urlscan.io logo urlscan.io
SecurityTrails logo

ww1.exact-offer.xyz Open in urlscan Pro
199.59.243.225  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://1698144706805.stimulaiunit.co.uk/
Effective URL: http://ww1.exact-offer.xyz/
Submission: On November 08 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 13 domains to perform 17 HTTP transactions. The main IP is 199.59.243.225, located in United States and belongs to AMAZON-02, US. The main domain is ww1.exact-offer.xyz.
This is the only time ww1.exact-offer.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 172.104.190.11 63949 (AKAMAI-LI...)
2 3 51.68.82.147 16276 (OVH)
1 1 34.91.27.112 396982 (GOOGLE-CL...)
1 4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 18.232.14.170 14618 (AMAZON-AES)
1 1 192.157.56.140 55286 (SERVER-MANIA)
4 199.59.243.225 16509 (AMAZON-02)
1 2607:f8b0:402... 15169 (GOOGLE)
1 2607:f8b0:402... 15169 (GOOGLE)
4 2607:f8b0:402... 15169 (GOOGLE)
2 2607:f8b0:402... 15169 (GOOGLE)
17 8
3    172.104.190.11 (Singapore, Singapore)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-104-190-11.ip.linodeusercontent.com
1698144706805.stimulaiunit.co.uk
1699483084866.mauicksand.top
1699483085548.lightlykue.info
3    51.68.82.147 (France)

ASN16276 (OVH, FR)
www.xunasmitrarol.club
1    34.91.27.112 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 112.27.91.34.bc.googleusercontent.com
admoustache.media-412.com
4    2606:4700:3037::6815:4539 (United States)

ASN13335 (CLOUDFLARENET, US)
www.cogliatu.com
1    2606:4700:3034::6815:1362 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
1    18.232.14.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-232-14-170.compute-1.amazonaws.com
perserymanked.com
1    192.157.56.140 (Buffalo, United States)

ASN55286 (SERVER-MANIA, CA)
exact-offer.xyz
4    199.59.243.225 (United States)

ASN16509 (AMAZON-02, US)
ww1.exact-offer.xyz
1    2607:f8b0:4020:805::2004 (Montreal, Canada)

ASN15169 (GOOGLE, US)
www.google.com
1    2607:f8b0:4020:807::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
4    2607:f8b0:4020:806::200e (Montreal, Canada)

ASN15169 (GOOGLE, US)
www.adsensecustomsearchads.com
2    2607:f8b0:4020:804::2001 (Montreal, Canada)

ASN15169 (GOOGLE, US)
afs.googleusercontent.com
Apex Domain
Subdomains		 Transfer
5 exact-offer.xyz
exact-offer.xyz
ww1.exact-offer.xyz
36 KB
4 adsensecustomsearchads.com
www.adsensecustomsearchads.com — Cisco Umbrella Rank: 2716
57 KB
4 cogliatu.com
www.cogliatu.com
6 KB
3 xunasmitrarol.club
www.xunasmitrarol.club
5 KB
2 googleusercontent.com
afs.googleusercontent.com — Cisco Umbrella Rank: 9168
1 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 1181
595 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
54 KB
1 perserymanked.com
perserymanked.com
703 B
1 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 377313
1 KB
1 media-412.com
admoustache.media-412.com
271 B
1 lightlykue.info
1699483085548.lightlykue.info
295 B
1 mauicksand.top
1699483084866.mauicksand.top
451 B
1 stimulaiunit.co.uk
1698144706805.stimulaiunit.co.uk
450 B
17 13
Domain Requested by
4 www.adsensecustomsearchads.com www.google.com
www.adsensecustomsearchads.com
4 ww1.exact-offer.xyz www.cogliatu.com
ww1.exact-offer.xyz
4 www.cogliatu.com 1 redirects www.xunasmitrarol.club
www.cogliatu.com
3 www.xunasmitrarol.club 2 redirects
2 afs.googleusercontent.com www.adsensecustomsearchads.com
1 partner.googleadservices.com www.google.com
1 www.google.com ww1.exact-offer.xyz
1 exact-offer.xyz 1 redirects
1 perserymanked.com 1 redirects
1 cdn.addlnk.com www.cogliatu.com
1 admoustache.media-412.com 1 redirects
1 1699483085548.lightlykue.info 1 redirects
1 1699483084866.mauicksand.top 1 redirects
1 1698144706805.stimulaiunit.co.uk 1 redirects
17 14

This site contains no links.

Subject Issuer Validity Valid
www.xunasmitrarol.club
R3		 2023-09-11 -
2023-12-10		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-02-10 -
2024-02-10		 a year crt.sh
addlnk.com
GTS CA 1P5		 2023-10-09 -
2024-01-07		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh

This page contains 3 frames:

Primary Page: http://ww1.exact-offer.xyz/
Frame ID: 81EF4A3D9B2E0A6453DE60212FF94926
Requests: 11 HTTP requests in this frame

Frame: https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
Frame ID: A4F233F5DE1749DFD66359EF518AF8C2
Requests: 2 HTTP requests in this frame

Frame: https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol322%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol490&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.exact-offer.xyz%3Fcaf%26&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3&nocache=3551699483088636&num=0&output=afd_ads&domain_name=ww1.exact-offer.xyz&v=3&bsl=8&pac=0&u_his=2&u_tz=-600&dt=1699483088637&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=578165713&uio=-&cont=rs&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww1.exact-offer.xyz%2F
Frame ID: EEEA16C5605A6C176F8029C490DD7F58
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Exact-offer.xyz

Page URL History Show full URLs

  1. http://1698144706805.stimulaiunit.co.uk/ HTTP 302
    http://1699483084866.mauicksand.top/8cea15e1-2ba8-4746-b257-1f81437bc0ac?n=1&t=1699483084866&l_next=aHR0cHM6Ly93... HTTP 302
    http://1699483085548.lightlykue.info/2324bda2-e7e3-4756-a20a-387c073d583a?n=2&t=1699483084866&l_next=aHR0cHM6Ly93... HTTP 302
    https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag= Page URL
  2. https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=&eyeg=ce315b3e7e49bfe36db92d... HTTP 302
    https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=&eyeg=3&eyer=0.2729461365800... HTTP 302
    https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=3300022aba1aaf50103a592052d75129... HTTP 302
    https://www.cogliatu.com/rc/a91581ead4?affclick=654c0dcffb5eb5000199f656&pubid=503 Page URL
  3. https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a... HTTP 302
    https://exact-offer.xyz/chat?external_id=wis5u87n9pbdsussimr1cd3k&cost=&external_cid=b12060d5-e9c9-4... HTTP 302
    http://ww1.exact-offer.xyz/ Page URL

Page Statistics

17
Requests

71 %
HTTPS

50 %
IPv6

13
Domains

14
Subdomains

8
IPs

5
Countries

159 kB
Transfer

358 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://1698144706805.stimulaiunit.co.uk/ HTTP 302
    http://1699483084866.mauicksand.top/8cea15e1-2ba8-4746-b257-1f81437bc0ac?n=1&t=1699483084866&l_next=aHR0cHM6Ly93d3cueHVuYXNtaXRyYXJvbC5jbHViLz9zbD01Njk4MzU4LWMwOTliJmRhdGExPVRyYWNrMSZkYXRhMj1UcmFjazImdGFnPQ==&type_v=global&key_v=error HTTP 302
    http://1699483085548.lightlykue.info/2324bda2-e7e3-4756-a20a-387c073d583a?n=2&t=1699483084866&l_next=aHR0cHM6Ly93d3cueHVuYXNtaXRyYXJvbC5jbHViLz9zbD01Njk4MzU4LWMwOTliJmRhdGExPVRyYWNrMSZkYXRhMj1UcmFjazImdGFnPQ==&type_v=global&key_v=error HTTP 302
    https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag= Page URL
  2. https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=&eyeg=ce315b3e7e49bfe36db92d95e4178f02&eyer=0.2729461365800452&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
    https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=&eyeg=3&eyer=0.2729461365800452&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
    https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=3300022aba1aaf50103a592052d75129235d41108-202311-flb*5698358-c099b**sl_5698358-c099b*dc1035416daa9487a5b8dab167d9d4878fd50352** HTTP 302
    https://www.cogliatu.com/rc/a91581ead4?affclick=654c0dcffb5eb5000199f656&pubid=503 Page URL
  3. https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a095e6cdfd111652 HTTP 302
    https://exact-offer.xyz/chat?external_id=wis5u87n9pbdsussimr1cd3k&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&publisher=eran&placement=81b90edf_503&ts=c181ca30-04e8-4bfc-aa50-ac6cfc246e76&cid=8b6fd34c-5569-f705-1f17-d62a757242b1 HTTP 302
    http://ww1.exact-offer.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://1698144706805.stimulaiunit.co.uk/ HTTP 302
  • http://1699483084866.mauicksand.top/8cea15e1-2ba8-4746-b257-1f81437bc0ac?n=1&t=1699483084866&l_next=aHR0cHM6Ly93d3cueHVuYXNtaXRyYXJvbC5jbHViLz9zbD01Njk4MzU4LWMwOTliJmRhdGExPVRyYWNrMSZkYXRhMj1UcmFjazImdGFnPQ==&type_v=global&key_v=error HTTP 302
  • http://1699483085548.lightlykue.info/2324bda2-e7e3-4756-a20a-387c073d583a?n=2&t=1699483084866&l_next=aHR0cHM6Ly93d3cueHVuYXNtaXRyYXJvbC5jbHViLz9zbD01Njk4MzU4LWMwOTliJmRhdGExPVRyYWNrMSZkYXRhMj1UcmFjazImdGFnPQ==&type_v=global&key_v=error HTTP 302
  • https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=
Request Chain 1
  • https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=&eyeg=ce315b3e7e49bfe36db92d95e4178f02&eyer=0.2729461365800452&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
  • https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=&eyeg=3&eyer=0.2729461365800452&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef= HTTP 302
  • https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=3300022aba1aaf50103a592052d75129235d41108-202311-flb*5698358-c099b**sl_5698358-c099b*dc1035416daa9487a5b8dab167d9d4878fd50352** HTTP 302
  • https://www.cogliatu.com/rc/a91581ead4?affclick=654c0dcffb5eb5000199f656&pubid=503
Request Chain 3
  • https://www.cogliatu.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.xunasmitrarol.club/
Redirect Chain
  • http://1698144706805.stimulaiunit.co.uk/
  • http://1699483084866.mauicksand.top/8cea15e1-2ba8-4746-b257-1f81437bc0ac?n=1&t=1699483084866&l_next=aHR0cHM6Ly93d3cueHVuYXNtaXRyYXJvbC5jbHViLz9zbD01Njk4MzU4LWMwOTliJmRhdGExPVRyYWNrMSZkYXRhMj1UcmFja...
  • http://1699483085548.lightlykue.info/2324bda2-e7e3-4756-a20a-387c073d583a?n=2&t=1699483084866&l_next=aHR0cHM6Ly93d3cueHVuYXNtaXRyYXJvbC5jbHViLz9zbD01Njk4MzU4LWMwOTliJmRhdGExPVRyYWNrMSZkYXRhMj1UcmFj...
  • https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.68.82.147 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
c2b63f40531f9d291034972ad9a828ee554a59bb6c7f7e33febf57064e51cbc0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-CH
Sec-CH-UA-Platform-Version
Cache-Control
no-transform
Connection
keep-alive
Content-Type
text/html
Date
Wed, 08 Nov 2023 22:38:06 GMT
Transfer-Encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
226
Content-Type
text/html; charset=utf-8
Date
Wed, 08 Nov 2023 22:38:06 GMT
Keep-Alive
timeout=5
Location
https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=
Vary
Accept
X-Powered-By
Express
a91581ead4
www.cogliatu.com/rc/
Redirect Chain
  • https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=&eyeg=ce315b3e7e49bfe36db92d95e4178f02&eyer=0.2729461365800452&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=
  • https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=&eyeg=3&eyer=0.2729461365800452&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=
  • https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=3300022aba1aaf50103a592052d75129235d41108-202311-flb*5698358-c099b**sl_5698358-c099b*dc1035416daa9487a5b8dab167d9d4878f...
  • https://www.cogliatu.com/rc/a91581ead4?affclick=654c0dcffb5eb5000199f656&pubid=503
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0dcffb5eb5000199f656&pubid=503
Requested by
Host: www.xunasmitrarol.club
URL: https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4539 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7d275674590d57573837a84d5eafce096a4d00fefdf02c704508b1e37868f47

Request headers

Referer
https://www.xunasmitrarol.club/?sl=5698358-c099b&data1=Track1&data2=Track2&tag=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82314dee6a458c09-EWR
content-encoding
br
content-language
en
content-type
text/html; charset=utf-8
date
Wed, 08 Nov 2023 22:38:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TdGoCkGf2dThawuf3Cph4CRwkczOZCCDemKecxksHBF70lEG7qB4j4UU7f%2B28lLq1CZLKLeNDNw7v0ccRfkXUoQJS9j%2Fl5PasmLuileq0dPW39%2BtADpZdrDNZDTobSj03S85pC0PBVWlTrdWEnlB"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin
*
content-length
0
date
Wed, 08 Nov 2023 22:38:07 GMT
location
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0dcffb5eb5000199f656&pubid=503
referer
referrer-policy
no-referrer
server
nginx
x-adjust-use-original-forwarded-for
1
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: www.cogliatu.com
URL: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0dcffb5eb5000199f656&pubid=503
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:1362 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 22:38:07 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
1RAKTTQECM4KG469
age
3320
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
0UZ4s12DvcPSqqw7XFAouINf4NoKInuqy/3RMIIderu3r+k5Qfqjm6wNh+XSc07M33iyROYD2xDuEZxxcxT2Kg==
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2NmmMYb1aIhoMoG%2BGE8Dfw6tQj9PF6OVVIQjHj%2FZ0v8o%2Be9xa5spHlyHj%2F2kcBtQuKYDoP%2BBTmiz%2F99Ap2FxOtSDlxrWZjOH%2Bzp1kpzj7GghuaWhppeAWMA%2FCQ%2BUlW1VEdaHBxGyXz%2FBO%2Fl%2Fnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
82314df1294b4367-EWR
main.js
www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/ Frame A4F2
Redirect Chain
  • https://www.cogliatu.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
Protocol
H2
Server
2606:4700:3037::6815:4539 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fdec78348fad90e76fe9559ab82fc49d457f436c99977ad374ee71a113ca767
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 22:38:07 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1sFAbCm3f%2FwjZ2nbZnntsS2OCcBMm5ayMOQNpGJ2kp9dG0cfggWPfBndCUqkOYYA1QC3BKkcI11FQw%2Fl2FeE1X6HeKyVsu79GnLOPp0HULwkBn9q%2FpP8Wu6PcgrFlhVOCmYaa1CPFyamM0HJ1P%2FJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
82314df16d668c09-EWR
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Wed, 08 Nov 2023 22:38:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ACZGdqTZEs6lhnR3ddKzb3ash%2F18JcAMTNELl0XFDWX%2FW1m6HvQyME1Q6sDywHxUrva6n3Xj1R9Hh3PaZTw8l9fje%2BpApwWgzNeo16v2%2B4RzPxjw6iQ6nhd37L5luf%2BhKOv%2FBtFDaBjh%2FJafSG%2BO"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
cache-control
max-age=300, public
cf-ray
82314df15d538c09-EWR
alt-svc
h3=":443"; ma=86400
82314dee6a458c09
www.cogliatu.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame A4F2 		0
599 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.cogliatu.com/cdn-cgi/challenge-platform/h/g/jsd/r/82314dee6a458c09
Requested by
Host: www.cogliatu.com
URL: https://www.cogliatu.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:4539 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 08 Nov 2023 22:38:07 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kK7srfipOp%2BT6dQV%2BSyBOPMBu4W0geMwKz6xqjc%2FWK%2B4KZgahuq%2BWJMu963haSpFdJqPBinMZ78xKzRQxL%2BkD1ePYTa7eftT76Jb%2FGt85aSD6sXlKE8Tsh%2B4SXqvh96Se6XzrXI5ZqkAW%2B9qQ6wV"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
82314df218fc18b8-EWR
alt-svc
h3=":443"; ma=86400
Primary Request /
ww1.exact-offer.xyz/
Redirect Chain
  • https://perserymanked.com/b12060d5-e9c9-4b85-9eb5-b41285f82634?c2=81b90edf_503&c1=pub3caacc17b3e14cc2a095e6cdfd111652
  • https://exact-offer.xyz/chat?external_id=wis5u87n9pbdsussimr1cd3k&cost=&external_cid=b12060d5-e9c9-4b85-9eb5-b41285f82634&source=6efa2ba6-87c4-4bb2-b973-4ec73420e640&publisher=eran&placement=81b90e...
  • http://ww1.exact-offer.xyz/
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ww1.exact-offer.xyz/
Requested by
Host: www.cogliatu.com
URL: https://www.cogliatu.com/rc/a91581ead4?affclick=654c0dcffb5eb5000199f656&pubid=503
Protocol
HTTP/1.1
Server
199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
cf79aa1e8f3098668c918ddf2e686a58a959235fb8469e230931d7eb86a503b0

Request headers

Referer
https://www.cogliatu.com/rc/a91581ead4?affclick=654c0dcffb5eb5000199f656&pubid=503
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
sec-ch-prefers-color-scheme
cache-control
no-store, max-age=0
content-length
1029
content-type
text/html; charset=utf-8
critical-ch
sec-ch-prefers-color-scheme
date
Wed, 08 Nov 2023 22:38:07 GMT
vary
sec-ch-prefers-color-scheme
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_xut8cBHRYhQF1IqgkVkqk00+n0vo5FWsETkbpK4MFWxHRtFYwBuYXjGi68f7rg6sbncnr55cZWZwlcF32+kl+Q==
x-request-id
8514a5c3-f134-4c2e-8785-89ee12bcbba6

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
11
date
Wed, 08 Nov 2023 22:38:08 GMT
location
http://ww1.exact-offer.xyz
server
Cowboy
bTNphucFh.js
ww1.exact-offer.xyz/ 		31 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ww1.exact-offer.xyz/bTNphucFh.js
Requested by
Host: ww1.exact-offer.xyz
URL: http://ww1.exact-offer.xyz/
Protocol
HTTP/1.1
Server
199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
139577c9673a9a313d14878db0adbaf5ee23bdcb2f5e751fbc8c1a6f7898426d

Request headers

accept-language
en-US,en;q=0.9
Referer
http://ww1.exact-offer.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 22:38:07 GMT
content-length
31954
x-request-id
13037b83-f413-450c-87e7-d080fe621f8b
content-type
application/javascript; charset=utf-8
_fd
ww1.exact-offer.xyz/ 		4 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
http://ww1.exact-offer.xyz/_fd
Requested by
Host: ww1.exact-offer.xyz
URL: http://ww1.exact-offer.xyz/bTNphucFh.js
Protocol
HTTP/1.1
Server
199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
fd023d0b454db88dda6eabaa4788d55ee2651ceedc73b2e7268aeffe7e56d2fc

Request headers

Accept
application/json
Referer
http://ww1.exact-offer.xyz/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
application/json

Response headers

x-version
2.110.3
date
Wed, 08 Nov 2023 22:38:07 GMT
content-encoding
gzip
pragma
no-cache
server
openresty
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length
2052
expires
Thu, 01 Jan 1970 00:00:01 GMT
caf.js
www.google.com/adsense/domains/ 		147 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: ww1.exact-offer.xyz
URL: http://ww1.exact-offer.xyz/bTNphucFh.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5df6a4379a761980addd89037e7f9a43b758551e797eedacaf876f34cbd02182
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://ww1.exact-offer.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 22:38:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"17568829171740166930"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
expires
Wed, 08 Nov 2023 22:38:08 GMT
cookie.js
partner.googleadservices.com/gampad/ 		384 B
595 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=ww1.exact-offer.xyz&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6f40d9c81677abfad033add0fdb805218a1a0b10b47b8e71c4365c2158872d8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://ww1.exact-offer.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 22:38:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
243
x-xss-protection
0
ads
www.adsensecustomsearchads.com/afs/ Frame EEEA 		13 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol322%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol490&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.exact-offer.xyz%3Fcaf%26&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3&nocache=3551699483088636&num=0&output=afd_ads&domain_name=ww1.exact-offer.xyz&v=3&bsl=8&pac=0&u_his=2&u_tz=-600&dt=1699483088637&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=578165713&uio=-&cont=rs&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww1.exact-offer.xyz%2F
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
b59993ce6c33d70b51d2d56aa2402f1f8baecdb9e34dace5dd07b6eabc3cd34f
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-rq24LqGPBU8wUzlIdVz-nw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection 0

Request headers

Referer
http://ww1.exact-offer.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-disposition
inline
content-encoding
br
content-length
2555
content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-rq24LqGPBU8wUzlIdVz-nw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
date
Wed, 08 Nov 2023 22:38:08 GMT
expires
Wed, 08 Nov 2023 22:38:08 GMT
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server
gws
x-xss-protection
0
chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame EEEA 		200 B
289 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
Requested by
Host: www.adsensecustomsearchads.com
URL: https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol322%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol490&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.exact-offer.xyz%3Fcaf%26&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3&nocache=3551699483088636&num=0&output=afd_ads&domain_name=ww1.exact-offer.xyz&v=3&bsl=8&pac=0&u_his=2&u_tz=-600&dt=1699483088637&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=578165713&uio=-&cont=rs&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww1.exact-offer.xyz%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.adsensecustomsearchads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 08 Nov 2023 08:20:10 GMT
age
51478
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
174
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 22:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="afs-native-asset-managers"
vary
Accept-Encoding
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type
image/svg+xml
cache-control
public, max-age=82800
accept-ranges
bytes
expires
Thu, 09 Nov 2023 07:20:10 GMT
call_to_action_arrow.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame EEEA 		444 B
804 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
Requested by
Host: www.adsensecustomsearchads.com
URL: https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol322%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol490&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.exact-offer.xyz%3Fcaf%26&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3&nocache=3551699483088636&num=0&output=afd_ads&domain_name=ww1.exact-offer.xyz&v=3&bsl=8&pac=0&u_his=2&u_tz=-600&dt=1699483088637&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=578165713&uio=-&cont=rs&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww1.exact-offer.xyz%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.adsensecustomsearchads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 08 Nov 2023 06:23:13 GMT
age
58495
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
278
x-xss-protection
0
last-modified
Tue, 27 Jun 2023 17:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="afs-native-asset-managers"
vary
Accept-Encoding
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type
image/svg+xml
cache-control
public, max-age=82800
accept-ranges
bytes
expires
Thu, 09 Nov 2023 05:23:13 GMT
caf.js
www.adsensecustomsearchads.com/adsense/domains/ Frame EEEA 		146 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.adsensecustomsearchads.com/adsense/domains/caf.js?pac=0
Requested by
Host: www.adsensecustomsearchads.com
URL: https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol202%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol322%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol490&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww1.exact-offer.xyz%3Fcaf%26&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383&format=r3&nocache=3551699483088636&num=0&output=afd_ads&domain_name=ww1.exact-offer.xyz&v=3&bsl=8&pac=0&u_his=2&u_tz=-600&dt=1699483088637&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&cl=578165713&uio=-&cont=rs&jsid=caf&jsv=578165713&rurl=http%3A%2F%2Fww1.exact-offer.xyz%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
14583633c7c8d5e084d889f9fd1886a02c158dac63a33293141f74eeb289d693
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.adsensecustomsearchads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 22:38:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"14110688364054311877"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
expires
Wed, 08 Nov 2023 22:38:08 GMT
_tr
ww1.exact-offer.xyz/ 		2 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
http://ww1.exact-offer.xyz/_tr
Requested by
Host: ww1.exact-offer.xyz
URL: http://ww1.exact-offer.xyz/bTNphucFh.js
Protocol
HTTP/1.1
Server
199.59.243.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Accept
application/json
Referer
http://ww1.exact-offer.xyz/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
application/json

Response headers

x-version
2.110.3
date
Wed, 08 Nov 2023 22:38:08 GMT
content-encoding
gzip
pragma
no-cache
server
openresty
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length
22
expires
Thu, 01 Jan 1970 00:00:01 GMT
gen_204
www.adsensecustomsearchads.com/afs/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=wybjzqnk39nm&aqid=0A1MZbD6LMzwowbq277oAQ&psid=3113057640&pbt=bs&adbx=450&adby=143&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=578165713&csala=4%7C0%7C181%7C66%7C10&lle=0&ifv=1&usr=0&hpt=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-G1yENeop4Tp528hYBiRQ5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://ww1.exact-offer.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-G1yENeop4Tp528hYBiRQ5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Wed, 08 Nov 2023 22:38:10 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/html; charset=UTF-8
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
gen_204
www.adsensecustomsearchads.com/afs/ 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.adsensecustomsearchads.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=6g7abbcls73o&aqid=0A1MZbD6LMzwowbq277oAQ&psid=3113057640&pbt=bv&adbx=450&adby=143&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=578165713&csala=4%7C0%7C181%7C66%7C10&lle=0&ifv=1&usr=0&hpt=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-UH31dAAEqhdlMhaie6iO3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
http://ww1.exact-offer.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-UH31dAAEqhdlMhaie6iO3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Wed, 08 Nov 2023 22:38:10 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/html; charset=UTF-8
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| park object| version object| __parkour number| googleNDT_ number| googleAltLoader object| google function| __sasCookie number| experimentId_

8 Cookies

Domain/Path Name / Value
admoustache.media-412.com/ Name: afclick
Value: 654c0dcffb5eb5000199f656
www.cogliatu.com/ Name: AWSALB
Value: rfWvigOlnJVjdjgWFsJiysl52uuPmxxR8cVgmgkRIIe6M/KoSaeCZmeylDROrL6y1nHqpKBJGyUjYXcKTRzawyAsS5WASKjUAjrqvuq8m3icHZeSKKp9WImIFBOi
.cogliatu.com/ Name: cf_clearance
Value: mWHT.4f.OrEeqgUHlEbzm1Dptu9W8eW3a22V34gQNuQ-1699483087-0-1-3e30d04f.fd53a3da.dc64aad0-0.2.1699483087
.perserymanked.com/ Name: b12060d5-e9c9-4b85-9eb5-b41285f82634-v4
Value: gTsbYN4Wc4_XLVRbjuuCxPBHLtUh92_aExu0ho4O7CI
.perserymanked.com/ Name: voluum-cid-v4
Value: %7B%22cid%22%3A%22wis5u87n9pbdsussimr1cd3k%22%2C%22caid%22%3A%22b12060d5-e9c9-4b85-9eb5-b41285f82634%22%7D
.exact-offer.xyz/ Name: sid
Value: 7d0d65f4-7e87-11ee-b73d-4b2ca362bd2f
ww1.exact-offer.xyz/ Name: parking_session
Value: 8514a5c3-f134-4c2e-8785-89ee12bcbba6
.exact-offer.xyz/ Name: __gsas
Value: ID=b55579bd669ed650:T=1699483088:RT=1699483088:S=ALNI_Mb-kPlviupfWhNXkwchTrAPr1T1dA

1 Console Messages

Source Level URL
Text
other warning URL: https://www.google.com/adsense/domains/caf.js(Line 215)
Message:
Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1698144706805.stimulaiunit.co.uk
1699483084866.mauicksand.top
1699483085548.lightlykue.info
admoustache.media-412.com
afs.googleusercontent.com
cdn.addlnk.com
exact-offer.xyz
partner.googleadservices.com
perserymanked.com
ww1.exact-offer.xyz
www.adsensecustomsearchads.com
www.cogliatu.com
www.google.com
www.xunasmitrarol.club
172.104.190.11
18.232.14.170
192.157.56.140
199.59.243.225
2606:4700:3034::6815:1362
2606:4700:3037::6815:4539
2607:f8b0:4020:804::2001
2607:f8b0:4020:805::2004
2607:f8b0:4020:806::200e
2607:f8b0:4020:807::2002
34.91.27.112
51.68.82.147
139577c9673a9a313d14878db0adbaf5ee23bdcb2f5e751fbc8c1a6f7898426d
14583633c7c8d5e084d889f9fd1886a02c158dac63a33293141f74eeb289d693
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e
5a0687ea8c9aa404a7724490f046e30023ec6b5aa81d01ae4f225889a64174f6
5df6a4379a761980addd89037e7f9a43b758551e797eedacaf876f34cbd02182
6f40d9c81677abfad033add0fdb805218a1a0b10b47b8e71c4365c2158872d8e
6fdec78348fad90e76fe9559ab82fc49d457f436c99977ad374ee71a113ca767
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
b59993ce6c33d70b51d2d56aa2402f1f8baecdb9e34dace5dd07b6eabc3cd34f
c2b63f40531f9d291034972ad9a828ee554a59bb6c7f7e33febf57064e51cbc0
cf79aa1e8f3098668c918ddf2e686a58a959235fb8469e230931d7eb86a503b0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7d275674590d57573837a84d5eafce096a4d00fefdf02c704508b1e37868f47
fd023d0b454db88dda6eabaa4788d55ee2651ceedc73b2e7268aeffe7e56d2fc