cpi-offers.com Open in urlscan Pro
3.124.136.225 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.rtbdem.com/redirect.php?aff=335644&no=82&incent=0&gaid=%7Baaid%7D&idfa=%7Bidfa%7D&type=CPA&demand=190&netwo...
Effective URL:
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0
Submission Tags: falconsandbox
Submission: On December 24 via api (December 24th 2020, 3:59:28 pm UTC) from US

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 6 countries across 21 domains to perform 23 HTTP transactions. The main IP is 3.124.136.225, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is cpi-offers.com.
TLS certificate: Issued by Amazon on November 25th 2020. Valid for: a year.

This is the only time cpi-offers.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.140.90.127 18.140.90.127	16509 (AMAZON-02) (AMAZON-02)
1 1	213.227.156.21 213.227.156.21	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
12 13	3.124.136.225 3.124.136.225	16509 (AMAZON-02) (AMAZON-02)
3 3	213.227.134.200 213.227.134.200	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	213.227.135.213 213.227.135.213	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	213.227.134.242 213.227.134.242	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	144.91.99.171 144.91.99.171	51167 (CONTABO) (CONTABO)
1 1	213.227.134.238 213.227.134.238	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	213.227.134.236 213.227.134.236	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
4 4	213.227.135.207 213.227.135.207	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	3.226.147.193 3.226.147.193	14618 (AMAZON-AES) (AMAZON-AES)
4	35.171.134.132 35.171.134.132	14618 (AMAZON-AES) (AMAZON-AES)
3 3	18.207.66.245 18.207.66.245	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:20:... 2606:4700:20::681a:d03	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.241.13.125 35.241.13.125	15169 (GOOGLE) (GOOGLE)
1 1	213.227.135.209 213.227.135.209	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
3 5	213.227.135.233 213.227.135.233	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	213.227.134.194 213.227.134.194	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	212.7.209.71 212.7.209.71	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	213.227.156.233 213.227.156.233	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	212.7.209.73 212.7.209.73	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 4	213.227.135.227 213.227.135.227	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	2a02:26f0:6c0... 2a02:26f0:6c00:19c::2a1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2606:4700:20:... 2606:4700:20::ac43:4466	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2620:1ec:bdf::13 2620:1ec:bdf::13	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.49.154.215 52.49.154.215	16509 (AMAZON-02) (AMAZON-02)
1 1	212.32.250.33 212.32.250.33	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	18.141.88.84 18.141.88.84	16509 (AMAZON-02) (AMAZON-02)
23	10

1 18.140.90.127 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-140-90-127.ap-southeast-1.compute.amazonaws.com

www.rtbdem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.156.21 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

web3mobile.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 3.124.136.225 (Frankfurt am Main, Germany) 12 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-136-225.eu-central-1.compute.amazonaws.com

cpi-offers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
totalcpi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.227.134.200 (Netherlands) 3 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

zenoclick.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.135.213 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

go2.enjoycpi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.227.134.242 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

zildd.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
boostads.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.91.99.171 (Germany)

ASN51167 (CONTABO, DE)
PTR: m12971.contaboserver.net

il32.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.134.238 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

adcrate-solutions.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.227.134.236 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

cellonltd.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.227.135.207 (Netherlands) 4 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

mookomedia.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.226.147.193 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-147-193.compute-1.amazonaws.com

bs45lck.appsmaxpower.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.171.134.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-134-132.compute-1.amazonaws.com

t1.greatforwarding.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.207.66.245 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-207-66-245.compute-1.amazonaws.com

8nsegm1.appsdeku.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:d03 (United States)

ASN13335 (CLOUDFLARENET, US)

tha.gotrackier.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.13.125 (Ascension Island) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 125.13.241.35.bc.googleusercontent.com

click.kanmobi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.135.209 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

appalgo.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.227.135.233 (Netherlands) 3 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

labmediasolutions.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
appscogent.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.227.134.194 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

appnappmo.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.7.209.71 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

click.iconpeak2trk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.156.233 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

toptopmedia.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.7.209.73 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

gowith.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.227.135.227 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

brainadv.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:19c::2a1 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

apps.apple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4466 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sing.clkstream.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::13 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

track.zoomd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.154.215 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-154-215.eu-west-1.compute.amazonaws.com

trk.interceptd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.32.250.33 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

olamob.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.141.88.84 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-141-88-84.ap-southeast-1.compute.amazonaws.com

track.paddlewaver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	g2afse.com 22 redirects web3mobile.g2afse.com zenoclick.g2afse.com zildd.g2afse.com cellonltd.g2afse.com boostads.g2afse.com mookomedia.g2afse.com appalgo.g2afse.com labmediasolutions.g2afse.com appnappmo.g2afse.com toptopmedia.g2afse.com brainadv.g2afse.com apptrust.g2afse.com Failed appscogent.g2afse.com aandb.g2afse.com Failed ad-experience.g2afse.com Failed mobee.g2afse.com Failed olamob.g2afse.com	4 KB
12	cpi-offers.com 11 redirects cpi-offers.com	4 KB
4	greatforwarding.com t1.greatforwarding.com
3	appsdeku.com 3 redirects 8nsegm1.appsdeku.com	677 B
2	iconpeak2trk.com 2 redirects click.iconpeak2trk.com	326 B
2	go2affise.com 2 redirects adcrate-solutions.go2affise.com gowith.go2affise.com	360 B
1	paddlewaver.com track.paddlewaver.com	244 B
1	interceptd.com trk.interceptd.com
1	zoomd.com 1 redirects track.zoomd.com	540 B
1	clkstream.com 1 redirects sing.clkstream.com	691 B
1	apple.com apps.apple.com
1	kanmobi.net 1 redirects click.kanmobi.net	231 B
1	gotrackier.com tha.gotrackier.com	772 B
1	appsmaxpower.com 1 redirects bs45lck.appsmaxpower.com	223 B
1	totalcpi.com 1 redirects totalcpi.com	274 B
1	il32.co il32.co	116 B
1	enjoycpi.com 1 redirects go2.enjoycpi.com	189 B
1	rtbdem.com 1 redirects www.rtbdem.com	755 B
0	blueparrot.media Failed xml.blueparrot.media Failed
0	leadzu.com Failed r.leadzu.com Failed
0	chimaprome.com Failed chimaprome.com Failed
23	21

	Domain	Requested by
12	cpi-offers.com	11 redirects
4	brainadv.g2afse.com	2 redirects cpi-offers.com
4	labmediasolutions.g2afse.com	2 redirects cpi-offers.com
4	t1.greatforwarding.com	cpi-offers.com
4	mookomedia.g2afse.com	4 redirects
3	8nsegm1.appsdeku.com	3 redirects
3	zenoclick.g2afse.com	3 redirects
2	click.iconpeak2trk.com	2 redirects
2	appnappmo.g2afse.com	2 redirects
2	cellonltd.g2afse.com	2 redirects
1	track.paddlewaver.com	cpi-offers.com
1	olamob.g2afse.com	1 redirects
1	trk.interceptd.com	cpi-offers.com
1	track.zoomd.com	1 redirects
1	sing.clkstream.com	1 redirects
1	apps.apple.com	cpi-offers.com
1	appscogent.g2afse.com	1 redirects
1	gowith.go2affise.com	1 redirects
1	toptopmedia.g2afse.com	1 redirects
1	appalgo.g2afse.com	1 redirects
1	click.kanmobi.net	1 redirects
1	tha.gotrackier.com	cpi-offers.com
1	bs45lck.appsmaxpower.com	1 redirects
1	totalcpi.com	1 redirects
1	boostads.g2afse.com	1 redirects
1	adcrate-solutions.go2affise.com	1 redirects
1	il32.co	cpi-offers.com
1	zildd.g2afse.com	1 redirects
1	go2.enjoycpi.com	1 redirects
1	web3mobile.g2afse.com	1 redirects
1	www.rtbdem.com	1 redirects
0	xml.blueparrot.media Failed	cpi-offers.com
0	r.leadzu.com Failed	cpi-offers.com
0	chimaprome.com Failed	cpi-offers.com
0	mobee.g2afse.com Failed	cpi-offers.com
0	ad-experience.g2afse.com Failed	cpi-offers.com
0	aandb.g2afse.com Failed	cpi-offers.com
0	apptrust.g2afse.com Failed	cpi-offers.com
23	38

This site contains no links.

Subject Issuer	Validity	Valid
cpi-offers.com Amazon	`2020-11-25` - `2021-12-24`	a year	crt.sh
il32.co Let's Encrypt Authority X3	`2020-10-24` - `2021-01-22`	3 months	crt.sh
*.dynforward.com R3	`2020-12-11` - `2021-03-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-09` - `2021-07-09`	a year	crt.sh
*.g2afse.com DigiCert ECC Secure Server CA	`2020-08-26` - `2021-09-02`	a year	crt.sh
itunes.apple.com DigiCert SHA2 Extended Validation Server CA-3	`2020-08-13` - `2021-08-14`	a year	crt.sh
trk.interceptd.com DigiCert ECC Secure Server CA	`2020-02-18` - `2022-02-22`	2 years	crt.sh
track.paddlewaver.com Amazon	`2020-05-27` - `2021-06-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0
Frame ID: DCDF32BD2881A421C5707F3FE0A8BEA8
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.rtbdem.com/redirect.php?aff=335644&no=82&incent=0&gaid=%7Baaid%7D&idfa=%7Bidfa%7D&type=... HTTP 302
https://web3mobile.g2afse.com/click?pid=82&offer_id=15960&sub1=M_0b5xOQUki1aNJe5I-iIYJtlZg_M_rtbs1solitair... HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&in... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

23
Requests

61 %
HTTPS

14 %
IPv6

21
Domains

38
Subdomains

10
IPs

6
Countries

2 kB
Transfer

4 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.rtbdem.com/redirect.php?aff=335644&no=82&incent=0&gaid=%7Baaid%7D&idfa=%7Bidfa%7D&type=CPA&demand=190&network=web3mobile&offer=15960&aff_sub=M_0b5xOQUki1aNJe5I-iIYJtlZg_M&id=26928196&adult=0&aff_sub2=ZkwD67HpSAWmVQyJf7Jgsw_A12zEBjzTADmKXbf9eWUCkrT_AW4Ywuon8-ngytsvSIubuVJB&s1=solitaire HTTP 302
https://web3mobile.g2afse.com/click?pid=82&offer_id=15960&sub1=M_0b5xOQUki1aNJe5I-iIYJtlZg_M_rtbs1solitaire_rtbs2_rtbs30ORIGIN26928196end_rtbaff335644_rtboffer26928196_rtbsubZkwD67HpSAWmVQyJf7Jgsw_A12zEBjzTADmKXbf9eWUCkrT_AW4Ywuon8-ngytsvSIubuVJB&sub2=335644_ZkwD67HpSAWmVQyJf7Jgsw_A12zEBjzTADmKXbf9eWUCkrT_AW4Ywuon8-ngytsvSIubuVJB&sub3=M_0b5xOQUki1aNJe5I-iIYJtlZg_M_rtbs1solitaire_rtbs2_rtbs30ORIGIN26928196end_rtbaff335644_rtboffer26928196_rtbsubZkwD67HpSAWmVQyJf7Jgsw_A12zEBjzTADmKXbf9eWUCkrT_AW4Ywuon8-ngytsvSIubuVJB&sub4={aaid}&sub5={idfa} HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://zenoclick.g2afse.com/click?pid=2&offer_id=8886&sub1=NCT_iphone_be_ofid8585588_pid809_sub1_sub282_sub3web3ppre_nat1_sub4_sub5&sub2=493410809_82&sub6=id1487602320 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=941&cid=clickid&sid=2&udid=&name=&info=ZenoClickSL&blockTime=0 HTTP 302
https://go2.enjoycpi.com/click?pid=616&offer_id=4582792&sub1=clickid&sub2=2&sub3=ZenoClickSL_nat5&sub4=6A18950E-7B62-4AA3-84E0-5D19878D9570&sub5=id927006017&sub6=493410 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=831&cid=&sid=&udid=&name=&info=TbLabq&blockTime=0 HTTP 302
https://zildd.g2afse.com/click?pid=35&offer_id=2631317&sub1=NCT_iphone_be_ofid7559769_pid616_sub1_sub2_sub3TbLabq_nat6_sub4_sub5&sub2=493410616_&sub3=id445338486 HTTP 302
https://il32.co/ps?p=9&aff_clickid=&sub1=35_493410616_

Request Chain 1

https://adcrate-solutions.go2affise.com/click?pid=80&offer_id=1072585&sub1=NCT_iphone_be_ofid9354326_pid809_sub1_sub282_sub3web3ppre_nat2_sub4_sub5&sub2=493410809_82&sub4=id1487602320 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=881&cid=&sid=80&udid=&name=&info=AdcrateAffiseSL&blockTime=0 HTTP 302
https://cellonltd.g2afse.com/click?pid=43&offer_id=618722&sub1=NCT_iphone_be_ofid7855643_pid616_sub1_sub280_sub3AdcrateAffiseSL_nat3_sub4_sub5&sub2=493410616_80&sub3=id500963785 HTTP 302
https://cellonltd.g2afse.com/sl?id=5e0d9e94c7aae01fb75eca64&pid=55&sub1=NCT_iphone_be_ofid7855643_pid616_sub1_sub280_sub3AdcrateAffiseSL_nat3_sub4_sub5&sub2=493410616_80&sub3=id500963785&sub4=&sub5= HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=841&cid=5fe4bacda2840f0001f66ac3&sid=55&udid=&name=&info=CellonSL&blockTime=0 HTTP 302
https://boostads.g2afse.com/click?pid=8&offer_id=1300156&sub1=NCT_iphone_be_ofid9490221_pid616_sub15fe4bacda2840f0001f66ac3_sub255_sub3CellonSL_nat8_sub4_sub5&sub2=493410616&sub3=id605569663 HTTP 302
https://totalcpi.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=821&cid=5e00e7f244b0f80001ad1994&sid=7&udid=&name=&info=BoostAds2&blockTime=0 HTTP 302
https://mookomedia.g2afse.com/click?pid=42&offer_id=158968&sub1=NCT_iphone_be_ofid9118461_pid616_sub15e00e7f244b0f80001ad1994_sub27_sub3BoostAds2_nat3_sub4_sub5&sub4=493410616_7&sub5=id364677107 HTTP 302
https://bs45lck.appsmaxpower.com/bs45lck?p=42_493410616_7&sid=5fe4bace11bcfe0001a1f63c&android_id=&android_a_id=&idfa=&app_id=id364677107&param1= HTTP 302
https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410616_7

Request Chain 2

https://mookomedia.g2afse.com/click?pid=42&offer_id=159005&sub1=NCT_iphone_be_ofid9119251_pid809_sub1_sub282_sub3web3ppre_nat3_sub4_sub5&sub4=493410809_82&sub5=id1487602320 HTTP 302
https://8nsegm1.appsdeku.com/8nsegm1?p=42_493410809_82&sid=5fe4bacd11bcfe0001a1f623&android_id=&android_a_id=&idfa=&app_id=id1487602320&param1= HTTP 302
https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410809_82

Request Chain 4

https://click.kanmobi.net/tracking/click?clickid=NCT_iphone_be_ofid7945501_pid809_sub1_sub282_sub3web3ppre_nat5_sub4_sub5&trafficsource=1373671014&offerid=429285996874687593&pub_subid=493410809_82&sub_placement=id1487602320 HTTP 302
https://appalgo.g2afse.com/click?pid=187&offer_id=50698&sub1=1608825549000W10207&sub2=NF8zNjliNjQ5ODlhNzFjMTMwMzdmYjNlZDlkZTQ2ODczYg==_34184bb777ba12c72a83aff049eca302c359607a&sub3=&sub5=id1487602320 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=807&cid=&sid=187&udid=&name=&info=appalgorem&blockTime=0 HTTP 302
https://labmediasolutions.g2afse.com/click?pid=3&offer_id=132999&sub1=NCT_iphone_be_ofid9046686_pid616_sub1_sub2187_sub3appalgorem_nat10_sub4_sub5&sub2=493410616_187&sub3=id1487602320 HTTP 302
https://labmediasolutions.g2afse.com/disabled.html

Request Chain 5

https://appnappmo.g2afse.com/click?pid=2&offer_id=95572&sub1=NCT_iphone_be_ofid8804207_pid809_sub1_sub282_sub3web3ppre_nat6_sub4_sub5&sub2=493410809_82&sub5=id1487602320 HTTP 302
https://click.iconpeak2trk.com/click?pid=14&offer_id=5769&ext1=5fe4bacdcf58f10001036a42&sub1=2&sub2=493410809_82&sub3=&sub5=id1487602320&sub6= HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=691&cid=&sid=14&udid=&name=&info=iconpeakppre&blockTime=0 HTTP 302
https://toptopmedia.g2afse.com/click?pid=214&offer_id=3081043&sub1=NCT_iphone_be_ofid9424028_pid616_sub1_sub214_sub3iconpeakppre_nat4_sub4_sub5&sub2=493410616_14&sub3=id1369521645 HTTP 302
https://gowith.go2affise.com/click?pid=199&offer_id=2023950&sub1=5fe4bacdbb1a3a0001890478&sub2=214&sub3=&sub4=id1369521645&ip=&device_ua=&sub5= HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=599&cid=&sid=199_214&udid=&name=&info=GOWMsl&blockTime=0 HTTP 302
https://mookomedia.g2afse.com/click?pid=42&offer_id=159005&sub1=NCT_iphone_be_ofid9119251_pid616_sub1_sub2199_214_sub3GOWMsl_nat3_sub4_sub5&sub4=493410616_199_214&sub5=id1453989822 HTTP 302
https://8nsegm1.appsdeku.com/8nsegm1?p=42_493410616_199_214&sid=5fe4bace11bcfe0001a1f63e&android_id=&android_a_id=&idfa=&app_id=id1453989822&param1= HTTP 302
https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410616_199_214

Request Chain 6

https://zenoclick.g2afse.com/click?pid=2&offer_id=29493&sub1=NCT_iphone_be_ofid9120268_pid809_sub1_sub282_sub3web3ppre_nat7_sub4_sub5&sub2=493410809_82&sub6=id1487602320 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=941&cid=clickid&sid=2&udid=&name=&info=ZenoClickSL&blockTime=0 HTTP 302
https://brainadv.g2afse.com/click?pid=3&offer_id=220105&sub3=NCT_iphone_be_ofid8239005_pid616_sub1clickid_sub22_sub3ZenoClickSL_nat13_sub4_sub5&sub1=493410616_2&sub2=id1483008483 HTTP 302
https://brainadv.g2afse.com/disabled.html

Request Chain 7

https://ila3.co/o/180609?p=17&aff_clickid=NCT_iphone_be_ofid8726075_pid809_sub1_sub282_sub3web3ppre_nat8_sub4_sub5&sub1=493410809&sub2=82&app_name=id1487602320&bundle_id=id1487602320 HTTP 302
https://click.iconpeak2trk.com/click?pid=385&offer_id=7902&ext1=1241eb4600f58cc5c0333b08_180609_220805&sub1=17_5037604400&sub3=&sub5=id1487602320&sub6=id1487602320 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=691&cid=&sid=385&udid=&name=&info=iconpeakppre&blockTime=0 HTTP 302
https://apptrust.g2afse.com/click?pid=27&offer_id=436885&sub1=NCT_iphone_be_ofid9456792_pid616_sub1_sub2385_sub3iconpeakppre_nat6_sub4_sub5&sub2=493410616_385&sub4=id339532909

Request Chain 8

https://appscogent.g2afse.com/click?pid=27&offer_id=190930&sub1=NCT_iphone_be_ofid9493552_pid809_sub1_sub282_sub3web3ppre_nat9_sub4_sub5&sub2=493410809_82&sub5=id1487602320 HTTP 302
https://apps.apple.com/nl/app/myposter-fotos-bewerken/id1162082121

Request Chain 9

https://labmediasolutions.g2afse.com/click?pid=3&offer_id=132999&sub1=NCT_iphone_be_ofid9046686_pid809_sub1_sub282_sub3web3ppre_nat10_sub4_sub5&sub2=493410809_82&sub3=id1487602320 HTTP 302
https://labmediasolutions.g2afse.com/disabled.html

Request Chain 10

https://adcrate-solutions.go2affise.com/click?pid=80&offer_id=1339016&sub1=NCT_iphone_be_ofid9322450_pid809_sub1_sub282_sub3web3ppre_nat11_sub4_sub5&sub2=493410809_82&sub4=id1487602320 HTTP 302
https://aandb.g2afse.com/click?pid=2&offer_id=506953&sub1=5fe4bacd45190c0001ba5524&sub2=80_493410809_82&sub3=&sub4=id1487602320

Request Chain 12

https://brainadv.g2afse.com/click?pid=3&offer_id=220105&sub3=NCT_iphone_be_ofid8239005_pid809_sub1_sub282_sub3web3ppre_nat13_sub4_sub5&sub1=493410809_82&sub2=id1487602320 HTTP 302
https://brainadv.g2afse.com/disabled.html

Request Chain 13

https://lambadapp.go2affise.com/click?pid=46&offer_id=3580355&sub1=NCT_iphone_be_ofid8788652_pid809_sub1_sub282_sub3web3ppre_nat14_sub4_sub5&sub2=493410809_82&sub3=id1487602320 HTTP 302
https://mobee.g2afse.com/click?pid=4&offer_id=876454&sub2=46_493410809_82

Request Chain 14

https://zenoclick.g2afse.com/click?pid=2&offer_id=36360&sub1=NCT_iphone_be_ofid9355927_pid809_sub1_sub282_sub3web3ppre_nat15_sub4_sub5&sub2=493410809_82&sub6=id1487602320 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=941&cid=clickid&sid=2&udid=&name=&info=ZenoClickSL&blockTime=0 HTTP 302
https://sing.clkstream.com/click?cid=zi42i-jj48u&publisher=zvnye-2xgwn&campaign=yu2k9-qnwax-4kod9&p_click=NCT_iphone_be_ofid9144088_pid616_sub1clickid_sub22_sub3ZenoClickSL_nat10_sub4_sub5&sub=2&publisher=493410616&app=id307184892 HTTP 302
https://track.zoomd.com/ck?cid=203212&crid=1&did=203212&idfa=%7Bidfa%7D&p1=id-267548199237698248&p3=id307184892&sid=1596&ssid=16_2&sssid=%7Bsub_id%7D HTTP 302
https://trk.interceptd.com/click?source_id=TVRNMU1RPT18TVdoS2NtSXpVRXM1WVcxbFRraEtWMVpPVVU5UWNEQnZVbTVvUmtwdmMzaz18T0dGaWIzY3RSVWRuUkZKQ2NFNW1Rdz09&click_id=M2012241559100319CC0063C2665C075D4EB&s_sub_id=1596_16_2&device_id=&publisher_campaign_id=203212&sub_id=1596_16_2&pub_name=1596&extra_1=1596&extra_2=1&device_ip=%7Bp4%7D&user_agent=%7Bp5%7D&extra_7=true

Request Chain 15

https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D HTTP 302
https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7&sid= HTTP 302
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 302
https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= HTTP 302
https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 302
https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= HTTP 302
https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 302
https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= HTTP 302
https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 302
https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= HTTP 302
https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 302
https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= HTTP 302
https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 302
https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= HTTP 302
https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 302
https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= HTTP 302
https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 302
https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= HTTP 302
https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 302
https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= HTTP 302
https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D

Request Chain 16

https://mookomedia.g2afse.com/click?pid=42&offer_id=159005&sub1=NCT_iphone_be_ofid9119251_pid809_sub1_sub282_sub3web3ppre_nat3_sub4_sub5&sub4=493410809_82&sub5=id1487602320 HTTP 302
https://8nsegm1.appsdeku.com/8nsegm1?p=42_493410809_82&sid=5fe4bace11bcfe0001a1f68e&android_id=&android_a_id=&idfa=&app_id=id1487602320&param1= HTTP 302
https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410809_82

Request Chain 17

https://appnappmo.g2afse.com/click?pid=2&offer_id=95572&sub1=NCT_iphone_be_ofid8804207_pid809_sub1_sub282_sub3web3ppre_nat6_sub4_sub5&sub2=493410809_82&sub5=id1487602320 HTTP 302
https://click.iconpeak2trk.com/click?pid=14&offer_id=5769&ext1=5fe4bacfdb138f000105516f&sub1=2&sub2=493410809_82&sub3=&sub5=id1487602320&sub6= HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=691&cid=&sid=14&udid=&name=&info=iconpeakppre&blockTime=0 HTTP 302
https://olamob.g2afse.com/click?pid=7&offer_id=10183&sub1=NCT_iphone_be_ofid9420232_pid616_sub1_sub214_sub3iconpeakppre_nat4_sub4_sub5&sub2=493410616_14&sub4=id1453411110 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=978&cid=&sid=7&udid=&name=&info=OlaMobSL&blockTime=0 HTTP 302
https://track.paddlewaver.com/?campaign_id=4529857&publisher_id=1000125&clickid=NCT_iphone_be_ofid9313499_pid616_sub1_sub27_sub3OlaMobSL_nat6_sub4_sub5&channel=493410616_7&offer_id=825757&sub1=NCT_iphone_be_ofid9313499_pid616_sub1_sub27_sub3OlaMobSL_nat6_sub4_sub5&sub2=493410616_7&sub3=id1453411110

Request Chain 18

https://ila3.co/o/180609?p=17&aff_clickid=NCT_iphone_be_ofid8726075_pid809_sub1_sub282_sub3web3ppre_nat8_sub4_sub5&sub1=493410809&sub2=82&app_name=id1487602320&bundle_id=id1487602320 HTTP 302
https://click.iconpeak2trk.com/click?pid=385&offer_id=7902&ext1=2221eb4600f737b6a02a2090_180609_220805&sub1=17_5037604400&sub3=&sub5=id1487602320&sub6=id1487602320 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=691&cid=&sid=385&udid=&name=&info=iconpeakppre&blockTime=0 HTTP 302
https://cellonltd.g2afse.com/click?pid=43&offer_id=785942&sub1=NCT_iphone_be_ofid9493595_pid616_sub1_sub2385_sub3iconpeakppre_nat9_sub4_sub5&sub2=493410616_385&sub3=id393048976 HTTP 302
https://cellonltd.g2afse.com/sl?id=5e0d9e94c7aae01fb75eca64&pid=55&sub1=NCT_iphone_be_ofid9493595_pid616_sub1_sub2385_sub3iconpeakppre_nat9_sub4_sub5&sub2=493410616_385&sub3=id393048976&sub4=&sub5= HTTP 302
https://monetizeplus.g2afse.com/click?pid=999&offer_id=784141&sub1=5fe4bad092b0f700015c9783&sub2=&pubid=55&sub2=493410616_385&sub3=&sub4=&sub5=id393048976&sub={sum}&payout={sum} HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=793&cid=5fe4bad048a39b000189b557&sid=999&udid=&name=&info=monetizeppre&blockTime=0 HTTP 302
https://pandamobi.g2afse.com/click?pid=6&offer_id=167411&sub1=NCT_iphone_be_ofid8331223_pid616_sub15fe4bad048a39b000189b557_sub2999_sub3monetizeppre_nat13_sub4_sub5&sub2=493410616_999&sub5=id587366035 HTTP 0
http://r.leadzu.com/red/?code=4M4C8XL2R1ZN&a=6.&pubid=6

Request Chain 19

https://adcrate-solutions.go2affise.com/click?pid=80&offer_id=1339016&sub1=NCT_iphone_be_ofid9322450_pid809_sub1_sub282_sub3web3ppre_nat11_sub4_sub5&sub2=493410809_82&sub4=id1487602320 HTTP 302
https://aandb.g2afse.com/click?pid=2&offer_id=506953&sub1=5fe4bad1f456bd00011863d2&sub2=80_493410809_82&sub3=&sub4=id1487602320 HTTP 0
http://aandb.g2afse.com/disabled.html

Request Chain 20

https://ad-experience.g2afse.com/click?pid=2&offer_id=48205&sub1=NCT_iphone_be_ofid9494065_pid809_sub1_sub282_sub3web3ppre_nat12_sub4_sub5&sub2=493410809_82&sub5=id1487602320 HTTP 0
http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=48205&sub3=2

Request Chain 21

https://lambadapp.go2affise.com/click?pid=46&offer_id=3580355&sub1=NCT_iphone_be_ofid8788652_pid809_sub1_sub282_sub3web3ppre_nat14_sub4_sub5&sub2=493410809_82&sub3=id1487602320 HTTP 302
https://mobee.g2afse.com/click?pid=4&offer_id=876454&sub2=46_493410809_82 HTTP 0
http://xml.blueparrot.media/redirect?feed=221274&auth=9tpPZk&url=http://www.google.com&subid=4_46_493410809_82

23 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request fantastic.html Show response cpi-offers.com/ Redirect Chain http://www.rtbdem.com/redirect.php?aff=335644&no=82&incent=0&gaid=%7Baaid%7D&idfa=%7Bidfa%7D&type=CPA&demand=190&network=web3mobile&offer=15960&aff_sub=M_0b5xOQUki1aNJe5I-iIYJtlZg_M&id=26928196&adu... https://web3mobile.g2afse.com/click?pid=82&offer_id=15960&sub1=M_0b5xOQUki1aNJe5I-iIYJtlZg_M_rtbs1solitaire_rtbs2_rtbs30ORIGIN26928196end_rtbaff335644_rtboffer26928196_rtbsubZkwD67HpSAWmVQyJf7Jgsw_... https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0	4 KB 1 KB	82ms 27ms	Document text/html	3.124.136.225 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.124.136.225 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-124-136-225.eu-central-1.compute.amazonaws.com Software nginx/1.14.1 / Express Resource Hash `348b76717ecef4eed02b1059cb8dde73ad93350ff2092478aadd1199621927df` Request headers :method GET :authority cpi-offers.com :scheme https :path /fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 24 Dec 2020 15:59:09 GMT content-type text/html; charset=utf-8 server nginx/1.14.1 x-powered-by Express access-control-allow-origin * etag W/"e35-qgLXp0Ckq+xMPNQYkSYyLDVXGGs" content-encoding gzip Redirect headers server nginx date Thu, 24 Dec 2020 15:59:09 GMT content-type text/html; charset=utf-8 content-length 185 location https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0
GET H/1.1	200 OK	ps il32.co/ Redirect Chain https://zenoclick.g2afse.com/click?pid=2&offer_id=8886&sub1=NCT_iphone_be_ofid8585588_pid809_sub1_sub282_sub3web3ppre_nat1_sub4_sub5&sub2=493410809_82&sub6=id1487602320 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=941&cid=clickid&sid=2&udid=&name=&info=ZenoClickSL&blockTime=0 https://go2.enjoycpi.com/click?pid=616&offer_id=4582792&sub1=clickid&sub2=2&sub3=ZenoClickSL_nat5&sub4=6A18950E-7B62-4AA3-84E0-5D19878D9570&sub5=id927006017&sub6=493410 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=831&cid=&sid=&udid=&name=&info=TbLabq&blockTime=0 https://zildd.g2afse.com/click?pid=35&offer_id=2631317&sub1=NCT_iphone_be_ofid7559769_pid616_sub1_sub2_sub3TbLabq_nat6_sub4_sub5&sub2=493410616_&sub3=id445338486 https://il32.co/ps?p=9&aff_clickid=&sub1=35_493410616_	0 116 B	103ms 34ms	Stylesheet text/plain	144.91.99.171 CONTABO
General Check archive.org Show headers Download Go to Full URL https://il32.co/ps?p=9&aff_clickid=&sub1=35_493410616_ Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 144.91.99.171 , Germany, ASN51167 (CONTABO, DE), Reverse DNS m12971.contaboserver.net Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 24 Dec 2020 15:59:10 GMT content-length 0 content-type text/plain; charset=utf-8 Redirect headers location https://il32.co/ps?p=9&aff_clickid=&sub1=35_493410616_ date Thu, 24 Dec 2020 15:59:10 GMT referer referrer-policy no-referrer server nginx content-length 85 content-type text/html; charset=utf-8
GET H/1.1	404 Not Found	c55c7b6 t1.greatforwarding.com/ Redirect Chain https://adcrate-solutions.go2affise.com/click?pid=80&offer_id=1072585&sub1=NCT_iphone_be_ofid9354326_pid809_sub1_sub282_sub3web3ppre_nat2_sub4_sub5&sub2=493410809_82&sub4=id1487602320 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=881&cid=&sid=80&udid=&name=&info=AdcrateAffiseSL&blockTime=0 https://cellonltd.g2afse.com/click?pid=43&offer_id=618722&sub1=NCT_iphone_be_ofid7855643_pid616_sub1_sub280_sub3AdcrateAffiseSL_nat3_sub4_sub5&sub2=493410616_80&sub3=id500963785 https://cellonltd.g2afse.com/sl?id=5e0d9e94c7aae01fb75eca64&pid=55&sub1=NCT_iphone_be_ofid7855643_pid616_sub1_sub280_sub3AdcrateAffiseSL_nat3_sub4_sub5&sub2=493410616_80&sub3=id500963785&sub4=&sub5= https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=841&cid=5fe4bacda2840f0001f66ac3&sid=55&udid=&name=&info=CellonSL&blockTime=0 https://boostads.g2afse.com/click?pid=8&offer_id=1300156&sub1=NCT_iphone_be_ofid9490221_pid616_sub15fe4bacda2840f0001f66ac3_sub255_sub3CellonSL_nat8_sub4_sub5&sub2=493410616&sub3=id605569663 https://totalcpi.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=821&cid=5e00e7f244b0f80001ad1994&sid=7&udid=&name=&info=BoostAds2&blockTime=0 https://mookomedia.g2afse.com/click?pid=42&offer_id=158968&sub1=NCT_iphone_be_ofid9118461_pid616_sub15e00e7f244b0f80001ad1994_sub27_sub3BoostAds2_nat3_sub4_sub5&sub4=493410616_7&sub5=id364677107 https://bs45lck.appsmaxpower.com/bs45lck?p=42_493410616_7&sid=5fe4bace11bcfe0001a1f63c&android_id=&android_a_id=&idfa=&app_id=id364677107&param1= https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410616_7	0 0	333ms 130ms	Stylesheet application/json	35.171.134.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410616_7 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 35.171.134.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-171-134-132.compute-1.amazonaws.com Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 24 Dec 2020 15:59:10 GMT Server nginx Content-Type application/json Cache-Control private, no-cache, no-store, must-revalidate Connection keep-alive Content-Length 17 Expires -1 Redirect headers location https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410616_7 Date Thu, 24 Dec 2020 15:59:10 GMT Server nginx Connection keep-alive Content-Length 4 Content-Type application/json
GET H/1.1	404 Not Found	c55c7b6 t1.greatforwarding.com/ Redirect Chain https://mookomedia.g2afse.com/click?pid=42&offer_id=159005&sub1=NCT_iphone_be_ofid9119251_pid809_sub1_sub282_sub3web3ppre_nat3_sub4_sub5&sub4=493410809_82&sub5=id1487602320 https://8nsegm1.appsdeku.com/8nsegm1?p=42_493410809_82&sid=5fe4bacd11bcfe0001a1f623&android_id=&android_a_id=&idfa=&app_id=id1487602320&param1= https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410809_82	0 0	550ms 136ms	Stylesheet application/json	35.171.134.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410809_82 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 35.171.134.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-171-134-132.compute-1.amazonaws.com Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 24 Dec 2020 15:59:10 GMT Server nginx Content-Type application/json Cache-Control private, no-cache, no-store, must-revalidate Connection keep-alive Content-Length 17 Expires -1 Redirect headers location https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410809_82 Date Thu, 24 Dec 2020 15:59:10 GMT Server nginx Connection keep-alive Content-Length 4 Content-Type application/json
GET H2	200	click tha.gotrackier.com/	0 772 B	72ms 40ms	Stylesheet text/plain	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tha.gotrackier.com/click?campaign_id=129738&pub_id=49&p1=NCT_iphone_be_ofid9404092_pid809_sub1_sub282_sub3web3ppre_nat4_sub4_sub5&source=493410809_82 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 24 Dec 2020 15:59:09 GMT via 1.1 google cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=33IWUiFIE1zffLsWpAQNG27uOSxfpj9%2BAZnZ4zJ3IFI7M0I52QQ8mZCq6TIZK1Mol0yil2qp0t4zw92tRVSwEAsYOMrS0Ah8lCQRRjXHW8mAmCUZeYnGxjq01InkbUA%3D"}],"group":"cf-nel","max_age":604800} cf-request-id 073712cbc90000073ee1937000000001 cf-ray 606b8726098c073e-FRA content-length 0 x-rt 0
GET H2	200	disabled.html labmediasolutions.g2afse.com/ Redirect Chain https://click.kanmobi.net/tracking/click?clickid=NCT_iphone_be_ofid7945501_pid809_sub1_sub282_sub3web3ppre_nat5_sub4_sub5&trafficsource=1373671014&offerid=429285996874687593&pub_subid=493410809_82&... https://appalgo.g2afse.com/click?pid=187&offer_id=50698&sub1=1608825549000W10207&sub2=NF8zNjliNjQ5ODlhNzFjMTMwMzdmYjNlZDlkZTQ2ODczYg==_34184bb777ba12c72a83aff049eca302c359607a&sub3=&sub5=id1487602320 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=807&cid=&sid=187&udid=&name=&info=appalgorem&blockTime=0 https://labmediasolutions.g2afse.com/click?pid=3&offer_id=132999&sub1=NCT_iphone_be_ofid9046686_pid616_sub1_sub2187_sub3appalgorem_nat10_sub4_sub5&sub2=493410616_187&sub3=id1487602320 https://labmediasolutions.g2afse.com/disabled.html	0 0	21ms 21ms	Stylesheet text/html	213.227.135.233 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://labmediasolutions.g2afse.com/disabled.html Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.227.135.233 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Redirect headers location /disabled.html date Thu, 24 Dec 2020 15:59:09 GMT referer referrer-policy no-referrer server nginx content-length 37 content-type text/html; charset=utf-8
GET H/1.1	404 Not Found	c55c7b6 t1.greatforwarding.com/ Redirect Chain https://appnappmo.g2afse.com/click?pid=2&offer_id=95572&sub1=NCT_iphone_be_ofid8804207_pid809_sub1_sub282_sub3web3ppre_nat6_sub4_sub5&sub2=493410809_82&sub5=id1487602320 https://click.iconpeak2trk.com/click?pid=14&offer_id=5769&ext1=5fe4bacdcf58f10001036a42&sub1=2&sub2=493410809_82&sub3=&sub5=id1487602320&sub6= https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=691&cid=&sid=14&udid=&name=&info=iconpeakppre&blockTime=0 https://toptopmedia.g2afse.com/click?pid=214&offer_id=3081043&sub1=NCT_iphone_be_ofid9424028_pid616_sub1_sub214_sub3iconpeakppre_nat4_sub4_sub5&sub2=493410616_14&sub3=id1369521645 https://gowith.go2affise.com/click?pid=199&offer_id=2023950&sub1=5fe4bacdbb1a3a0001890478&sub2=214&sub3=&sub4=id1369521645&ip=&device_ua=&sub5= https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=599&cid=&sid=199_214&udid=&name=&info=GOWMsl&blockTime=0 https://mookomedia.g2afse.com/click?pid=42&offer_id=159005&sub1=NCT_iphone_be_ofid9119251_pid616_sub1_sub2199_214_sub3GOWMsl_nat3_sub4_sub5&sub4=493410616_199_214&sub5=id1453989822 https://8nsegm1.appsdeku.com/8nsegm1?p=42_493410616_199_214&sid=5fe4bace11bcfe0001a1f63e&android_id=&android_a_id=&idfa=&app_id=id1453989822&param1= https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410616_199_214	0 0	530ms 130ms	Stylesheet application/json	35.171.134.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410616_199_214 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 35.171.134.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-171-134-132.compute-1.amazonaws.com Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 24 Dec 2020 15:59:10 GMT Server nginx Content-Type application/json Cache-Control private, no-cache, no-store, must-revalidate Connection keep-alive Content-Length 17 Expires -1 Redirect headers location https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410616_199_214 Date Thu, 24 Dec 2020 15:59:10 GMT Server nginx Connection keep-alive Content-Length 4 Content-Type application/json
GET H2	200	disabled.html brainadv.g2afse.com/ Redirect Chain https://zenoclick.g2afse.com/click?pid=2&offer_id=29493&sub1=NCT_iphone_be_ofid9120268_pid809_sub1_sub282_sub3web3ppre_nat7_sub4_sub5&sub2=493410809_82&sub6=id1487602320 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=941&cid=clickid&sid=2&udid=&name=&info=ZenoClickSL&blockTime=0 https://brainadv.g2afse.com/click?pid=3&offer_id=220105&sub3=NCT_iphone_be_ofid8239005_pid616_sub1clickid_sub22_sub3ZenoClickSL_nat13_sub4_sub5&sub1=493410616_2&sub2=id1483008483 https://brainadv.g2afse.com/disabled.html	0 0	26ms 25ms	Stylesheet text/html	213.227.135.227 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://brainadv.g2afse.com/disabled.html Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.227.135.227 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Redirect headers location /disabled.html date Thu, 24 Dec 2020 15:59:09 GMT server nginx content-length 37 content-type text/html; charset=utf-8
GET		click apptrust.g2afse.com/ Redirect Chain https://ila3.co/o/180609?p=17&aff_clickid=NCT_iphone_be_ofid8726075_pid809_sub1_sub282_sub3web3ppre_nat8_sub4_sub5&sub1=493410809&sub2=82&app_name=id1487602320&bundle_id=id1487602320 https://click.iconpeak2trk.com/click?pid=385&offer_id=7902&ext1=1241eb4600f58cc5c0333b08_180609_220805&sub1=17_5037604400&sub3=&sub5=id1487602320&sub6=id1487602320 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=691&cid=&sid=385&udid=&name=&info=iconpeakppre&blockTime=0 https://apptrust.g2afse.com/click?pid=27&offer_id=436885&sub1=NCT_iphone_be_ofid9456792_pid616_sub1_sub2385_sub3iconpeakppre_nat6_sub4_sub5&sub2=493410616_385&sub4=id339532909	0 0

GET H2	200	id1162082121 apps.apple.com/nl/app/myposter-fotos-bewerken/ Redirect Chain https://appscogent.g2afse.com/click?pid=27&offer_id=190930&sub1=NCT_iphone_be_ofid9493552_pid809_sub1_sub282_sub3web3ppre_nat9_sub4_sub5&sub2=493410809_82&sub5=id1487602320 https://apps.apple.com/nl/app/myposter-fotos-bewerken/id1162082121	0 0	828ms 761ms	Stylesheet text/html	2a02:26f0:6c00:19c::2a1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://apps.apple.com/nl/app/myposter-fotos-bewerken/id1162082121 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:6c00:19c::2a1 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers access-control-allow-origin * Redirect headers location https://apps.apple.com/nl/app/myposter-fotos-bewerken/id1162082121 date Thu, 24 Dec 2020 15:59:09 GMT referer referrer-policy no-referrer server nginx content-length 89 content-type text/html; charset=utf-8
GET H2	200	disabled.html labmediasolutions.g2afse.com/ Redirect Chain https://labmediasolutions.g2afse.com/click?pid=3&offer_id=132999&sub1=NCT_iphone_be_ofid9046686_pid809_sub1_sub282_sub3web3ppre_nat10_sub4_sub5&sub2=493410809_82&sub3=id1487602320 https://labmediasolutions.g2afse.com/disabled.html	0 0	27ms 27ms	Stylesheet text/html	213.227.135.233 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://labmediasolutions.g2afse.com/disabled.html Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.227.135.233 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Redirect headers location /disabled.html date Thu, 24 Dec 2020 15:59:09 GMT referer referrer-policy no-referrer server nginx content-length 37 content-type text/html; charset=utf-8
GET		click aandb.g2afse.com/ Redirect Chain https://adcrate-solutions.go2affise.com/click?pid=80&offer_id=1339016&sub1=NCT_iphone_be_ofid9322450_pid809_sub1_sub282_sub3web3ppre_nat11_sub4_sub5&sub2=493410809_82&sub4=id1487602320 https://aandb.g2afse.com/click?pid=2&offer_id=506953&sub1=5fe4bacd45190c0001ba5524&sub2=80_493410809_82&sub3=&sub4=id1487602320	0 0

GET		click ad-experience.g2afse.com/	0 0

GET H2	200	disabled.html brainadv.g2afse.com/ Redirect Chain https://brainadv.g2afse.com/click?pid=3&offer_id=220105&sub3=NCT_iphone_be_ofid8239005_pid809_sub1_sub282_sub3web3ppre_nat13_sub4_sub5&sub1=493410809_82&sub2=id1487602320 https://brainadv.g2afse.com/disabled.html	0 0	25ms 25ms	Stylesheet text/html	213.227.135.227 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://brainadv.g2afse.com/disabled.html Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 213.227.135.227 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Redirect headers location /disabled.html date Thu, 24 Dec 2020 15:59:09 GMT server nginx content-length 37 content-type text/html; charset=utf-8
GET		click mobee.g2afse.com/ Redirect Chain https://lambadapp.go2affise.com/click?pid=46&offer_id=3580355&sub1=NCT_iphone_be_ofid8788652_pid809_sub1_sub282_sub3web3ppre_nat14_sub4_sub5&sub2=493410809_82&sub3=id1487602320 https://mobee.g2afse.com/click?pid=4&offer_id=876454&sub2=46_493410809_82	0 0

GET H2	200	click trk.interceptd.com/ Redirect Chain https://zenoclick.g2afse.com/click?pid=2&offer_id=36360&sub1=NCT_iphone_be_ofid9355927_pid809_sub1_sub282_sub3web3ppre_nat15_sub4_sub5&sub2=493410809_82&sub6=id1487602320 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=941&cid=clickid&sid=2&udid=&name=&info=ZenoClickSL&blockTime=0 https://sing.clkstream.com/click?cid=zi42i-jj48u&publisher=zvnye-2xgwn&campaign=yu2k9-qnwax-4kod9&p_click=NCT_iphone_be_ofid9144088_pid616_sub1clickid_sub22_sub3ZenoClickSL_nat10_sub4_sub5&sub=2&pu... https://track.zoomd.com/ck?cid=203212&crid=1&did=203212&idfa=%7Bidfa%7D&p1=id-267548199237698248&p3=id307184892&sid=1596&ssid=16_2&sssid=%7Bsub_id%7D https://trk.interceptd.com/click?source_id=TVRNMU1RPT18TVdoS2NtSXpVRXM1WVcxbFRraEtWMVpPVVU5UWNEQnZVbTVvUmtwdmMzaz18T0dGaWIzY3RSVWRuUkZKQ2NFNW1Rdz09&click_id=M2012241559100319CC0063C2665C075D4EB&s_s...	0 0	187ms 67ms	Stylesheet application/json	52.49.154.215 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://trk.interceptd.com/click?source_id=TVRNMU1RPT18TVdoS2NtSXpVRXM1WVcxbFRraEtWMVpPVVU5UWNEQnZVbTVvUmtwdmMzaz18T0dGaWIzY3RSVWRuUkZKQ2NFNW1Rdz09&click_id=M2012241559100319CC0063C2665C075D4EB&s_sub_id=1596_16_2&device_id=&publisher_campaign_id=203212&sub_id=1596_16_2&pub_name=1596&extra_1=1596&extra_2=1&device_ip=%7Bp4%7D&user_agent=%7Bp5%7D&extra_7=true Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 52.49.154.215 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-49-154-215.eu-west-1.compute.amazonaws.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Redirect headers location https://trk.interceptd.com/click?source_id=TVRNMU1RPT18TVdoS2NtSXpVRXM1WVcxbFRraEtWMVpPVVU5UWNEQnZVbTVvUmtwdmMzaz18T0dGaWIzY3RSVWRuUkZKQ2NFNW1Rdz09&click_id=M2012241559100319CC0063C2665C075D4EB&s_sub_id=1596_16_2&device_id=&publisher_campaign_id=203212&sub_id=1596_16_2&pub_name=1596&extra_1=1596&extra_2=1&device_ip=%7Bp4%7D&user_agent=%7Bp5%7D&extra_7=true date Thu, 24 Dec 2020 15:59:09 GMT vary Origin, Accept-Encoding content-length 819 x-azure-ref 0zrrkXwAAAACIWUjpcGygQr03h4CmHa0BRlJBRURHRTEwMjAAODQyZGEzMGYtNmRiMy00NWQxLTgwN2EtYWRkZTk3ZjAwYTJm content-type text/html; charset=utf-8
GET		slope chimaprome.com/noid/ Redirect Chain https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7&sid= https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D https://bercioles.com/redirect?id=29&auth=f01ff957b5898a16d0405d4a171f358d617bd86e&sid= https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D	0 0

GET H/1.1	404 Not Found	c55c7b6 t1.greatforwarding.com/ Redirect Chain https://mookomedia.g2afse.com/click?pid=42&offer_id=159005&sub1=NCT_iphone_be_ofid9119251_pid809_sub1_sub282_sub3web3ppre_nat3_sub4_sub5&sub4=493410809_82&sub5=id1487602320 https://8nsegm1.appsdeku.com/8nsegm1?p=42_493410809_82&sid=5fe4bace11bcfe0001a1f68e&android_id=&android_a_id=&idfa=&app_id=id1487602320&param1= https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410809_82	0 0	130ms 130ms	Stylesheet application/json	35.171.134.132 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410809_82 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 35.171.134.132 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-171-134-132.compute-1.amazonaws.com Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 24 Dec 2020 15:59:11 GMT Server nginx Content-Type application/json Cache-Control private, no-cache, no-store, must-revalidate Connection keep-alive Content-Length 17 Expires -1 Redirect headers location https://t1.greatforwarding.com/c55c7b6?p=002753_42_493410809_82 Date Thu, 24 Dec 2020 15:59:11 GMT Server nginx Connection keep-alive Content-Length 4 Content-Type application/json
GET H/1.1	200 OK	/ track.paddlewaver.com/ Redirect Chain https://appnappmo.g2afse.com/click?pid=2&offer_id=95572&sub1=NCT_iphone_be_ofid8804207_pid809_sub1_sub282_sub3web3ppre_nat6_sub4_sub5&sub2=493410809_82&sub5=id1487602320 https://click.iconpeak2trk.com/click?pid=14&offer_id=5769&ext1=5fe4bacfdb138f000105516f&sub1=2&sub2=493410809_82&sub3=&sub5=id1487602320&sub6= https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=691&cid=&sid=14&udid=&name=&info=iconpeakppre&blockTime=0 https://olamob.g2afse.com/click?pid=7&offer_id=10183&sub1=NCT_iphone_be_ofid9420232_pid616_sub1_sub214_sub3iconpeakppre_nat4_sub4_sub5&sub2=493410616_14&sub4=id1453411110 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=978&cid=&sid=7&udid=&name=&info=OlaMobSL&blockTime=0 https://track.paddlewaver.com/?campaign_id=4529857&publisher_id=1000125&clickid=NCT_iphone_be_ofid9313499_pid616_sub1_sub27_sub3OlaMobSL_nat6_sub4_sub5&channel=493410616_7&offer_id=825757&sub1=NCT_...	15 B 244 B	970ms 238ms	Stylesheet text/html	18.141.88.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://track.paddlewaver.com/?campaign_id=4529857&publisher_id=1000125&clickid=NCT_iphone_be_ofid9313499_pid616_sub1_sub27_sub3OlaMobSL_nat6_sub4_sub5&channel=493410616_7&offer_id=825757&sub1=NCT_iphone_be_ofid9313499_pid616_sub1_sub27_sub3OlaMobSL_nat6_sub4_sub5&sub2=493410616_7&sub3=id1453411110 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=809&cid=&sid=82&udid=&name=&info=web3ppre&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.141.88.84 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-141-88-84.ap-southeast-1.compute.amazonaws.com Software nginx/1.16.1 / Resource Hash `4f50293477d9a7d4274844a38926ac7febd7ddb49ec844be25ec2d1dcb16558d` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Dec 2020 15:59:12 GMT Content-Encoding gzip Server nginx/1.16.1 Connection keep-alive Content-Length 35 Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Redirect headers date Thu, 24 Dec 2020 15:59:11 GMT server nginx/1.14.1 location https://track.paddlewaver.com/?campaign_id=4529857&publisher_id=1000125&clickid=NCT_iphone_be_ofid9313499_pid616_sub1_sub27_sub3OlaMobSL_nat6_sub4_sub5&channel=493410616_7&offer_id=825757&sub1=NCT_iphone_be_ofid9313499_pid616_sub1_sub27_sub3OlaMobSL_nat6_sub4_sub5&sub2=493410616_7&sub3=id1453411110 x-powered-by Express vary Accept content-type text/plain; charset=utf-8 access-control-allow-origin * content-length 321
GET		/ r.leadzu.com/red/ Redirect Chain https://ila3.co/o/180609?p=17&aff_clickid=NCT_iphone_be_ofid8726075_pid809_sub1_sub282_sub3web3ppre_nat8_sub4_sub5&sub1=493410809&sub2=82&app_name=id1487602320&bundle_id=id1487602320 https://click.iconpeak2trk.com/click?pid=385&offer_id=7902&ext1=2221eb4600f737b6a02a2090_180609_220805&sub1=17_5037604400&sub3=&sub5=id1487602320&sub6=id1487602320 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=691&cid=&sid=385&udid=&name=&info=iconpeakppre&blockTime=0 https://cellonltd.g2afse.com/click?pid=43&offer_id=785942&sub1=NCT_iphone_be_ofid9493595_pid616_sub1_sub2385_sub3iconpeakppre_nat9_sub4_sub5&sub2=493410616_385&sub3=id393048976 https://cellonltd.g2afse.com/sl?id=5e0d9e94c7aae01fb75eca64&pid=55&sub1=NCT_iphone_be_ofid9493595_pid616_sub1_sub2385_sub3iconpeakppre_nat9_sub4_sub5&sub2=493410616_385&sub3=id393048976&sub4=&sub5= https://monetizeplus.g2afse.com/click?pid=999&offer_id=784141&sub1=5fe4bad092b0f700015c9783&sub2=&pubid=55&sub2=493410616_385&sub3=&sub4=&sub5=id393048976&sub={sum}&payout={sum} https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=793&cid=5fe4bad048a39b000189b557&sid=999&udid=&name=&info=monetizeppre&blockTime=0 https://pandamobi.g2afse.com/click?pid=6&offer_id=167411&sub1=NCT_iphone_be_ofid8331223_pid616_sub15fe4bad048a39b000189b557_sub2999_sub3monetizeppre_nat13_sub4_sub5&sub2=493410616_999&sub5=id587366035 http://r.leadzu.com/red/?code=4M4C8XL2R1ZN&a=6.&pubid=6	0 0

GET		disabled.html aandb.g2afse.com/ Redirect Chain https://adcrate-solutions.go2affise.com/click?pid=80&offer_id=1339016&sub1=NCT_iphone_be_ofid9322450_pid809_sub1_sub282_sub3web3ppre_nat11_sub4_sub5&sub2=493410809_82&sub4=id1487602320 https://aandb.g2afse.com/click?pid=2&offer_id=506953&sub1=5fe4bad1f456bd00011863d2&sub2=80_493410809_82&sub3=&sub4=id1487602320 http://aandb.g2afse.com/disabled.html	0 0

GET		sl ad-experience.g2afse.com/ Redirect Chain https://ad-experience.g2afse.com/click?pid=2&offer_id=48205&sub1=NCT_iphone_be_ofid9494065_pid809_sub1_sub282_sub3web3ppre_nat12_sub4_sub5&sub2=493410809_82&sub5=id1487602320 http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=48205&sub3=2	0 0

GET		redirect xml.blueparrot.media/ Redirect Chain https://lambadapp.go2affise.com/click?pid=46&offer_id=3580355&sub1=NCT_iphone_be_ofid8788652_pid809_sub1_sub282_sub3web3ppre_nat14_sub4_sub5&sub2=493410809_82&sub3=id1487602320 https://mobee.g2afse.com/click?pid=4&offer_id=876454&sub2=46_493410809_82 http://xml.blueparrot.media/redirect?feed=221274&auth=9tpPZk&url=http://www.google.com&subid=4_46_493410809_82	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: apptrust.g2afse.com
URL: https://apptrust.g2afse.com/click?pid=27&offer_id=436885&sub1=NCT_iphone_be_ofid9456792_pid616_sub1_sub2385_sub3iconpeakppre_nat6_sub4_sub5&sub2=493410616_385&sub4=id339532909

Domain: aandb.g2afse.com
URL: https://aandb.g2afse.com/click?pid=2&offer_id=506953&sub1=5fe4bacd45190c0001ba5524&sub2=80_493410809_82&sub3=&sub4=id1487602320

Domain: ad-experience.g2afse.com
URL: https://ad-experience.g2afse.com/click?pid=2&offer_id=48205&sub1=NCT_iphone_be_ofid9494065_pid809_sub1_sub282_sub3web3ppre_nat12_sub4_sub5&sub2=493410809_82&sub5=id1487602320

Domain: mobee.g2afse.com
URL: https://mobee.g2afse.com/click?pid=4&offer_id=876454&sub2=46_493410809_82

Domain: chimaprome.com
URL: https://chimaprome.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D

Domain: r.leadzu.com
URL: http://r.leadzu.com/red/?code=4M4C8XL2R1ZN&a=6.&pubid=6

Domain: aandb.g2afse.com
URL: http://aandb.g2afse.com/disabled.html

Domain: ad-experience.g2afse.com
URL: http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=48205&sub3=2

Domain: xml.blueparrot.media
URL: http://xml.blueparrot.media/redirect?feed=221274&auth=9tpPZk&url=http://www.google.com&subid=4_46_493410809_82

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8nsegm1.appsdeku.com
aandb.g2afse.com
ad-experience.g2afse.com
adcrate-solutions.go2affise.com
appalgo.g2afse.com
appnappmo.g2afse.com
apps.apple.com
appscogent.g2afse.com
apptrust.g2afse.com
boostads.g2afse.com
brainadv.g2afse.com
bs45lck.appsmaxpower.com
cellonltd.g2afse.com
chimaprome.com
click.iconpeak2trk.com
click.kanmobi.net
cpi-offers.com
go2.enjoycpi.com
gowith.go2affise.com
il32.co
labmediasolutions.g2afse.com
mobee.g2afse.com
mookomedia.g2afse.com
olamob.g2afse.com
r.leadzu.com
sing.clkstream.com
t1.greatforwarding.com
tha.gotrackier.com
toptopmedia.g2afse.com
totalcpi.com
track.paddlewaver.com
track.zoomd.com
trk.interceptd.com
web3mobile.g2afse.com
www.rtbdem.com
xml.blueparrot.media
zenoclick.g2afse.com
zildd.g2afse.com
aandb.g2afse.com
ad-experience.g2afse.com
apptrust.g2afse.com
chimaprome.com
mobee.g2afse.com
r.leadzu.com
xml.blueparrot.media
144.91.99.171
18.140.90.127
18.141.88.84
18.207.66.245
212.32.250.33
212.7.209.71
212.7.209.73
213.227.134.194
213.227.134.200
213.227.134.236
213.227.134.238
213.227.134.242
213.227.135.207
213.227.135.209
213.227.135.213
213.227.135.227
213.227.135.233
213.227.156.21
213.227.156.233
2606:4700:20::681a:d03
2606:4700:20::ac43:4466
2620:1ec:bdf::13
2a02:26f0:6c00:19c::2a1
3.124.136.225
3.226.147.193
35.171.134.132
35.241.13.125
52.49.154.215
348b76717ecef4eed02b1059cb8dde73ad93350ff2092478aadd1199621927df
4f50293477d9a7d4274844a38926ac7febd7ddb49ec844be25ec2d1dcb16558d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

cpi-offers.com Open in urlscan Pro 3.124.136.225 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

61 %HTTPS

14 %IPv6

21 Domains

38 Subdomains

10 IPs

6 Countries

2 kBTransfer

4 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

Indicators

cpi-offers.com Open in urlscan Pro
3.124.136.225 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

61 %
HTTPS

14 %
IPv6

21
Domains

38
Subdomains

10
IPs

6
Countries

2 kB
Transfer

4 kB
Size

0
Cookies

23 HTTP transactions
0 data transactions