ww3.advurl.com Open in urlscan Pro
69.16.228.6 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://servicehommeloan.com/
Effective URL:
https://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80
Submission: On December 16 via api (December 16th 2024, 7:02:31 pm UTC) from US — Scanned from CA

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 9 HTTP transactions. The main IP is 69.16.228.6, located in United States and belongs to LIQUIDWEB, US. The main domain is ww3.advurl.com.
TLS certificate: Issued by R11 on November 21st 2024. Valid for: 3 months.

This is the only time ww3.advurl.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	23.82.12.31 23.82.12.31	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
2	104.21.87.224 104.21.87.224	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	35.71.155.166 35.71.155.166	16509 (AMAZON-02) (AMAZON-02)
1	130.211.29.114 130.211.29.114	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.241.15.240 35.241.15.240	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	103.67.200.64 103.67.200.64	60558 (SECUREDSE...) (SECUREDSERVERS-EU PHOENIX NAP)
2	69.16.228.6 69.16.228.6	32244 (LIQUIDWEB) (LIQUIDWEB)
9	6

2 23.82.12.31 (Manassas, United States) 1 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

servicehommeloan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.87.224 (None, )

ASN13335 (CLOUDFLARENET, US)

track.auroraveil.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.155.166 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a39307df5028f4ea6.awsglobalaccelerator.com

lndk-a2.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.29.114 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 114.29.211.130.bc.googleusercontent.com

cdn.perfdrive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.241.15.240 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.15.241.35.bc.googleusercontent.com

cas.avalon.perfdrive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.67.200.64 (Singapore, Singapore) 1 redirects

ASN60558 (SECUREDSERVERS-EU PHOENIX NAP, LLC., US)
PTR: 1.xml.ams1.wowcon.net

xml-eu-v4.ngcluster-d.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.16.228.6 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: host01.mystatscenter.com

ww3.advurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	perfdrive.com cdn.perfdrive.com — Cisco Umbrella Rank: 42639 cas.avalon.perfdrive.com — Cisco Umbrella Rank: 12953	90 KB
2	advurl.com ww3.advurl.com	746 B
2	lndk-a2.online 1 redirects lndk-a2.online	21 KB
2	auroraveil.bid track.auroraveil.bid — Cisco Umbrella Rank: 384882	3 KB
2	servicehommeloan.com 1 redirects servicehommeloan.com	1 KB
1	ngcluster-d.site 1 redirects xml-eu-v4.ngcluster-d.site	270 B
9	6

	Domain	Requested by
2	ww3.advurl.com	lndk-a2.online
2	cas.avalon.perfdrive.com	cdn.perfdrive.com
2	lndk-a2.online	1 redirects track.auroraveil.bid
2	track.auroraveil.bid	servicehommeloan.com track.auroraveil.bid
2	servicehommeloan.com	1 redirects
1	xml-eu-v4.ngcluster-d.site	1 redirects
1	cdn.perfdrive.com	lndk-a2.online
9	7

This site contains no links.

Subject Issuer	Validity	Valid
servicehommeloan.com R10	`2024-11-27` - `2025-02-25`	3 months	crt.sh
auroraveil.bid WE1	`2024-11-12` - `2025-02-10`	3 months	crt.sh
lndk-a2.online Amazon RSA 2048 M03	`2024-11-06` - `2025-12-05`	a year	crt.sh
*.perfdrive.com Go Daddy Secure Certificate Authority - G2	`2024-09-20` - `2025-09-26`	a year	crt.sh
cas.avalon.perfdrive.com Go Daddy Secure Certificate Authority - G2	`2024-07-26` - `2025-08-05`	a year	crt.sh
ww3.advurl.com R11	`2024-11-21` - `2025-02-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80
Frame ID: 46DB0568998DF7417133225F52CA3A9B
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://servicehommeloan.com/ HTTP 307
https://servicehommeloan.com/ Page URL
https://servicehommeloan.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MT... HTTP 302
https://track.auroraveil.bid/proceed.php?domain=servicehommeloan.com&hash=afd3bc0c79cd8ff07c88cfca4415011... Page URL
https://track.auroraveil.bid/beam.php?tcid=&target=aHR0cDovL2xuZGstYTIub25saW5lL2FwaS92MS9weD94bWxpZD15Mn... Page URL
http://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G HTTP 307
https://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G Page URL
https://lndk-a2.online/api/v1/pxcheck?impId=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G&minfo=eyJjb29r... HTTP 302
http://xml-eu-v4.ngcluster-d.site/click?seat=1891635&i=A4l1O-LQt7Y_0 HTTP 307
https://xml-eu-v4.ngcluster-d.site/click?seat=1891635&i=A4l1O-LQt7Y_0 HTTP 302
http://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c... HTTP 307
https://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

115 kB
Transfer

333 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://servicehommeloan.com/ HTTP 307
https://servicehommeloan.com/ Page URL
https://servicehommeloan.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTczNDM4MjkzNCwiaWF0IjoxNzM0Mzc1NzM0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMDhycjJsZXJnbWlpb3Fpc2MwcjlkMDIiLCJuYmYiOjE3MzQzNzU3MzQsInRzIjoxNzM0Mzc1NzM0ODUxMDg5fQ.54cHOdyowuZEEYimb7boHVBqGIsylpA3wW0dAPGpPQo&sid=4355294b-bbe0-11ef-afd2-101b96a3d765 HTTP 302
https://track.auroraveil.bid/proceed.php?domain=servicehommeloan.com&hash=afd3bc0c79cd8ff07c88cfca4415011e&u=eyJkb21haW4iOiJzZXJ2aWNlaG9tbWVsb2FuLmNvbSIsImRvbWFpbl9pZCI6IjMxMDM3NjM5IiwiZm9sZGVyX2lkIjpudWxsLCJtaWQiOiIxNTEiLCJmaWx0ZXJfaWQiOm51bGwsImFkdmVydGlzZXJfaWQiOiIxNDAiLCJ0YXJnZXQiOiJodHRwOlwvXC9sbmRrLWEyLm9ubGluZVwvYXBpXC92MVwvcHg/eG1saWQ9eTJzTTR6U2xmVUFTUTJjVnB0S2lFYk1LOUhZR0hhSmluM0E1cFg5RyIsImlwX2FkZHJlc3MiOiIxNTcuMjU0LjQ5LjgwIiwidHlwZSI6ImphdmFfcmVkaXJlY3QiLCJiaWQiOjAuMDAwMTExNTk5OTk5OTk5OTk5OTl9 Page URL
https://track.auroraveil.bid/beam.php?tcid=&target=aHR0cDovL2xuZGstYTIub25saW5lL2FwaS92MS9weD94bWxpZD15MnNNNHpTbGZVQVNRMmNWcHRLaUViTUs5SFlHSGFKaW4zQTVwWDlH&hash=f07153eca2f567515e289a3282fbd191&m=MTUx Page URL
http://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G HTTP 307
https://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G Page URL
https://lndk-a2.online/api/v1/pxcheck?impId=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G&minfo=eyJjb29raWVEaXNhYmxlZCI6ZmFsc2UsInVhIjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTMxLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJpZnJhbWUiOmZhbHNlLCJkZXZpY2VQaXhlbFJhdGlvIjoxLCJ3bmRMb2NIcmVmIjoiaHR0cHM6Ly9sbmRrLWEyLm9ubGluZS9hcGkvdjEvcHg/eG1saWQ9eTJzTTR6U2xmVUFTUTJjVnB0S2lFYk1LOUhZR0hhSmluM0E1cFg5RyIsImRldmljZVNyZWVuU2l6ZSI6IjEyMDB4MTYwMCIsImRldmljZVdpbmRvd1NpemUiOiIxMjAweDE2MDAiLCJ3bmQyc3JjUmF0aW9Md3IwNiI6ZmFsc2UsImVmZmVjdGl2ZVR5cGUiOiI0ZyIsInR6Ijo0ODAsInR6SW50bCI6IkFtZXJpY2EvVmFuY291dmVyIiwiaXNCb3QiOmZhbHNlLCJmQm90TmFtZSI6IiIsImZSZWFzb25zIjoiIn0= HTTP 302
http://xml-eu-v4.ngcluster-d.site/click?seat=1891635&i=A4l1O-LQt7Y_0 HTTP 307
https://xml-eu-v4.ngcluster-d.site/click?seat=1891635&i=A4l1O-LQt7Y_0 HTTP 302
http://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80 HTTP 307
https://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://servicehommeloan.com/ HTTP 307
https://servicehommeloan.com/

Request Chain 1

https://servicehommeloan.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTczNDM4MjkzNCwiaWF0IjoxNzM0Mzc1NzM0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMDhycjJsZXJnbWlpb3Fpc2MwcjlkMDIiLCJuYmYiOjE3MzQzNzU3MzQsInRzIjoxNzM0Mzc1NzM0ODUxMDg5fQ.54cHOdyowuZEEYimb7boHVBqGIsylpA3wW0dAPGpPQo&sid=4355294b-bbe0-11ef-afd2-101b96a3d765 HTTP 302
https://track.auroraveil.bid/proceed.php?domain=servicehommeloan.com&hash=afd3bc0c79cd8ff07c88cfca4415011e&u=eyJkb21haW4iOiJzZXJ2aWNlaG9tbWVsb2FuLmNvbSIsImRvbWFpbl9pZCI6IjMxMDM3NjM5IiwiZm9sZGVyX2lkIjpudWxsLCJtaWQiOiIxNTEiLCJmaWx0ZXJfaWQiOm51bGwsImFkdmVydGlzZXJfaWQiOiIxNDAiLCJ0YXJnZXQiOiJodHRwOlwvXC9sbmRrLWEyLm9ubGluZVwvYXBpXC92MVwvcHg/eG1saWQ9eTJzTTR6U2xmVUFTUTJjVnB0S2lFYk1LOUhZR0hhSmluM0E1cFg5RyIsImlwX2FkZHJlc3MiOiIxNTcuMjU0LjQ5LjgwIiwidHlwZSI6ImphdmFfcmVkaXJlY3QiLCJiaWQiOjAuMDAwMTExNTk5OTk5OTk5OTk5OTl9

Request Chain 3

http://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G HTTP 307
https://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
servicehommeloan.com/
Redirect Chain

http://servicehommeloan.com/
https://servicehommeloan.com/

482 B
766 B

414ms
69ms

Document
text/html

23.82.12.31
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://servicehommeloan.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.82.12.31 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: Cowboy /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 482
content-type: text/html; charset=utf-8
date: Mon, 16 Dec 2024 19:02:14 GMT
server: Cowboy

Redirect headers

Location: https://servicehommeloan.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3

200

proceed.php
track.auroraveil.bid/
Redirect Chain

https://servicehommeloan.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTczNDM4MjkzNCwiaWF0IjoxNzM0Mzc1NzM0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMDhycjJsZXJnbWlpb3...
https://track.auroraveil.bid/proceed.php?domain=servicehommeloan.com&hash=afd3bc0c79cd8ff07c88cfca4415011e&u=eyJkb21haW4iOiJzZXJ2aWNlaG9tbWVsb2FuLmNvbSIsImRvbWFpbl9pZCI6IjMxMDM3NjM5IiwiZm9sZGVyX2lk...

559 B
1 KB

472ms
266ms

Document
text/html

104.21.87.224
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://track.auroraveil.bid/proceed.php?domain=servicehommeloan.com&hash=afd3bc0c79cd8ff07c88cfca4415011e&u=eyJkb21haW4iOiJzZXJ2aWNlaG9tbWVsb2FuLmNvbSIsImRvbWFpbl9pZCI6IjMxMDM3NjM5IiwiZm9sZGVyX2lkIjpudWxsLCJtaWQiOiIxNTEiLCJmaWx0ZXJfaWQiOm51bGwsImFkdmVydGlzZXJfaWQiOiIxNDAiLCJ0YXJnZXQiOiJodHRwOlwvXC9sbmRrLWEyLm9ubGluZVwvYXBpXC92MVwvcHg/eG1saWQ9eTJzTTR6U2xmVUFTUTJjVnB0S2lFYk1LOUhZR0hhSmluM0E1cFg5RyIsImlwX2FkZHJlc3MiOiIxNTcuMjU0LjQ5LjgwIiwidHlwZSI6ImphdmFfcmVkaXJlY3QiLCJiaWQiOjAuMDAwMTExNTk5OTk5OTk5OTk5OTl9

Requested by

Host: servicehommeloan.com
URL: https://servicehommeloan.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.87.224 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://servicehommeloan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8f30ed4139d0ab94-YYZ
content-encoding: none
content-type: text/html; charset=utf8
date: Mon, 16 Dec 2024 19:02:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D2NU0G%2Fl75czq0AxVpQttOleNIvErjuGECdxFaGqhE9XuDpLY0bi%2FY71eByt150Y05DtNIF%2FXeo8oimDaLm%2B4%2BwPrvQVgb4KNHIbaW8FebqPjFuE69MOE0Z6drFEH27dAvnrW0T1dg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=41303&min_rtt=36247&rtt_var=14138&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4169&recv_bytes=4888&delivery_rate=469&cwnd=12000&unsent_bytes=0&cid=1dd190a85fbc257e&ts=280&x=1" cfExtPri cfHdrFlush;dur=0
vary: accept-encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Mon, 16 Dec 2024 19:02:15 GMT
location: https://track.auroraveil.bid/proceed.php?domain=servicehommeloan.com&hash=afd3bc0c79cd8ff07c88cfca4415011e&u=eyJkb21haW4iOiJzZXJ2aWNlaG9tbWVsb2FuLmNvbSIsImRvbWFpbl9pZCI6IjMxMDM3NjM5IiwiZm9sZGVyX2lkIjpudWxsLCJtaWQiOiIxNTEiLCJmaWx0ZXJfaWQiOm51bGwsImFkdmVydGlzZXJfaWQiOiIxNDAiLCJ0YXJnZXQiOiJodHRwOlwvXC9sbmRrLWEyLm9ubGluZVwvYXBpXC92MVwvcHg/eG1saWQ9eTJzTTR6U2xmVUFTUTJjVnB0S2lFYk1LOUhZR0hhSmluM0E1cFg5RyIsImlwX2FkZHJlc3MiOiIxNTcuMjU0LjQ5LjgwIiwidHlwZSI6ImphdmFfcmVkaXJlY3QiLCJiaWQiOjAuMDAwMTExNTk5OTk5OTk5OTk5OTl9
server: Cowboy

GET
H3 200 beam.php
track.auroraveil.bid/ 917 B
2 KB 295ms
271ms Document
text/html 104.21.87.224
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://track.auroraveil.bid/beam.php?tcid=&target=aHR0cDovL2xuZGstYTIub25saW5lL2FwaS92MS9weD94bWxpZD15MnNNNHpTbGZVQVNRMmNWcHRLaUViTUs5SFlHSGFKaW4zQTVwWDlH&hash=f07153eca2f567515e289a3282fbd191&m=MTUx

Requested by

Host: track.auroraveil.bid
URL: https://track.auroraveil.bid/proceed.php?domain=servicehommeloan.com&hash=afd3bc0c79cd8ff07c88cfca4415011e&u=eyJkb21haW4iOiJzZXJ2aWNlaG9tbWVsb2FuLmNvbSIsImRvbWFpbl9pZCI6IjMxMDM3NjM5IiwiZm9sZGVyX2lkIjpudWxsLCJtaWQiOiIxNTEiLCJmaWx0ZXJfaWQiOm51bGwsImFkdmVydGlzZXJfaWQiOiIxNDAiLCJ0YXJnZXQiOiJodHRwOlwvXC9sbmRrLWEyLm9ubGluZVwvYXBpXC92MVwvcHg/eG1saWQ9eTJzTTR6U2xmVUFTUTJjVnB0S2lFYk1LOUhZR0hhSmluM0E1cFg5RyIsImlwX2FkZHJlc3MiOiIxNTcuMjU0LjQ5LjgwIiwidHlwZSI6ImphdmFfcmVkaXJlY3QiLCJiaWQiOjAuMDAwMTExNTk5OTk5OTk5OTk5OTl9

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.87.224 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8f30ed46b806ab94-YYZ
content-encoding: none
content-type: text/html; charset=UTF-8
date: Mon, 16 Dec 2024 19:02:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lXcMgHufpCTWngVnldgebKYu7Dw3QLVOoIneMbElXWDdfLC0NLV01nWYbjiAdpT%2Ff6dq2KanOq%2F45OGXysDUcLAMhrFhgh0BCriXS%2BtaSkRnQnb2zlq7s6Fbfd%2BY8lPX5bIonc5sbw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=40400&min_rtt=34082&rtt_var=12409&sent=15&recv=12&lost=0&retrans=0&sent_bytes=5494&recv_bytes=5442&delivery_rate=38171&cwnd=12000&unsent_bytes=0&cid=1dd190a85fbc257e&ts=1078&x=1" cfExtPri cfHdrFlush;dur=0
vary: accept-encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

px
lndk-a2.online/api/v1/
Redirect Chain

http://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G
https://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G

90 KB
21 KB

562ms
140ms

Document
text/html

35.71.155.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G
Requested by: Host: track.auroraveil.bid
URL: https://track.auroraveil.bid/beam.php?tcid=&target=aHR0cDovL2xuZGstYTIub25saW5lL2FwaS92MS9weD94bWxpZD15MnNNNHpTbGZVQVNRMmNWcHRLaUViTUs5SFlHSGFKaW4zQTVwWDlH&hash=f07153eca2f567515e289a3282fbd191&m=MTUx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.155.166 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a39307df5028f4ea6.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Referer: https://track.auroraveil.bid/beam.php?tcid=&target=aHR0cDovL2xuZGstYTIub25saW5lL2FwaS92MS9weD94bWxpZD15MnNNNHpTbGZVQVNRMmNWcHRLaUViTUs5SFlHSGFKaW4zQTVwWDlH&hash=f07153eca2f567515e289a3282fbd191&m=MTUx
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 16 Dec 2024 19:02:18 GMT
etag: W/"1698b-pIC2RnxZEtfRvSlS02TGF/GFZ9Q"
vary: Accept-Encoding

Redirect headers

Location: https://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 stormcaster.js
cdn.perfdrive.com/advanced/ 240 KB
90 KB 253ms
40ms Script
application/javascript 130.211.29.114
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.perfdrive.com/advanced/stormcaster.js
Requested by: Host: lndk-a2.online
URL: https://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.29.114 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 114.29.211.130.bc.googleusercontent.com
Software: nginx/1.10.1 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://lndk-a2.online/

Response headers

cache-control: max-age=3600,public
content-encoding: gzip
etag: W/"674e9703-3bf3a"
age: 3034
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91395
date: Mon, 16 Dec 2024 18:11:44 GMT
last-modified: Tue, 03 Dec 2024 05:28:35 GMT
content-type: application/javascript
server: nginx/1.10.1
vary: Accept-Encoding

POST
H2 200 jsdata
cas.avalon.perfdrive.com/ 360 B
414 B 286ms
79ms XHR
text/plain 35.241.15.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cas.avalon.perfdrive.com/jsdata?
Requested by: Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/advanced/stormcaster.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.15.241.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://lndk-a2.online/

Response headers

via: 1.1 google
x-response-time: 0ms
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 360
date: Mon, 16 Dec 2024 19:02:19 GMT
content-type: text/plain; charset=UTF-8

POST
H2 200 jsdata
cas.avalon.perfdrive.com/ 198 B
343 B 282ms
78ms XHR
text/plain 35.241.15.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cas.avalon.perfdrive.com/jsdata?
Requested by: Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/advanced/stormcaster.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.15.241.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://lndk-a2.online/

Response headers

via: 1.1 google
x-response-time: 0ms
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 198
date: Mon, 16 Dec 2024 19:02:19 GMT
content-type: text/plain; charset=UTF-8

GET
H/1.1

404
Not Found

Primary Request prem_ga.php Show response
ww3.advurl.com/ads/
Redirect Chain

https://lndk-a2.online/api/v1/pxcheck?impId=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G&minfo=eyJjb29raWVEaXNhYmxlZCI6ZmFsc2UsInVhIjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMz...
http://xml-eu-v4.ngcluster-d.site/click?seat=1891635&i=A4l1O-LQt7Y_0
https://xml-eu-v4.ngcluster-d.site/click?seat=1891635&i=A4l1O-LQt7Y_0
http://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80
https://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80

16 B
230 B

733ms
142ms

Document
text/html

69.16.228.6
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80
Requested by: Host: lndk-a2.online
URL: https://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.228.6 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host01.mystatscenter.com
Software: Apache /
Resource Hash: 8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Mon, 16 Dec 2024 19:02:20 GMT
Keep-Alive: timeout=2, max=500
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Location: https://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 404
Not Found favicon.ico
ww3.advurl.com/ 315 B
516 B 68ms
67ms Other
text/html 69.16.228.6
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://ww3.advurl.com/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.228.6 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host01.mystatscenter.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80

Response headers

Keep-Alive: timeout=2, max=499
Content-Length: 315
Date: Mon, 16 Dec 2024 19:02:21 GMT
Content-Type: text/html; charset=iso-8859-1
Server: Apache
Connection: Keep-Alive

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.servicehommeloan.com/	1970-01-21 11:22:15	Name: sid Value: 4355294b-bbe0-11ef-afd2-101b96a3d765
.lndk-a2.online/	1970-01-21 06:05:24	Name: __ssds Value: 2
.lndk-a2.online/	1970-01-21 06:05:24	Name: __ssuzjsr2 Value: a9be0cd8e
.lndk-a2.online/	1970-01-21 06:05:24	Name: __uzmaj2 Value: ecd4e683-21ab-4590-9b54-9bf4d8a86f8b
.lndk-a2.online/	1970-01-21 06:05:24	Name: __uzmbj2 Value: 1734375739
.lndk-a2.online/	1970-01-21 06:05:24	Name: __uzmcj2 Value: 986371058304
.lndk-a2.online/	1970-01-21 06:05:24	Name: __uzmdj2 Value: 1734375739
.lndk-a2.online/	1970-01-21 06:05:24	Name: __uzmlj2 Value: of0+h+J39SyK4+Tqoy9RJsWs7bUwLMkjLRsmHi9BSoo=
.lndk-a2.online/	1970-01-21 06:05:24	Name: __uzmfj2 Value: 7f600022ff95c8-b2b6-45c4-837f-a0f10a1e94b017343757393050-6dadab1bb5802fb910

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://lndk-a2.online/api/v1/px?xmlid=y2sM4zSlfUASQ2cVptKiEbMK9HYGHaJin3A5pX9G Message: [GroupMarkerNotSet(crbug.com/242999)!:A0905C004C260000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network	error	URL: https://ww3.advurl.com/ads/prem_ga.php?geoshort=CA&source=AR-455004&target=ffd30e6a8a7f9931d29d6f1c8&ip=157.254.49.80 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://ww3.advurl.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cas.avalon.perfdrive.com
cdn.perfdrive.com
lndk-a2.online
servicehommeloan.com
track.auroraveil.bid
ww3.advurl.com
xml-eu-v4.ngcluster-d.site
103.67.200.64
104.21.87.224
130.211.29.114
23.82.12.31
35.241.15.240
35.71.155.166
69.16.228.6
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

ww3.advurl.com Open in urlscan Pro 69.16.228.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

6 Domains

7 Subdomains

6 IPs

3 Countries

115 kBTransfer

333 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

9 Cookies

3 Console Messages

Indicators

ww3.advurl.com Open in urlscan Pro
69.16.228.6 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

115 kB
Transfer

333 kB
Size

9
Cookies

9 HTTP transactions
0 data transactions