bdb8fa187630f9c686db7c52ad53b64482 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://oxygensignkeep.pics User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 14:04:34 GMT x-content-type-options nosniff age 11356 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 9780 x-xss-protection 0 last-modified Thu, 01 Aug 2024 20:41:23 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 27 Aug 2025 14:04:34 GMT
GET H2	200	KFOmCnqEu92Fr1Mu5mxKOzY.woff2 fonts.gstatic.com/s/roboto/v32/	10 KB 10 KB	94ms 48ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4d539033909dd344ae868f1c72bd0fc3d5ee082c9a76882448849481fd8ed857 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://oxygensignkeep.pics User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 26 Aug 2024 07:37:54 GMT x-content-type-options nosniff age 120956 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 9852 x-xss-protection 0 last-modified Thu, 01 Aug 2024 20:41:21 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 26 Aug 2025 07:37:54 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v32/	18 KB 18 KB	74ms 29ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://oxygensignkeep.pics User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 14:13:05 GMT x-content-type-options nosniff age 10845 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 18596 x-xss-protection 0 last-modified Thu, 01 Aug 2024 20:41:21 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 27 Aug 2025 14:13:05 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v32/	18 KB 19 KB	69ms 23ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://oxygensignkeep.pics User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 26 Aug 2024 14:58:07 GMT x-content-type-options nosniff age 94543 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 18536 x-xss-protection 0 last-modified Thu, 01 Aug 2024 20:41:24 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 26 Aug 2025 14:58:07 GMT
GET H3	200	refresher oxygensignkeep.pics/	22 B 22 B	142ms 142ms	Image application/json	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://oxygensignkeep.pics/refresher?event1=1&thanks=slv1&lp_key_value=1724746457cf57ae5249bc667a2a70450c83b86029&upd_clickid=cr70ijcqni1c7386g84g&upd_key=idhgls4n2k82mckz238ncl398cnsvqofv3124k1423v32kc25 Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ayxJuVLrPt5B3Nq9O7jKCXSun4u2WCLGCH%2BI9WG%2FLRTtzxxlzdOcVIPm8AqC6Vle8AOEov47JI9mgte48qvaRvym3njbYZBIPSdEIG1iMW%2F9STN9WoSJdjME1eAxICFwQvsjLJM"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=UTF-8 cf-ray 8b9db1c849a29c04-FRA alt-svc h3=":443"; ma=86400 content-length 22 x-request-id 49e5a5d1-90d0-4db4-a258-24e804977fb0
GET H3	200	avatar.svg oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/	210 B 694 B	128ms 128ms	Image image/svg+xml	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/avatar.svg Requested by Host: oxygensignkeep.pics URL: https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/main.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 72c95b5175643370c57b8befe9fcaa4586bbff20886f7a3aca54d0df57cb0372 Request headers Referer https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/styles/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT content-encoding gzip cf-cache-status MISS last-modified Tue, 09 Jul 2024 07:34:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668ce7ea-d2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A9ox%2BeVc1FC48SsF7YFnBiONLzso2Oebbtva0gKw5BY0IUMRj94jAbtqhiW%2BrADC0UnUXI9VlSHy5zxN29ODNTML9qOg%2BY6EvHNWEZAlZewD5wXVtdDgn150K8LAHnj%2BnP2k3jkY"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=31536000, no-transform cf-ray 8b9db1c869b19c04-FRA alt-svc h3=":443"; ma=86400 expires Wed, 27 Aug 2025 17:13:50 GMT
GET H3	200	logo.png oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/	28 KB 28 KB	112ms 111ms	Other image/png	104.21.40.186 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://oxygensignkeep.pics/landers/33_036_lp_sber_chat_unique_191_v3_nm/images/logo.png Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.40.186 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 57d4ea85a60012dac3014e047b85f06cbfd126366ed5d6e52df87726204a41fa Request headers Referer https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 17:13:50 GMT cf-cache-status MISS last-modified Mon, 15 Jul 2024 10:07:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "6694f4e3-6fe6" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K9XJEniY5GSzUnl3eekDkSWP5WiV%2FgGVSNfj0wlQ0ENmrzEpIs5p81asJY%2BVn01dz%2BqJpMCnkMg6tyTy8rob1SvZ9AV0k%2B%2F8X029o4I%2FaA%2FWlh%2FLMDGFBeeZkQggjj92D5BKXIJR"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=31536000, no-transform accept-ranges bytes cf-ray 8b9db1c93a7d9c04-FRA alt-svc h3=":443"; ma=86400 content-length 28646 expires Wed, 27 Aug 2025 17:13:50 GMT
GET H2	200	KFOmCnqEu92Fr1Mu7GxKOzY.woff2 fonts.gstatic.com/s/roboto/v32/	12 KB 12 KB	19ms 19ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 685dd0a4dbede9c486deb28acfbd6a2337f8d796445757029b828c7221e4ced1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://oxygensignkeep.pics User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Tue, 27 Aug 2024 14:11:02 GMT x-content-type-options nosniff age 10969 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12456 x-xss-protection 0 last-modified Thu, 01 Aug 2024 20:41:23 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 27 Aug 2025 14:11:02 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SberBank (Banking)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| php_var function| toQueryString function| bge function| sendRequestToBpix function| bge_ec_register object| bgdataLayer function| fbq function| _fbq function| $ function| jQuery object| libphonenumber object| intlTelInputGlobals function| intlTelInput function| activateRegistrationForm function| getQueryParams object| BPixelJS function| handleUserActivity function| startSendingRequests function| checkLocalStorage

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			oxygensignkeep.pics/	1970-01-21 07:51:54	Name: uclick Value: mrzcxVoKMd013uD9OGCYsRhkwlNwHZWrZnSqXBIfjj+WZnJVXJ00CJSTeZhNhJr7E8gzPDQ=
			oxygensignkeep.pics/	1970-01-21 07:51:54	Name: bcid Value: cr70ijcqni1c7386g84g
			oxygensignkeep.pics/	1970-01-21 07:51:54	Name: cid Value: cr70ijcqni1c7386g84g

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.imotech.video/ad/events.js?pixel_id= Message: Failed to load resource: the server responded with a status of 500 ()
security	warning	URL: https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c Message: Mixed Content: The page at 'https://oxygensignkeep.pics/refresher?key=d41e0d3aa5d925d8b57c' was loaded over HTTPS, but requested an insecure element 'http://oxygensignkeep.pics/refresher?event1=1&thanks=slv1&lp_key_value=1724746457cf57ae5249bc667a2a70450c83b86029&upd_clickid=cr70ijcqni1c7386g84g&upd_key=idhgls4n2k82mckz238ncl398cnsvqofv3124k1423v32kc25'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.imotech.video
cdnjs.cloudflare.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
oxygensignkeep.pics
104.21.40.186
202.168.102.27
2606:4700::6811:180e
2a00:1450:4001:811::2003
2a00:1450:4001:813::200a
2a03:2880:f084:105:face:b00c:0:3
1b8b0f2c83b395b520b9c94b76dff417814ea6fad694e36c7fa6bbaa36bfc644
31a653d3eef4fee8a0f663943e6da108d433da1103312e7ecca6fabea7dc7048
3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1
4d539033909dd344ae868f1c72bd0fc3d5ee082c9a76882448849481fd8ed857
57d4ea85a60012dac3014e047b85f06cbfd126366ed5d6e52df87726204a41fa
58bb3b616f7195b1e3bd21db3b83106af7009babca399e4565a19fd5b79dfa25
5e7b525bbe2fedb4618a9aa8d385dc127bb5b63f62699b91abc28fe196915d55
6779549ff8ce89b4a3fcf08b50a497b73084674a7d136d5f81973cc48a79e737
685dd0a4dbede9c486deb28acfbd6a2337f8d796445757029b828c7221e4ced1
6e4b0d0b71acb766482f7952dcf75855b2b20a33b4025051fcd02e2f8bd600c8
72c95b5175643370c57b8befe9fcaa4586bbff20886f7a3aca54d0df57cb0372
75406290a36c4f1b84f31a09098495f37951172a97f2a8931e57d5a56eb8036b
81c9f9c685786d7e90fa0d877d41b52abb1ba68ea875c856b3a022c3cf410365
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
8a0a9e2acfa9985df9605a42298a1a5a61ecf03ec550b028192c0073360e8585
9e0c93ff9ff4c5837e632e0be3840d7bb6692d64851df3768d62000896680976
9f226239b7cb86705238ec5a036a05bdb8fa187630f9c686db7c52ad53b64482
aa1632b7087051eb51c59abe05908789ebec4311af5ed212c81059cebd2d29e8
b09b0920822a9385cac1bb34a1df9f96489dbbef839a5f33cf73c84b730410b5
b0da0439a71471db884fbd654518df5c4f9a1d08ad09abaf1e4ee34ab716e8b6
b360359ffe7d46d32329b6a454b0540e6d34bd444a6f9ecface6663e1cb98aba
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4396841a7c3b2805e113d3c72d7719158f36bb3d8938c1dbc0c5fc9394b8b57
f832ceba3c99c4edc245a71fef30c6aaaf790d13c8f8de5a3964f2fdcfbd13cd
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a