c1.ouisys.com Open in urlscan Pro
18.159.175.214 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://link.ipthbwwzeigb6686.com/c
Effective URL:
https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz
Submission: On February 07 via manual (February 7th 2024, 9:16:11 am UTC) from FR — Scanned from FR

Summary HTTP 31 Redirects Behaviour Indicators

Summary

This website contacted 19 IPs in 6 countries across 17 domains to perform 31 HTTP transactions. The main IP is 18.159.175.214, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is c1.ouisys.com.
TLS certificate: Issued by R3 on December 28th 2023. Valid for: 3 months.

This is the only time c1.ouisys.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 1	80.66.77.52 80.66.77.52	211849 (KAKHAROV-AS) (KAKHAROV-AS)
1	185.155.184.85 185.155.184.85	6898 (AS-6898 C...) (AS-6898 C41.CH SAGL - LUGANO Data Center)
1 2	185.155.184.53 185.155.184.53	6898 (AS-6898 C...) (AS-6898 C41.CH SAGL - LUGANO Data Center)
1	108.178.23.115 108.178.23.115	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	18.193.146.82 18.193.146.82	16509 (AMAZON-02) (AMAZON-02)
1	18.159.175.214 18.159.175.214	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
2	2600:9000:225... 2600:9000:2251:5a00:f:4439:7640:93a1	16509 (AMAZON-02) (AMAZON-02)
5	18.196.181.99 18.196.181.99	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:29:1... 2620:1ec:29:1::72	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
1	52.28.240.8 52.28.240.8	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	23.96.124.68 23.96.124.68	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	34.253.248.174 34.253.248.174	16509 (AMAZON-02) (AMAZON-02)
1	3.121.24.60 3.121.24.60	16509 (AMAZON-02) (AMAZON-02)
31	19

1 80.66.77.52 (Russian Federation) 1 redirects

ASN211849 (KAKHAROV-AS, KZ)

link.ipthbwwzeigb6686.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.155.184.85 (Switzerland)

ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH)

hitthejackpot.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.155.184.53 (Switzerland) 1 redirects

ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH)

716.baykaythan.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.178.23.115 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

get.greatlifebargains2024.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.193.146.82 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com

quick-klean.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.159.175.214 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-175-214.eu-central-1.compute.amazonaws.com

c1.ouisys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2251:5a00:f:4439:7640:93a1 (United States)

ASN16509 (AMAZON-02, US)

d2b4jmuffp1l21.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.196.181.99 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-181-99.eu-central-1.compute.amazonaws.com

de-pacman.analytickz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:29:1::72 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.240.8 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-240-8.eu-central-1.compute.amazonaws.com

n.gamezones.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.96.124.68 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

s.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.253.248.174 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-248-174.eu-west-1.compute.amazonaws.com

notify.dcbprotect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.24.60 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-24-60.eu-central-1.compute.amazonaws.com

de-pacman-v3.analytickz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 747 s.clarity.ms — Cisco Umbrella Rank: 7828 c.clarity.ms — Cisco Umbrella Rank: 1351	23 KB
6	analytickz.com de-pacman.analytickz.com — Cisco Umbrella Rank: 860640 de-pacman-v3.analytickz.com	1 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2029	21 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	275 KB
2	google.fr www.google.fr — Cisco Umbrella Rank: 19149	515 B
2	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 2616	651 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 79	394 B
2	cloudfront.net d2b4jmuffp1l21.cloudfront.net	328 KB
2	baykaythan.live 1 redirects 716.baykaythan.live	4 KB
1	dcbprotect.com notify.dcbprotect.com — Cisco Umbrella Rank: 434050	161 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 247	762 B
1	gamezones.biz n.gamezones.biz	452 B
1	ouisys.com c1.ouisys.com	98 KB
1	quick-klean.com 1 redirects quick-klean.com	609 B
1	greatlifebargains2024.com get.greatlifebargains2024.com — Cisco Umbrella Rank: 549470	1 KB
1	hitthejackpot.life hitthejackpot.life	38 KB
1	ipthbwwzeigb6686.com 1 redirects link.ipthbwwzeigb6686.com	297 B
31	17

	Domain	Requested by
5	de-pacman.analytickz.com	c1.ouisys.com d2b4jmuffp1l21.cloudfront.net hitthejackpot.life
3	www.googletagmanager.com	c1.ouisys.com www.google-analytics.com www.googletagmanager.com
2	c.clarity.ms	1 redirects
2	s.clarity.ms	www.clarity.ms
2	www.google.fr	c1.ouisys.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.clarity.ms	hitthejackpot.life www.clarity.ms
2	d2b4jmuffp1l21.cloudfront.net	c1.ouisys.com
2	716.baykaythan.live	1 redirects hitthejackpot.life
1	region1.google-analytics.com	www.googletagmanager.com
1	de-pacman-v3.analytickz.com	hitthejackpot.life
1	notify.dcbprotect.com	c1.ouisys.com
1	c.bing.com	1 redirects
1	region1.analytics.google.com	www.googletagmanager.com
1	www.google.com	c1.ouisys.com
1	n.gamezones.biz	d2b4jmuffp1l21.cloudfront.net
1	c1.ouisys.com	get.greatlifebargains2024.com
1	quick-klean.com	1 redirects
1	get.greatlifebargains2024.com	716.baykaythan.live
1	hitthejackpot.life
1	link.ipthbwwzeigb6686.com	1 redirects
31	22

This site contains no links.

Subject Issuer	Validity	Valid
hitthejackpot.life R3	`2024-02-06` - `2024-05-06`	3 months	crt.sh
baykaythan.live R3	`2024-02-04` - `2024-05-04`	3 months	crt.sh
get.greatlifebargains2024.com R3	`2024-01-31` - `2024-04-30`	3 months	crt.sh
*.ouisys.com R3	`2023-12-28` - `2024-03-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.analytickz.com R3	`2023-12-14` - `2024-03-13`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.gamezones.biz R3	`2024-02-02` - `2024-05-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.google.fr GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
*.eu-west-1.prd.dcbprotect.com Amazon RSA 2048 M02	`2023-03-17` - `2024-04-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz
Frame ID: EEC56FF5672A839A133C1C2DB5EDAD2E
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Téléchargement...

Page URL History Show full URLs

http://link.ipthbwwzeigb6686.com/c HTTP 302
https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3 Page URL
https://716.baykaythan.live/utwovafp/article716.doc?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3&f=1&sid=t1~3evlusk... Page URL
https://716.baykaythan.live/web/?sid=t1~3evluskz5hoo4fqvfazcgbty HTTP 302
https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=7a57... Page URL
https://quick-klean.com/19e48f71-f532-4bc6-8e18-7e636c751ae4?pub=1314&pid=1314-5ecd6faz&cid=t17&pt_p... HTTP 302
https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

31
Requests

97 %
HTTPS

43 %
IPv6

17
Domains

22
Subdomains

19
IPs

6
Countries

790 kB
Transfer

2513 kB
Size

25
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://link.ipthbwwzeigb6686.com/c HTTP 302
https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3 Page URL
https://716.baykaythan.live/utwovafp/article716.doc?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3&f=1&sid=t1~3evluskz5hoo4fqvfazcgbty&fp=SRRNNHF8gEwSJZX5gUFgdw%3D%3D Page URL
https://716.baykaythan.live/web/?sid=t1~3evluskz5hoo4fqvfazcgbty HTTP 302
https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=7a57e866-94ec-4ec7-8c7e-f4dd0708ebe5&np=1 Page URL
https://quick-klean.com/19e48f71-f532-4bc6-8e18-7e636c751ae4?pub=1314&pid=1314-5ecd6faz&cid=t17&pt_pub=1314-5ecd6faz&sid=M7332786347238752272 HTTP 302
https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://link.ipthbwwzeigb6686.com/c HTTP 302
https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3

Request Chain 2

https://716.baykaythan.live/web/?sid=t1~3evluskz5hoo4fqvfazcgbty HTTP 302
https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=7a57e866-94ec-4ec7-8c7e-f4dd0708ebe5&np=1

Request Chain 26

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=39E31211A7E4473BA8738E8EB13CFC60&RedC=c.clarity.ms&MXFR=23E917B478B265ED3C9303AA7CB26BDD HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=39E31211A7E4473BA8738E8EB13CFC60&MUID=0A6FC20E4E606BB5270CD6104F276A97

31 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
hitthejackpot.life/
Redirect Chain

http://link.ipthbwwzeigb6686.com/c
https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3

37 KB
38 KB

304ms
52ms

Document
text/html

185.155.184.85
LUGANO Data Center

General

Check archive.org

Show headers Download Go to

Full URL: https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.155.184.85 , Switzerland, ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH),
Reverse DNS
Software: nginx /
Resource Hash: a4d56c3724262dddbf69e8c266bcc7adad34e00093c119bde0794c74c583941d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 38190
Content-Type: text/html
Date: Wed, 07 Feb 2024 09:16:04 GMT
Server: nginx
cache-control: private

Redirect headers

Connection: Keep-Alive
Content-Length: 257
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 07 Feb 2024 09:16:03 GMT
Keep-Alive: timeout=10, max=100
Location: https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3
Server: Apache/2.4.6 (CentOS) PHP/5.4.16

GET
H/1.1 200
OK article716.doc
716.baykaythan.live/utwovafp/ 4 KB
4 KB 171ms
52ms Document
text/html 185.155.184.53
LUGANO Data Center

General

Check archive.org

Show headers Download Go to

Full URL: https://716.baykaythan.live/utwovafp/article716.doc?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3&f=1&sid=t1~3evluskz5hoo4fqvfazcgbty&fp=SRRNNHF8gEwSJZX5gUFgdw%3D%3D
Requested by: Host: hitthejackpot.life
URL: https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 185.155.184.53 , Switzerland, ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

Referer: https://hitthejackpot.life/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: keep-alive
Content-Length: 3598
Content-Type: text/html
Date: Wed, 07 Feb 2024 09:16:04 GMT
Server: openresty
cache-control: private

GET
H2

200

/
get.greatlifebargains2024.com/
Redirect Chain

https://716.baykaythan.live/web/?sid=t1~3evluskz5hoo4fqvfazcgbty
https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=7a57e866-94ec-4ec7-8c7e-f4dd0708ebe5&np=1

2 KB
1 KB

367ms
126ms

Document
text/html

108.178.23.115
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=7a57e866-94ec-4ec7-8c7e-f4dd0708ebe5&np=1
Requested by: Host: 716.baykaythan.live
URL: https://716.baykaythan.live/utwovafp/article716.doc?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3&f=1&sid=t1~3evluskz5hoo4fqvfazcgbty&fp=SRRNNHF8gEwSJZX5gUFgdw%3D%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.178.23.115 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS: server04.com-2.mobi
Software: nginx /
Resource Hash

Request headers

Referer: https://716.baykaythan.live/utwovafp/article716.doc?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3&f=1&sid=t1~3evluskz5hoo4fqvfazcgbty&fp=SRRNNHF8gEwSJZX5gUFgdw%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 07 Feb 2024 09:16:05 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 280
Content-Type: text/html; charset=utf-8
Date: Wed, 07 Feb 2024 09:16:04 GMT
Server: openresty
cache-control: private
location: https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=7a57e866-94ec-4ec7-8c7e-f4dd0708ebe5&np=1
referrer-policy: no-referrer

GET
H/1.1

200
OK

Primary Request xbonk Show response
c1.ouisys.com/
Redirect Chain

https://quick-klean.com/19e48f71-f532-4bc6-8e18-7e636c751ae4?pub=1314&pid=1314-5ecd6faz&cid=t17&pt_pub=1314-5ecd6faz&sid=M7332786347238752272
https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz

209 KB
98 KB

450ms
335ms

Document
text/html

18.159.175.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz
Requested by: Host: get.greatlifebargains2024.com
URL: https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=7a57e866-94ec-4ec7-8c7e-f4dd0708ebe5&np=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.159.175.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-175-214.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 919b3d6d8aa6a5d72dbcc8e010bc500877b95c156f5bc4e3d30fb93a2c1f1c44

Request headers

Referer: https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=7a57e866-94ec-4ec7-8c7e-f4dd0708ebe5&np=1#0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Cache-Control: no-transform
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 07 Feb 2024 09:16:05 GMT
Permissions-Policy: ch-ua-full-version-list=("*" self), ch-ua-model=("*" self), ch-ua-platform-version=("*" self)
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
x-page-name: fr-gamezones-bluedownload-strategies

Redirect headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 0
date: Wed, 07 Feb 2024 09:16:05 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz
pragma: no-cache
server: nginx

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 299 KB
96 KB 93ms
34ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N8MFSR2

Requested by

Host: c1.ouisys.com
URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

560651f5e2cf3a2ad74c18c352ef1c5d967e5b6b14134f8fe3d727393187842e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Wed, 07 Feb 2024 09:16:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98142
x-xss-protection: 0
last-modified: Wed, 07 Feb 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 07 Feb 2024 09:16:05 GMT

GET
H2 200 main.79f5843b.css
d2b4jmuffp1l21.cloudfront.net/os-ui/static/fr-gamezones-bluedownload-strategies/css/ 28 KB
11 KB 91ms
28ms Stylesheet
text/css 2600:9000:2251:5a00:f:4439:7640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2b4jmuffp1l21.cloudfront.net/os-ui/static/fr-gamezones-bluedownload-strategies/css/main.79f5843b.css
Requested by: Host: c1.ouisys.com
URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:5a00:f:4439:7640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f674e5e214789d35cc920a75ffd04851c18a158b512400b054b209959400a0c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Tue, 06 Feb 2024 16:37:58 GMT
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
last-modified: Tue, 12 Dec 2023 16:58:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 59888
x-amz-server-side-encryption: AES256
etag: W/"eb460cf164afbd8a38968e81d8e59e2a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=utf-8
cache-control: max-age=604800
x-amz-cf-id: wkT__zDWQDS3RCvK5tfN-0uwjNCcaxhcG4Xo2DVfdmgSm96uuVQ0mQ==

GET
H2 200 main.61f195f79c7508e9f916.js Show response
d2b4jmuffp1l21.cloudfront.net/os-ui/static/fr-gamezones-bluedownload-strategies/js/ 1 MB
317 KB 30ms
30ms Script
application/javascript 2600:9000:2251:5a00:f:4439:7640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2b4jmuffp1l21.cloudfront.net/os-ui/static/fr-gamezones-bluedownload-strategies/js/main.61f195f79c7508e9f916.js
Requested by: Host: c1.ouisys.com
URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:5a00:f:4439:7640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8a9b1e21b5d183f4b95ce580df7b1f2ea95c4ce8e61976b7b2f44aeaa1b4c3dc

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Wed, 31 Jan 2024 22:36:24 GMT
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
last-modified: Tue, 12 Dec 2023 16:58:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 556782
etag: W/"212eeea3cde93f63258e9a9ecadb1c41"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
x-amz-cf-id: 8shf_H8msCUWf8sRVdGuCStR-_rkDkxhw49ueZADvvIR4toDeGZMJw==

GET
H/1.1 200
OK mstore
de-pacman.analytickz.com/api/v2/ 43 B
323 B 455ms
46ms Image
image/gif 18.196.181.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://de-pacman.analytickz.com/api/v2/mstore?r=856cc3f0c59911ee973639ef08313672&m=1&b=0&d[0][t]=image
Requested by: Host: c1.ouisys.com
URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.196.181.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-181-99.eu-central-1.compute.amazonaws.com
Software: nginx/1.13.8 /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Feb 2024 09:16:06 GMT
Cache-control: private
Server: nginx/1.13.8
Access-Control-Allow-Headers: Content-Type
Transfer-Encoding: chunked
Content-Type: image/gif

GET
DATA 200
OK truncated
/ 914 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db0ad37cf25eb2817dd3cd1b4758628fba5637733293da168eb30694efccf74e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cda1ed02d3da84d8779715e317bb685ab2dc71bde60ae6f8fa779b15ad1073f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9aebc05dfc595c53f3be706870ca2c024986d3929b580721d94c11d1125f3701

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 381 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c93ccd293201164ed0905fa8f1160eb4c8af41753e33bc8290546911fb277098

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jtvgvgqent Show response
www.clarity.ms/tag/ 668 B
1 KB 170ms
118ms Script
application/x-javascript 2620:1ec:29:1::72
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/jtvgvgqent
Requested by: Host: hitthejackpot.life
URL: https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:29:1::72 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0afcb8c492e33f61f2fd9e8b5fc675a8a5d7340421c1a62cc8183c95a941108d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
date: Wed, 07 Feb 2024 09:16:06 GMT
x-azure-ref: 0VkrDZQAAAAC3TXthc5j3Qp+797gOvgRSRlJBMjMxMDUwNDE3MDI5ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
content-length: 668
expires: -1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 84ms
26ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8MFSR2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 07:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5277
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 07 Feb 2024 09:48:09 GMT

POST
H/1.1 200
OK mstore
de-pacman.analytickz.com/api/v2/ 0
264 B 381ms
42ms Ping
text/html 18.196.181.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://de-pacman.analytickz.com/api/v2/mstore
Requested by: Host: d2b4jmuffp1l21.cloudfront.net
URL: https://d2b4jmuffp1l21.cloudfront.net/os-ui/static/fr-gamezones-bluedownload-strategies/js/main.61f195f79c7508e9f916.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.196.181.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-181-99.eu-central-1.compute.amazonaws.com
Software: nginx/1.13.8 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Feb 2024 09:16:06 GMT
Server: nginx/1.13.8
Access-Control-Allow-Headers: Content-Type
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

POST
H/1.1 200
OK mstore
de-pacman.analytickz.com/api/v2/ 0
264 B 399ms
53ms Ping
text/html 18.196.181.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://de-pacman.analytickz.com/api/v2/mstore
Requested by: Host: d2b4jmuffp1l21.cloudfront.net
URL: https://d2b4jmuffp1l21.cloudfront.net/os-ui/static/fr-gamezones-bluedownload-strategies/js/main.61f195f79c7508e9f916.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.196.181.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-181-99.eu-central-1.compute.amazonaws.com
Software: nginx/1.13.8 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Feb 2024 09:16:06 GMT
Server: nginx/1.13.8
Access-Control-Allow-Headers: Content-Type
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK / Show response
n.gamezones.biz/tallyman/v1/ 140 B
452 B 420ms
316ms Fetch
application/json 52.28.240.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://n.gamezones.biz/tallyman/v1/?action=oc2sms&country=FR&slug=echovox-gamezones-mo-one-off&offerId=2145&device=smart&rockman_id=856cc3f0c59911ee973639ef08313672&cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz
Requested by: Host: d2b4jmuffp1l21.cloudfront.net
URL: https://d2b4jmuffp1l21.cloudfront.net/os-ui/static/fr-gamezones-bluedownload-strategies/js/main.61f195f79c7508e9f916.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.240.8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-240-8.eu-central-1.compute.amazonaws.com
Software: Apache / PHP/7.2.24-0ubuntu0.18.04.6
Resource Hash: af1f92d27cd8c21be091fa9a360e33e57d120000f14c3d41e63295768d8f79c0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 07 Feb 2024 09:16:06 GMT
cache-control: private
server: Apache
x-powered-by: PHP/7.2.24-0ubuntu0.18.04.6
transfer-encoding: chunked
content-type: application/json

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
219 B 33ms
32ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=337959133&t=pageview&_s=1&dl=https%3A%2F%2Fc1.ouisys.com%2Fxbonk%3Fcid%3Dwf9eh7dr717csp0vi2r43294%26pubid%3Dt15%26subid%3D1314-5ecd6faz&dr=https%3A%2F%2Fget.greatlifebargains2024.com%2F&dp=fr-gamezones-bluedownload-strategies&ul=en-us&de=UTF-8&dt=T%C3%A9l%C3%A9chargement...&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABAAAAACAAI~&jid=1577497290&gjid=471573521&cid=259518229.1707297366&tid=UA-136232877-29&_gid=1977485733.1707297366&_slc=1&gtm=45He4250n81N8MFSR2v810078783za200&cd1=PURE&cd2=xbonk&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=2064608218

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

931fc05274cb1d924d3bd7d4fcb60f727e0305a11ccd9fb7a17beae4d414b07c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Feb 2024 09:16:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://c1.ouisys.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
347 B 75ms
27ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-136232877-29&cid=259518229.1707297366&jid=1577497290&gjid=471573521&_gid=1977485733.1707297366&_u=YGBAgEABAAAAAGAAI~&z=1323672601

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

533036bd37d4d87bd4e3cad3010f2a29d00f24ffc34bb5b22598951c44d91452

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 07 Feb 2024 09:16:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://c1.ouisys.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.20/ 60 KB
20 KB 27ms
27ms Script
application/javascript 2620:1ec:29:1::72
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.20/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/jtvgvgqent
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:29:1::72 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Wed, 07 Feb 2024 09:16:06 GMT
content-encoding: br
last-modified: Wed, 24 Jan 2024 14:33:55 GMT
etag: "0x8DC1CE97EB406F9"
x-azure-ref: 0VkrDZQAAAAD+u971Z0t4RYJZzkzD5XS9RlJBMjMxMDUwNDE3MDI5ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: TCP_HIT
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 3d62adfa-301e-003f-3141-59e678000000
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
accept-ranges: bytes

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 246 KB
86 KB 48ms
48ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0ZVMC0SYXG&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

94f0447857f185002b8e6ea9ddc6a1bd0f7a873195f19c8f16d3b2ce0b5edb0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Wed, 07 Feb 2024 09:16:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87636
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 07 Feb 2024 09:16:06 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 112ms
53ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-136232877-29&cid=259518229.1707297366&jid=1577497290&_u=YGBAgEABAAAAAGAAI~&z=545188837

Requested by

Host: c1.ouisys.com
URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Feb 2024 09:16:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.fr/ads/ 42 B
408 B 110ms
51ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.fr/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-136232877-29&cid=259518229.1707297366&jid=1577497290&_u=YGBAgEABAAAAAGAAI~&z=545188837

Requested by

Host: c1.ouisys.com
URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Feb 2024 09:16:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
243 B 71ms
24ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-0ZVMC0SYXG&_ono=1&gtm=45je4250v9134451004za200&_p=1707297365772&_gaz=1&gcd=13l3l3l3l2&npa=0&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=259518229.1707297366&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fc1.ouisys.com%2Fxbonk%3Fcid%3Dwf9eh7dr717csp0vi2r43294%26pubid%3Dt15%26subid%3D1314-5ecd6faz&dr=https%3A%2F%2Fget.greatlifebargains2024.com%2F&dp=fr-gamezones-bluedownload-strategies&dt=T%C3%A9l%C3%A9chargement...&sid=1707297366&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_1=PURE&ep.ua_dimension_2=xbonk&tfd=1098
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0ZVMC0SYXG&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Feb 2024 09:16:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://c1.ouisys.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 25ms
25ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-0ZVMC0SYXG&cid=259518229.1707297366&gtm=45je4250v9134451004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l2&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0ZVMC0SYXG&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Feb 2024 09:16:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://c1.ouisys.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.fr/ads/ 42 B
107 B 51ms
51ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.fr/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-0ZVMC0SYXG&cid=259518229.1707297366&gtm=45je4250v9134451004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l2&npa=0&z=594043389

Requested by

Host: c1.ouisys.com
URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Feb 2024 09:16:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
s.clarity.ms/ 0
293 B 399ms
195ms XHR
text/plain 23.96.124.68
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Access-Control-Allow-Origin: https://c1.ouisys.com
Date: Wed, 07 Feb 2024 09:16:06 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=39E31211A7E4473BA8738E8EB13CFC60&RedC=c.clarity.ms&MXFR=23E917B478B265ED3C9303AA7CB26BDD
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=39E31211A7E4473BA8738E8EB13CFC60&MUID=0A6FC20E4E606BB5270CD6104F276A97

42 B
464 B

31ms
30ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=39E31211A7E4473BA8738E8EB13CFC60&MUID=0A6FC20E4E606BB5270CD6104F276A97
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Feb 2024 09:16:06 GMT
last-modified: Wed, 10 Jan 2024 21:11:32 GMT
server: Microsoft-IIS/10.0
etag: "d765ee95944da1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 07 Feb 2024 09:16:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 909CA07BB11E435F86F2D9642A9509A8 Ref B: PAR02EDGE0912 Ref C: 2024-02-07T09:16:06Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=39E31211A7E4473BA8738E8EB13CFC60&MUID=0A6FC20E4E606BB5270CD6104F276A97
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H2 200 A678913427990648026297514775346220356328872738816 Show response
notify.dcbprotect.com/ 0
161 B 193ms
70ms XHR
text/html 34.253.248.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://notify.dcbprotect.com/A678913427990648026297514775346220356328872738816
Requested by: Host: c1.ouisys.com
URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.248.174 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-248-174.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Wed, 07 Feb 2024 09:16:06 GMT
content-encoding: gzip
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-type: text/html; charset=UTF-8

POST
H/1.1 200
OK mstore
de-pacman-v3.analytickz.com/api/v2/ 0
0 480ms
36ms Fetch
text/html 3.121.24.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://de-pacman-v3.analytickz.com/api/v2/mstore
Requested by: Host: hitthejackpot.life
URL: https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.121.24.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-24-60.eu-central-1.compute.amazonaws.com
Software: nginx/1.23.2 /
Resource Hash

Request headers

Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 07 Feb 2024 09:16:07 GMT
server: nginx/1.23.2
access-control-allow-headers: Content-Type
transfer-encoding: chunked
content-type: text/html; charset=UTF-8

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 280 KB
93 KB 34ms
34ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=G-NLD7DLYBTN&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8MFSR2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e4f4038a80a2bfdbde10e4672e79dc20e19f977bb3eb4a5600e42e3ba71241cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Wed, 07 Feb 2024 09:16:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94934
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 07 Feb 2024 09:16:06 GMT

POST
H/1.1 200
OK mstore
de-pacman.analytickz.com/api/v2/ 0
264 B 47ms
47ms Ping
text/html 18.196.181.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://de-pacman.analytickz.com/api/v2/mstore
Requested by: Host: d2b4jmuffp1l21.cloudfront.net
URL: https://d2b4jmuffp1l21.cloudfront.net/os-ui/static/fr-gamezones-bluedownload-strategies/js/main.61f195f79c7508e9f916.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.196.181.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-181-99.eu-central-1.compute.amazonaws.com
Software: nginx/1.13.8 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Feb 2024 09:16:07 GMT
Server: nginx/1.13.8
Access-Control-Allow-Headers: Content-Type
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 24ms
23ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-NLD7DLYBTN&gtm=45je4250v895294434za200&_p=1707297365772&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=259518229.1707297366&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEAE&_s=1&sid=1707297367&sct=1&seg=0&dl=https%3A%2F%2Fc1.ouisys.com%2Fxbonk%3Fcid%3Dwf9eh7dr717csp0vi2r43294%26pubid%3Dt15%26subid%3D1314-5ecd6faz&dr=https%3A%2F%2Fget.greatlifebargains2024.com%2F&dt=T%C3%A9l%C3%A9chargement...&en=scroll&_fv=1&_ss=1&epn.percent_scrolled=90&tfd=1865
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-NLD7DLYBTN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://c1.ouisys.com/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Feb 2024 09:16:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://c1.ouisys.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK mstore
de-pacman.analytickz.com/api/v2/ 0
0 421ms
51ms Fetch
text/html 18.196.181.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://de-pacman.analytickz.com/api/v2/mstore
Requested by: Host: hitthejackpot.life
URL: https://hitthejackpot.life/?u=t9rpd06&o=zg5kl0h&m=1&t=iphone3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.196.181.99 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-181-99.eu-central-1.compute.amazonaws.com
Software: nginx/1.13.8 /
Resource Hash

Request headers

Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Feb 2024 09:16:07 GMT
Server: nginx/1.13.8
Access-Control-Allow-Headers: Content-Type
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

POST
H/1.1 204
No Content collect Show response
s.clarity.ms/ 0
293 B 95ms
94ms XHR
text/plain 23.96.124.68
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://c1.ouisys.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-A102U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Access-Control-Allow-Origin: https://c1.ouisys.com
Date: Wed, 07 Feb 2024 09:16:07 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

Verdicts & Comments Add Verdict or Comment

Malicious page.domain
Submitted on February 7th 2024, 9:17:40 am UTC — From France

Threats: Malware
Comment: Malware - Website is downloading malicious software / virus

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hitthejackpot.life/	1969-12-31 23:59:59	Name: sid Value: t1~3evluskz5hoo4fqvfazcgbty
hitthejackpot.life/	1969-12-31 23:59:59	Name: p1 Value: https://baykaythan.live/utwovafp/
hitthejackpot.life/	1969-12-31 23:59:59	Name: s1 Value: 4j1sbvx357vx4kww
716.baykaythan.live/	1970-01-20 18:16:23	Name: IsNotUniqueMainNew Value: true
716.baykaythan.live/	1970-01-20 18:16:23	Name: cookie1 Value: true
.quick-klean.com/	1970-01-20 18:16:23	Name: 19e48f71-f532-4bc6-8e18-7e636c751ae4-v4 Value: R7GVVbXljSGxlmildehhhNJvDcnTdDj8Y3KfD7bOwoc
.quick-klean.com/	1970-01-21 03:00:33	Name: cc-v4 Value: 7vzOaWs4zggLarCm3e675oMLEoDh5t0g6l2asf0HgUG6IWMVaiT88r%2FMoAnIPWD%2FNo1LGGZ5%2FLQFKfR2Kq6jcLXODA6VlN2c7ofVQlwcpJlml%2BENsTq9S6H%2Bkfs%2F14QJwa7FWVWlxf2JZw0fll0VMg%3D%3D
c1.ouisys.com/	1970-01-20 18:16:23	Name: userId Value: 856cc3f0c59911ee973639ef08313672
c1.ouisys.com/	1970-01-20 18:16:23	Name: abTestVariant Value: b
c1.ouisys.com/	1970-01-20 18:16:23	Name: splitTrafficVariant Value: a
www.clarity.ms/	1970-01-21 03:00:33	Name: CLID Value: 2379cdef0ec74863baa9947eef8f716f.20240207.20250206
.ouisys.com/	1970-01-20 18:16:23	Name: _gid Value: GA1.2.1977485733.1707297366
.ouisys.com/	1970-01-20 18:14:57	Name: _dc_gtm_UA-136232877-29 Value: 1
.ouisys.com/	1970-01-21 03:00:33	Name: _clck Value: 1unz0v%7C2%7Cfj2%7C0%7C1498
.ouisys.com/	1970-01-21 03:50:57	Name: _ga_0ZVMC0SYXG Value: GS1.2.1707297366.1.0.1707297366.60.0.0
.bing.com/	1970-01-21 03:36:33	Name: MUID Value: 0A6FC20E4E606BB5270CD6104F276A97
.c.bing.com/	1970-01-20 18:25:02	Name: MR Value: 0
.c.bing.com/	1970-01-21 03:36:33	Name: SRM_B Value: 0A6FC20E4E606BB5270CD6104F276A97
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 03:36:33	Name: MUID Value: 0A6FC20E4E606BB5270CD6104F276A97
.c.clarity.ms/	1970-01-20 18:25:02	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 18:14:57	Name: ANONCHK Value: 0
.ouisys.com/	1970-01-20 18:16:23	Name: _clsk Value: 11qd2ua%7C1707297366708%7C1%7C1%7Cs.clarity.ms%2Fcollect
.ouisys.com/	1970-01-21 03:50:57	Name: _ga_NLD7DLYBTN Value: GS1.1.1707297367.1.0.1707297367.0.0.0
.ouisys.com/	1970-01-21 03:50:57	Name: _ga Value: GA1.1.259518229.1707297366

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz(Line 9) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://c1.ouisys.com/xbonk?cid=wf9eh7dr717csp0vi2r43294&pubid=t15&subid=1314-5ecd6faz Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

716.baykaythan.live
c.bing.com
c.clarity.ms
c1.ouisys.com
d2b4jmuffp1l21.cloudfront.net
de-pacman-v3.analytickz.com
de-pacman.analytickz.com
get.greatlifebargains2024.com
hitthejackpot.life
link.ipthbwwzeigb6686.com
n.gamezones.biz
notify.dcbprotect.com
quick-klean.com
region1.analytics.google.com
region1.google-analytics.com
s.clarity.ms
stats.g.doubleclick.net
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.fr
www.googletagmanager.com
108.178.23.115
18.159.175.214
18.193.146.82
18.196.181.99
185.155.184.53
185.155.184.85
2001:4860:4802:34::36
23.96.124.68
2600:9000:2251:5a00:f:4439:7640:93a1
2620:1ec:29:1::72
2620:1ec:c11::200
2a00:1450:4001:80b::200e
2a00:1450:4001:811::2008
2a00:1450:4001:813::2003
2a00:1450:4001:830::2004
2a00:1450:400c:c00::9b
3.121.24.60
34.253.248.174
52.28.240.8
68.219.88.97
80.66.77.52
0afcb8c492e33f61f2fd9e8b5fc675a8a5d7340421c1a62cc8183c95a941108d
1cda1ed02d3da84d8779715e317bb685ab2dc71bde60ae6f8fa779b15ad1073f
533036bd37d4d87bd4e3cad3010f2a29d00f24ffc34bb5b22598951c44d91452
560651f5e2cf3a2ad74c18c352ef1c5d967e5b6b14134f8fe3d727393187842e
8a9b1e21b5d183f4b95ce580df7b1f2ea95c4ce8e61976b7b2f44aeaa1b4c3dc
8f674e5e214789d35cc920a75ffd04851c18a158b512400b054b209959400a0c
919b3d6d8aa6a5d72dbcc8e010bc500877b95c156f5bc4e3d30fb93a2c1f1c44
931fc05274cb1d924d3bd7d4fcb60f727e0305a11ccd9fb7a17beae4d414b07c
94f0447857f185002b8e6ea9ddc6a1bd0f7a873195f19c8f16d3b2ce0b5edb0d
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9aebc05dfc595c53f3be706870ca2c024986d3929b580721d94c11d1125f3701
a4d56c3724262dddbf69e8c266bcc7adad34e00093c119bde0794c74c583941d
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
af1f92d27cd8c21be091fa9a360e33e57d120000f14c3d41e63295768d8f79c0
c93ccd293201164ed0905fa8f1160eb4c8af41753e33bc8290546911fb277098
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
db0ad37cf25eb2817dd3cd1b4758628fba5637733293da168eb30694efccf74e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f4038a80a2bfdbde10e4672e79dc20e19f977bb3eb4a5600e42e3ba71241cd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

c1.ouisys.com Open in urlscan Pro 18.159.175.214 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

31 Requests

97 %HTTPS

43 %IPv6

17 Domains

22 Subdomains

19 IPs

6 Countries

790 kBTransfer

2513 kBSize

25 Cookies

0 Outgoing links

Page URL History

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

c1.ouisys.com Open in urlscan Pro
18.159.175.214 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

97 %
HTTPS

43 %
IPv6

17
Domains

22
Subdomains

19
IPs

6
Countries

790 kB
Transfer

2513 kB
Size

25
Cookies

31 HTTP transactions
4 data transactions

Malicious page.domain
Submitted on February 7th 2024, 9:17:40 am UTC — From France

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!