newadslab.com Open in urlscan Pro
2606:4700:3037::ac43:8142 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.theprincipals.us/
Effective URL:
https://newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0/?cid=89592513609&sid=443598856&s=0.012667
Submission: On November 07 via api (November 7th 2022, 3:08:16 am UTC) from US — Scanned from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3037::ac43:8142, located in United States and belongs to CLOUDFLARENET, US. The main domain is newadslab.com.
TLS certificate: Issued by E1 on September 27th 2022. Valid for: 3 months.

This is the only time newadslab.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.93.103.99 172.93.103.99	23470 (RELIABLESITE) (RELIABLESITE)
1 2	192.99.158.241 192.99.158.241	16276 (OVH) (OVH)
1 2	108.168.193.189 108.168.193.189	36351 (SOFTLAYER) (SOFTLAYER)
1	108.168.193.184 108.168.193.184	36351 (SOFTLAYER) (SOFTLAYER)
1	2606:4700:303... 2606:4700:3037::ac43:8142	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.197.244 172.67.197.244	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::681a:6e4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:7e4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	8

1 172.93.103.99 (United States) 1 redirects

ASN23470 (RELIABLESITE, US)

www.theprincipals.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.99.158.241 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ip241.ip-192-99-158.net

btpnative.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.168.193.189 (Dallas, United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: bd.c1.a86c.ip4.static.sl-reverse.com

mybettermb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p274639.mybettermb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.168.193.184 (Dallas, United States)

ASN36351 (SOFTLAYER, US)
PTR: b8.c1.a86c.ip4.static.sl-reverse.com

clkdeals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:8142 (United States)

ASN13335 (CLOUDFLARENET, US)

newadslab.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.197.244 (United States)

ASN13335 (CLOUDFLARENET, US)

feed.cn-rtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.cn-rtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:6e4 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.ocmhood.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:7e4 (United States)

ASN13335 (CLOUDFLARENET, US)

t.ocmhood.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	ocmhood.com cdn.ocmhood.com — Cisco Umbrella Rank: 23339 t.ocmhood.com — Cisco Umbrella Rank: 7277	12 KB
2	cn-rtb.com feed.cn-rtb.com — Cisco Umbrella Rank: 46731 t.cn-rtb.com — Cisco Umbrella Rank: 56604	866 B
2	mybettermb.com 1 redirects mybettermb.com p274639.mybettermb.com	1 KB
2	btpnative.com 1 redirects btpnative.com — Cisco Umbrella Rank: 228779	8 KB
1	newadslab.com newadslab.com	53 KB
1	clkdeals.com clkdeals.com — Cisco Umbrella Rank: 255880	197 B
1	theprincipals.us 1 redirects www.theprincipals.us	609 B
9	7

	Domain	Requested by
2	t.ocmhood.com	cdn.ocmhood.com
2	btpnative.com	1 redirects
1	t.cn-rtb.com	newadslab.com
1	cdn.ocmhood.com	newadslab.com
1	feed.cn-rtb.com	newadslab.com
1	newadslab.com	p274639.mybettermb.com
1	clkdeals.com	p274639.mybettermb.com
1	p274639.mybettermb.com
1	mybettermb.com	1 redirects
1	www.theprincipals.us	1 redirects
9	10

This site contains no links.

Subject Issuer	Validity	Valid
*.mybettermb.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-02` - `2023-11-02`	a year	crt.sh
www.clkdeals.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-16` - `2022-12-29`	a year	crt.sh
*.newadslab.com E1	`2022-09-27` - `2022-12-26`	3 months	crt.sh
*.cn-rtb.com E1	`2022-10-27` - `2023-01-25`	3 months	crt.sh
ocmhood.com Cloudflare Inc ECC CA-3	`2022-05-04` - `2023-05-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0/?cid=89592513609&sid=443598856&s=0.012667
Frame ID: F8049E05E129A264FBD0101A84950E94
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Click Allow

Page URL History Show full URLs

http://www.theprincipals.us/ HTTP 302
http://btpnative.com/click?data=Y3I2M3VJN1gzWkx3T1BOSmRiYXJVUTZpaTNfSnlCdXhqVlhKOG1ZWkhkR3JXZkMtS... Page URL
http://btpnative.com/Redirect/ HTTP 302
https://mybettermb.com/aS/feedclick?s=ULvdn1uz3febt1xI3YONt48uDhK_8R6j4uJxrVEbBjRxbZGZuTKVRzZTiQMvA... HTTP 302
https://p274639.mybettermb.com/adServe/domainClick?ai=4uLj5WgHRR_Wo-yxIdkd5qmEri035ZFRvNuLK3EDYy9HmJyVau5Xx... Page URL
https://newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0/?cid=89592513609&sid=443598856&s... Page URL

Page Statistics

9
Requests

89 %
HTTPS

38 %
IPv6

7
Domains

10
Subdomains

8
IPs

2
Countries

72 kB
Transfer

165 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.theprincipals.us/ HTTP 302
http://btpnative.com/click?data=Y3I2M3VJN1gzWkx3T1BOSmRiYXJVUTZpaTNfSnlCdXhqVlhKOG1ZWkhkR3JXZkMtSXBKUThYZ3ozbGtrVl80c3dUaElYbW5Tc2hBbEhkQ0tFVnFDaHRpWWR4N1BOZ1EtdGxZc28ybktLdXlTUDVwcVp6ODdWdkhZMV9xalFmcGZjb2ZIYS14ay1ZTFhqeGMwdVVNQnBBMg2&id=f4b6e183-684f-488a-9bc8-89abf0b9d3ba Page URL
http://btpnative.com/Redirect/ HTTP 302
https://mybettermb.com/aS/feedclick?s=ULvdn1uz3febt1xI3YONt48uDhK_8R6j4uJxrVEbBjRxbZGZuTKVRzZTiQMvAXg5dnQ3qd4H7z-pbTnNK1c9Rxz0pbUsp-ySGgmEUacevEQYjm0qKR4tjYHdqoH80EYFgS41QDYTbhAEysjXg8JANJjEIILW_3V7XWOpnxryNlx7KrBhNZHymjDp1D9LncCfojPFvpGPoFzxOQ4WOnwX0cmZ3JbnfpmcOxWAFyIi2kW5t_2Cv0fdz3jWENwK00Ted4WMT6imf0srdINuC4aNzBKNF2I-VdeoBx5u4SAV7pcoDm9azpipgo6Dvt6-2frBOXH0bz8yQEu_71nWn8qDhiIOaFKZydYoeTF4aYE1MrASU4aKnTpOQ9DOmcIWcGeecK44q-u1OGCvNo1KeadkmEYOYYV59ZhyToW0kLaQksenPKCBTHWJhgdxkmLCK59jqvlLaLXstzfz_j6cHEvyPU5KGBM3TAPWzSKazZhC52VhGlY92fbP3XL0XOuCaKXuouB7tJbrE--UKAzv8NaTQJCpbW9XlGcS4VGgc7Shj8UmR6maKtOzUfhavWtP5UaqzELYf6yeFXcz9ySGuWfB6sRV2cSoKvjPISUWsfR8aM-5-K8l55amZZqKf3ZJVJ-aluQFEZxUJqa7KjZ5zStvUy5CxOGAJn-6LNG2ftEtxOawV6aYWAbC7xMBu9Y9x2L_V11A14MZBdew6V6FQUqFUqUGB-hTo_x2HOhrk-5mrOXv7Zfgd_p-X6cpIriKSeYNwmYYyf1G-mN6cdvAEPibe8QVwhOWsb7scd10Q1RLGlDtnfbMZLsZC2kB5XDehuly1OVmKLjT2fy3_UD8TngI769sUfebrDO3f6vu3b88dKKBa3Gg_ZqoT2NNMzZfk7Kg531n_H3q5DaVUcvUXgIB-esPv5WQyZ6aAvDSFhxqZjSchxPX96b1dyQPtXcJTecQHYnF_uGKIhflVdO4tCVvabfaCU-MbVzLeOuDHI4OhPTM_L8ayOHc2f69cgphgWArEE63FNpWehhmEaZBcylQa-LilNvx9qR7oJ4APUi-E1o_yxSmkH3QiFe8xg5F04Ren8Uc18SEqighuvhJwj6443fqfX5UL4K4qJ8fAe9ZegjFvy2RKG2XybIEmZbsRwc9O6YB5OljvHjaaqL0RwPAOYUKOEDmShzPh1_MuuhOjCA4xaYzvjfiuvvXnhNPRvNJLcwtAAHYy5RR2mrokr7bOO1sATOyxe_2maMEV7AIk26824srcQNjL3WmthZR-8U6TwLLygl9vSe8q204dJOrJ5GSlNWCdmnGF2I2jSKaPFqBxZCHnVbmkd7PK6e4zLr1R1FYBPnLmmC7MgC14hKJjqA1jnLd1flDBH_NpwvKO2DCizGsRZQkf4rMWab3d9g_OYwwqJPWDKyphK4tN-WRUbzbiytxA2MvfPKhIwPHRBICcdyVR1FzHg9VD9747C0qcGChP9dx7xVlkkLEB146pQ HTTP 302
https://p274639.mybettermb.com/adServe/domainClick?ai=4uLj5WgHRR_Wo-yxIdkd5qmEri035ZFRvNuLK3EDYy9HmJyVau5XxYCjZuR1GPxlK3XepA_F4-s-q8ZxWxLa3Sevg5plI-_eHV8HCT3AKjNqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkeDZG8TCuTZ6lsLtTfRMmnZnWWaFAvt2dXF3LW1rOt4aZz7eSQRqU8YoyEOp_uQSubbz3XXWEqTeQ9VD9747C0q0Sv9wRW__huJ7-8RcA0nVPwM1mKkhM-lsXO9UEbxxlr6_sVYPiGScWtdnt_Lrhn8xIM-F2T9IJsA6I4B8spzdfq1VQcFG0q_7cxV8pdl6qeNnUqwZB1wttfL2tY4RhRiPI3aj7cR-FAiUOPEN66SyzZXxnX9w3KH1wgeoYy4_2A8Y94Y7f0pdSol4S5osn5YR0Ng4Sbb-ewWFMo45vcOlMGzfh0CNUya&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hyQU0ZsKkHOWWsGxpw9kfWOl5X68rRC8GFctLjFeGs3E3lgMQGbQyKe9DYNdFINo8M5lKBuNSNZg&si=1&oref=a6960ebecc31c12b831999116ddb60aa&optunit=Vbpcr0FRinWWnORZip_zfmWSQsQHXjql&rb=ff-cAUB2vs8&rr=1&abtg=0 Page URL
https://newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0/?cid=89592513609&sid=443598856&s=0.012667 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.theprincipals.us/ HTTP 302
http://btpnative.com/click?data=Y3I2M3VJN1gzWkx3T1BOSmRiYXJVUTZpaTNfSnlCdXhqVlhKOG1ZWkhkR3JXZkMtSXBKUThYZ3ozbGtrVl80c3dUaElYbW5Tc2hBbEhkQ0tFVnFDaHRpWWR4N1BOZ1EtdGxZc28ybktLdXlTUDVwcVp6ODdWdkhZMV9xalFmcGZjb2ZIYS14ay1ZTFhqeGMwdVVNQnBBMg2&id=f4b6e183-684f-488a-9bc8-89abf0b9d3ba

Request Chain 1

http://btpnative.com/Redirect/ HTTP 302
https://mybettermb.com/aS/feedclick?s=ULvdn1uz3febt1xI3YONt48uDhK_8R6j4uJxrVEbBjRxbZGZuTKVRzZTiQMvAXg5dnQ3qd4H7z-pbTnNK1c9Rxz0pbUsp-ySGgmEUacevEQYjm0qKR4tjYHdqoH80EYFgS41QDYTbhAEysjXg8JANJjEIILW_3V7XWOpnxryNlx7KrBhNZHymjDp1D9LncCfojPFvpGPoFzxOQ4WOnwX0cmZ3JbnfpmcOxWAFyIi2kW5t_2Cv0fdz3jWENwK00Ted4WMT6imf0srdINuC4aNzBKNF2I-VdeoBx5u4SAV7pcoDm9azpipgo6Dvt6-2frBOXH0bz8yQEu_71nWn8qDhiIOaFKZydYoeTF4aYE1MrASU4aKnTpOQ9DOmcIWcGeecK44q-u1OGCvNo1KeadkmEYOYYV59ZhyToW0kLaQksenPKCBTHWJhgdxkmLCK59jqvlLaLXstzfz_j6cHEvyPU5KGBM3TAPWzSKazZhC52VhGlY92fbP3XL0XOuCaKXuouB7tJbrE--UKAzv8NaTQJCpbW9XlGcS4VGgc7Shj8UmR6maKtOzUfhavWtP5UaqzELYf6yeFXcz9ySGuWfB6sRV2cSoKvjPISUWsfR8aM-5-K8l55amZZqKf3ZJVJ-aluQFEZxUJqa7KjZ5zStvUy5CxOGAJn-6LNG2ftEtxOawV6aYWAbC7xMBu9Y9x2L_V11A14MZBdew6V6FQUqFUqUGB-hTo_x2HOhrk-5mrOXv7Zfgd_p-X6cpIriKSeYNwmYYyf1G-mN6cdvAEPibe8QVwhOWsb7scd10Q1RLGlDtnfbMZLsZC2kB5XDehuly1OVmKLjT2fy3_UD8TngI769sUfebrDO3f6vu3b88dKKBa3Gg_ZqoT2NNMzZfk7Kg531n_H3q5DaVUcvUXgIB-esPv5WQyZ6aAvDSFhxqZjSchxPX96b1dyQPtXcJTecQHYnF_uGKIhflVdO4tCVvabfaCU-MbVzLeOuDHI4OhPTM_L8ayOHc2f69cgphgWArEE63FNpWehhmEaZBcylQa-LilNvx9qR7oJ4APUi-E1o_yxSmkH3QiFe8xg5F04Ren8Uc18SEqighuvhJwj6443fqfX5UL4K4qJ8fAe9ZegjFvy2RKG2XybIEmZbsRwc9O6YB5OljvHjaaqL0RwPAOYUKOEDmShzPh1_MuuhOjCA4xaYzvjfiuvvXnhNPRvNJLcwtAAHYy5RR2mrokr7bOO1sATOyxe_2maMEV7AIk26824srcQNjL3WmthZR-8U6TwLLygl9vSe8q204dJOrJ5GSlNWCdmnGF2I2jSKaPFqBxZCHnVbmkd7PK6e4zLr1R1FYBPnLmmC7MgC14hKJjqA1jnLd1flDBH_NpwvKO2DCizGsRZQkf4rMWab3d9g_OYwwqJPWDKyphK4tN-WRUbzbiytxA2MvfPKhIwPHRBICcdyVR1FzHg9VD9747C0qcGChP9dx7xVlkkLEB146pQ HTTP 302
https://p274639.mybettermb.com/adServe/domainClick?ai=4uLj5WgHRR_Wo-yxIdkd5qmEri035ZFRvNuLK3EDYy9HmJyVau5XxYCjZuR1GPxlK3XepA_F4-s-q8ZxWxLa3Sevg5plI-_eHV8HCT3AKjNqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkeDZG8TCuTZ6lsLtTfRMmnZnWWaFAvt2dXF3LW1rOt4aZz7eSQRqU8YoyEOp_uQSubbz3XXWEqTeQ9VD9747C0q0Sv9wRW__huJ7-8RcA0nVPwM1mKkhM-lsXO9UEbxxlr6_sVYPiGScWtdnt_Lrhn8xIM-F2T9IJsA6I4B8spzdfq1VQcFG0q_7cxV8pdl6qeNnUqwZB1wttfL2tY4RhRiPI3aj7cR-FAiUOPEN66SyzZXxnX9w3KH1wgeoYy4_2A8Y94Y7f0pdSol4S5osn5YR0Ng4Sbb-ewWFMo45vcOlMGzfh0CNUya&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hyQU0ZsKkHOWWsGxpw9kfWOl5X68rRC8GFctLjFeGs3E3lgMQGbQyKe9DYNdFINo8M5lKBuNSNZg&si=1&oref=a6960ebecc31c12b831999116ddb60aa&optunit=Vbpcr0FRinWWnORZip_zfmWSQsQHXjql&rb=ff-cAUB2vs8&rr=1&abtg=0

9 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	click Show response btpnative.com/ Redirect Chain http://www.theprincipals.us/ http://btpnative.com/click?data=Y3I2M3VJN1gzWkx3T1BOSmRiYXJVUTZpaTNfSnlCdXhqVlhKOG1ZWkhkR3JXZkMtSXBKUThYZ3ozbGtrVl80c3dUaElYbW5Tc2hBbEhkQ0tFVnFDaHRpWWR4N1BOZ1EtdGxZc28ybktLdXlTUDVwcVp6ODdWdkhZMV9xa...	5 KB 6 KB	95ms 21ms	Document text/html	192.99.158.241 OVH
General Check archive.org Show headers Download Go to Full URL http://btpnative.com/click?data=Y3I2M3VJN1gzWkx3T1BOSmRiYXJVUTZpaTNfSnlCdXhqVlhKOG1ZWkhkR3JXZkMtSXBKUThYZ3ozbGtrVl80c3dUaElYbW5Tc2hBbEhkQ0tFVnFDaHRpWWR4N1BOZ1EtdGxZc28ybktLdXlTUDVwcVp6ODdWdkhZMV9xalFmcGZjb2ZIYS14ay1ZTFhqeGMwdVVNQnBBMg2&id=f4b6e183-684f-488a-9bc8-89abf0b9d3ba Protocol HTTP/1.1 Server 192.99.158.241 , Canada, ASN16276 (OVH, FR), Reverse DNS ip241.ip-192-99-158.net Software Microsoft-IIS/10.0 / ASP.NET Resource Hash `d1a99349cfd123d6317fcc4c40608d828bb68ca4e52fd042313b16f737ad52b1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Access-Control-Allow-Headers Content-Type Access-Control-Allow-Origin * Cache-Control private Content-Length 5470 Content-Type text/html; charset=utf-8 Date Mon, 07 Nov 2022 03:08:10 GMT Server Microsoft-IIS/10.0 X-AspNet-Version 4.0.30319 X-AspNetMvc-Version 5.2 X-Powered-By ASP.NET Redirect headers cache-control max-age=0, private, must-revalidate connection close content-length 11 date Mon, 07 Nov 2022 03:08:10 GMT location http://btpnative.com/click?data=Y3I2M3VJN1gzWkx3T1BOSmRiYXJVUTZpaTNfSnlCdXhqVlhKOG1ZWkhkR3JXZkMtSXBKUThYZ3ozbGtrVl80c3dUaElYbW5Tc2hBbEhkQ0tFVnFDaHRpWWR4N1BOZ1EtdGxZc28ybktLdXlTUDVwcVp6ODdWdkhZMV9xalFmcGZjb2ZIYS14ay1ZTFhqeGMwdVVNQnBBMg2&id=f4b6e183-684f-488a-9bc8-89abf0b9d3ba server nginx
GET H2	200	domainClick Show response p274639.mybettermb.com/adServe/ Redirect Chain http://btpnative.com/Redirect/ https://mybettermb.com/aS/feedclick?s=ULvdn1uz3febt1xI3YONt48uDhK_8R6j4uJxrVEbBjRxbZGZuTKVRzZTiQMvAXg5dnQ3qd4H7z-pbTnNK1c9Rxz0pbUsp-ySGgmEUacevEQYjm0qKR4tjYHdqoH80EYFgS41QDYTbhAEysjXg8JANJjEIILW_3V... https://p274639.mybettermb.com/adServe/domainClick?ai=4uLj5WgHRR_Wo-yxIdkd5qmEri035ZFRvNuLK3EDYy9HmJyVau5XxYCjZuR1GPxlK3XepA_F4-s-q8ZxWxLa3Sevg5plI-_eHV8HCT3AKjNqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkeDZG8...	671 B 762 B	63ms 54ms	Document text/html	108.168.193.189 SOFTLAYER
General Check archive.org Show headers Download Go to Full URL https://p274639.mybettermb.com/adServe/domainClick?ai=4uLj5WgHRR_Wo-yxIdkd5qmEri035ZFRvNuLK3EDYy9HmJyVau5XxYCjZuR1GPxlK3XepA_F4-s-q8ZxWxLa3Sevg5plI-_eHV8HCT3AKjNqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkeDZG8TCuTZ6lsLtTfRMmnZnWWaFAvt2dXF3LW1rOt4aZz7eSQRqU8YoyEOp_uQSubbz3XXWEqTeQ9VD9747C0q0Sv9wRW__huJ7-8RcA0nVPwM1mKkhM-lsXO9UEbxxlr6_sVYPiGScWtdnt_Lrhn8xIM-F2T9IJsA6I4B8spzdfq1VQcFG0q_7cxV8pdl6qeNnUqwZB1wttfL2tY4RhRiPI3aj7cR-FAiUOPEN66SyzZXxnX9w3KH1wgeoYy4_2A8Y94Y7f0pdSol4S5osn5YR0Ng4Sbb-ewWFMo45vcOlMGzfh0CNUya&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hyQU0ZsKkHOWWsGxpw9kfWOl5X68rRC8GFctLjFeGs3E3lgMQGbQyKe9DYNdFINo8M5lKBuNSNZg&si=1&oref=a6960ebecc31c12b831999116ddb60aa&optunit=Vbpcr0FRinWWnORZip_zfmWSQsQHXjql&rb=ff-cAUB2vs8&rr=1&abtg=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 108.168.193.189 Dallas, United States, ASN36351 (SOFTLAYER, US), Reverse DNS bd.c1.a86c.ip4.static.sl-reverse.com Software nginx / Resource Hash `6287a8c058fc606c1f8a4cd1fcfb7bfd7122bbfeef66c98d2b4628e6bdd0acab` Request headers Content-Type application/x-www-form-urlencoded Origin http://btpnative.com Referer http://btpnative.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language en-US,en;q=0.9 Response headers content-encoding gzip content-type text/html;charset=ISO-8859-1 date Mon, 07 Nov 2022 03:08:11 GMT server nginx vary Accept-Encoding Redirect headers content-length 0 date Mon, 07 Nov 2022 03:08:11 GMT location https://p274639.mybettermb.com/adServe/domainClick?ai=4uLj5WgHRR_Wo-yxIdkd5qmEri035ZFRvNuLK3EDYy9HmJyVau5XxYCjZuR1GPxlK3XepA_F4-s-q8ZxWxLa3Sevg5plI-_eHV8HCT3AKjNqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkeDZG8TCuTZ6lsLtTfRMmnZnWWaFAvt2dXF3LW1rOt4aZz7eSQRqU8YoyEOp_uQSubbz3XXWEqTeQ9VD9747C0q0Sv9wRW__huJ7-8RcA0nVPwM1mKkhM-lsXO9UEbxxlr6_sVYPiGScWtdnt_Lrhn8xIM-F2T9IJsA6I4B8spzdfq1VQcFG0q_7cxV8pdl6qeNnUqwZB1wttfL2tY4RhRiPI3aj7cR-FAiUOPEN66SyzZXxnX9w3KH1wgeoYy4_2A8Y94Y7f0pdSol4S5osn5YR0Ng4Sbb-ewWFMo45vcOlMGzfh0CNUya&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hyQU0ZsKkHOWWsGxpw9kfWOl5X68rRC8GFctLjFeGs3E3lgMQGbQyKe9DYNdFINo8M5lKBuNSNZg&si=1&oref=a6960ebecc31c12b831999116ddb60aa&optunit=Vbpcr0FRinWWnORZip_zfmWSQsQHXjql&rb=ff-cAUB2vs8&rr=1&abtg=0 server nginx
GET H2	200	track clkdeals.com/adServe/	49 B 197 B	152ms 48ms	Image image/gif	108.168.193.184 SOFTLAYER
General Check archive.org Show headers Download Go to Show image Full URL https://clkdeals.com/adServe/track?subid=89592513609&prdid=2750&price=0 Requested by Host: p274639.mybettermb.com URL: https://p274639.mybettermb.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 108.168.193.184 Dallas, United States, ASN36351 (SOFTLAYER, US), Reverse DNS b8.c1.a86c.ip4.static.sl-reverse.com Software nginx / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma no-cache date Mon, 07 Nov 2022 03:08:11 GMT server nginx content-type image/gif access-control-allow-origin * cache-control no-cache content-length 49 expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	Primary Request / Show response newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0/	129 KB 53 KB	91ms 60ms	Document text/html	2606:4700:3037::ac43:8142 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0/?cid=89592513609&sid=443598856&s=0.012667 Requested by Host: p274639.mybettermb.com URL: https://p274639.mybettermb.com/adServe/domainClick?ai=4uLj5WgHRR_Wo-yxIdkd5qmEri035ZFRvNuLK3EDYy9HmJyVau5XxYCjZuR1GPxlK3XepA_F4-s-q8ZxWxLa3Sevg5plI-_eHV8HCT3AKjNqgEE0f5Fjh8XnLiFpVgC8Bvf4RIcbQkeDZG8TCuTZ6lsLtTfRMmnZnWWaFAvt2dXF3LW1rOt4aZz7eSQRqU8YoyEOp_uQSubbz3XXWEqTeQ9VD9747C0q0Sv9wRW__huJ7-8RcA0nVPwM1mKkhM-lsXO9UEbxxlr6_sVYPiGScWtdnt_Lrhn8xIM-F2T9IJsA6I4B8spzdfq1VQcFG0q_7cxV8pdl6qeNnUqwZB1wttfL2tY4RhRiPI3aj7cR-FAiUOPEN66SyzZXxnX9w3KH1wgeoYy4_2A8Y94Y7f0pdSol4S5osn5YR0Ng4Sbb-ewWFMo45vcOlMGzfh0CNUya&ui=ULvdn1uz3febt1xI3YONt_bWwvziNp_1xLgNeF8Zj-hyQU0ZsKkHOWWsGxpw9kfWOl5X68rRC8GFctLjFeGs3E3lgMQGbQyKe9DYNdFINo8M5lKBuNSNZg&si=1&oref=a6960ebecc31c12b831999116ddb60aa&optunit=Vbpcr0FRinWWnORZip_zfmWSQsQHXjql&rb=ff-cAUB2vs8&rr=1&abtg=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:8142 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3028b40ecdb76e18e0997ea764b139503cda31666ed013d74d85fc04c15b6a1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language en-US,en;q=0.9 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7662dcebed011809-EWR content-encoding br content-type text/html date Mon, 07 Nov 2022 03:08:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FgfopmsJUsub%2FdP%2BFRkmWNVNtT9cqpTri8d3SSV0VN9mqvJnUP1n0ydnwbiM5yL2Li5fPYIPjvqHeExhovFQn4M%2F45xKQe5PUOMHleJY1t1ojUOAF%2FS8RYFhwCxs2BFgLToIo95cGCcjDVdl"}],"group":"cf-nel","max_age":604800} server cloudflare
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/png
GET H2	200	AFU1kAAPatM Show response feed.cn-rtb.com/v1/native/	674 B 866 B	433ms 393ms	Fetch application/json	172.67.197.244 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://feed.cn-rtb.com/v1/native/AFU1kAAPatM?subid=56979&uid=286bc8b0-0307-4398-88d9-c70af1e57eab&kw=download%20install Requested by Host: newadslab.com URL: https://newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0/?cid=89592513609&sid=443598856&s=0.012667 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.197.244 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0c6ab4b96ea33c115ad7f1aed5217b6fe609cc460f290eb024977c0e33baec08` Request headers accept-language en-US,en;q=0.9 Referer https://newadslab.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Mon, 07 Nov 2022 03:08:12 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare model report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zpSHjO1ksokNNBYjJjy%2FMx2IFCPukd5WIRvOYK9M2rFFvP5mZBQWulq94lnrA6Z4%2B%2ByuiQ9VdvaCUJkLglDtW8%2B7OotcC6nEuFnyBWe6ygvMKpVXTwmwWzC9Ru62SjHKnbw%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cache-control no-cache cf-ray 7662dcecab26191e-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	hood.js Show response cdn.ocmhood.com/sdk/	26 KB 11 KB	55ms 15ms	Script application/javascript	2606:4700:20::681a:6e4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.ocmhood.com/sdk/hood.js?hf=Hood Requested by Host: newadslab.com URL: https://newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0/?cid=89592513609&sid=443598856&s=0.012667 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:6e4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0605a6f06ab4dbbb5b33d119fbd09dfeac10a06b851a5b57d8f76d9546cada9b` Request headers Referer https://newadslab.com/ Origin https://newadslab.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Mon, 07 Nov 2022 03:08:11 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 367 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 service-worker-allowed / last-modified Mon, 15 Aug 2022 12:17:06 GMT server cloudflare etag W/"62fa3942-2a53" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVvksj%2BO7MYdymECr5LFfOrQ2Bxhd29ZgD1n7wlzQVWh6TM%2BiyW0aO%2BuhUlWeAfjagi5i4c7NWYMIcgzh9NYuLNx%2BdWddMTqJZqDxBI5%2FOfIw4n6S7ArPVfPJmoUQ7m2JtLb3zK%2BC%2F%2BcD8r9Bg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=14400 cf-ray 7662dcecaa9d8c1e-EWR
GET DATA	200 OK	truncated /	748 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/svg+xml
POST H2	201	activity t.ocmhood.com/v2/	0 269 B	53ms 28ms	Ping application/octet-stream	2606:4700:20::681a:7e4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.ocmhood.com/v2/activity Requested by Host: cdn.ocmhood.com URL: https://cdn.ocmhood.com/sdk/hood.js?hf=Hood Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:7e4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://newadslab.com/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 07 Nov 2022 03:08:11 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlA6jaE91GX7FBHzO4NkaRyVCzNIkRF5dE56LNoriG%2BfUABTzTtluznm3EHlta%2BedJ0A0axyWjdZNnQAyhUvhndjTqMVavQwK%2FNn4BMi9LbBjgkiwebDbMoD%2FeZEGJmvdnYVo1%2BaIsU7%2BpQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control no-cache cf-ray 7662dcecfa72f025-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H2	201	activity t.ocmhood.com/v2/	0 454 B	50ms 27ms	Ping application/octet-stream	2606:4700:20::681a:7e4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.ocmhood.com/v2/activity Requested by Host: cdn.ocmhood.com URL: https://cdn.ocmhood.com/sdk/hood.js?hf=Hood Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:7e4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://newadslab.com/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 07 Nov 2022 03:08:11 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0%2FUySHNAOUBw5j265vYD5n0%2BrplmjOIptkiochpgbZlRs3ZjuDMoo2D8U5kiJo6s8%2FLFzpzMvDASXiRBw5zWeSdmhLoBiMsEzM6PNAjMVgtpgXU%2BMD3pM3RycI0mHK%2FaOh7lDUNyKhl3Go%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control no-cache cf-ray 7662dcecfa74f025-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	204	imp t.cn-rtb.com/	0 0	53ms 33ms	Fetch	172.67.197.244 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.cn-rtb.com/imp?l2=9kvQd9hYkpDGfj0Cw0Bxu2dclz7DYlBTCkfepavgVuTKdlitKXI8y4CLZoGRGBLht-t0NDm_XBD6yQRNUOchmN1SnGS6d9qSrK1URgTC5k__oywqZc61_eJnpRGAEZcn-hpKHMt3ZrZwtwcQulzTiPcHQzhUOFHI-vABKf9iSGCv2CIXwMcl0hbWVdw9WC1T Requested by Host: newadslab.com URL: https://newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0/?cid=89592513609&sid=443598856&s=0.012667 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.197.244 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://newadslab.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Mon, 07 Nov 2022 03:08:12 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2FCYfHce99iHvdyu0APpSD9ksfFeySS6eoqcxPZmPOYkm%2FZayu%2Bw30g8IcR2%2B3beJ1vrRUdRM8igsGeXYoJ3CTyEd8tfwqDZGi6p7oj%2Bi6%2FhrP2%2F7j9yEkGTFoGNJgk%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin * cache-control no-cache cf-ray 7662dcef48a8191e-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
newadslab.com/wETu1k4URe_cDF_uPIKOpMOjjcYnu65pLb8SnrHETz0	1969-12-31 23:59:59	Name: session Value: 6tNBoE4XcPM0kPQlyWZRmkhbZnwXpePM
.theprincipals.us/	1970-01-20 16:52:30	Name: sid Value: 68c98f0c-5e49-11ed-807b-93ccbaa3b694
btpnative.com/	1969-12-31 23:59:59	Name: MzIQZpulQuoMtmd Value: MzIQZpulQuoMtmd
.mybettermb.com/	1970-01-20 11:35:42	Name: rhid Value: 82323117445
.mybettermb.com/	1970-01-20 07:16:34	Name: loi Value: ad_1273735_off_717425_aff_840_cid_274639-582192263-THEPRINCIPALS.US_ts_1667790491

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

btpnative.com
cdn.ocmhood.com
clkdeals.com
feed.cn-rtb.com
mybettermb.com
newadslab.com
p274639.mybettermb.com
t.cn-rtb.com
t.ocmhood.com
www.theprincipals.us
108.168.193.184
108.168.193.189
172.67.197.244
172.93.103.99
192.99.158.241
2606:4700:20::681a:6e4
2606:4700:20::681a:7e4
2606:4700:3037::ac43:8142
0605a6f06ab4dbbb5b33d119fbd09dfeac10a06b851a5b57d8f76d9546cada9b
0c6ab4b96ea33c115ad7f1aed5217b6fe609cc460f290eb024977c0e33baec08
6287a8c058fc606c1f8a4cd1fcfb7bfd7122bbfeef66c98d2b4628e6bdd0acab
a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23
d1a99349cfd123d6317fcc4c40608d828bb68ca4e52fd042313b16f737ad52b1
e3028b40ecdb76e18e0997ea764b139503cda31666ed013d74d85fc04c15b6a1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2

newadslab.com Open in urlscan Pro 2606:4700:3037::ac43:8142 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

89 %HTTPS

38 %IPv6

7 Domains

10 Subdomains

8 IPs

2 Countries

72 kBTransfer

165 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

5 Cookies

Indicators

newadslab.com Open in urlscan Pro
2606:4700:3037::ac43:8142 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

38 %
IPv6

7
Domains

10
Subdomains

8
IPs

2
Countries

72 kB
Transfer

165 kB
Size

5
Cookies

9 HTTP transactions
2 data transactions