urlscan.io logo urlscan.io
SecurityTrails logo

goosebomb.com Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://fabstylish.co.uk/G5KyR.jsw?d5pn2Wcc3PNNcyclkcccvGdgc7LpFdxzzcbbb3w
Effective URL: https://goosebomb.com/gogate/etoro/26/index.html?action=166611752110000TDETV432397757844Vab
Submission: On October 18 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 13 domains to perform 14 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is goosebomb.com. The Cisco Umbrella rank of the primary domain is 380550.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 27th 2021. Valid for: a year.
This is the only time goosebomb.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 23.229.68.112 55286 (SERVER-MANIA)
1 45.91.248.67 64249 (ENDOFFICE)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 51.161.115.163 16276 (OVH)
1 2 51.83.143.92 16276 (OVH)
1 2 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
2 3 35.186.193.41 15169 (GOOGLE)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... ()
14 11
1    23.229.68.112 (Buffalo, United States)

ASN55286 (SERVER-MANIA, CA)
PTR: rv.devolocpl.com
fabstylish.co.uk
1    45.91.248.67 (Boston, United States)

ASN64249 (ENDOFFICE, US)
nineteendrunk.com
4    2606:4700:3032::6815:1cae (United States)

ASN13335 (CLOUDFLARENET, US)
lynku.jukminung.com
1    2606:4700:3030::ac43:bfdd (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
1    51.161.115.163 (Canada)

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net
t3.hightid.com
2    51.83.143.92 (France)

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu
ron.trffclb.com
2    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
popmyads.com
2    2606:4700:10::6816:4bab (United States)

ASN13335 (CLOUDFLARENET, US)
whos.amung.us
widgets.amung.us
3    35.186.193.41 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 41.193.186.35.bc.googleusercontent.com
www.linkonclick.com
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
goosebomb.com
1    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2001:4860:4802:34::36 (None, )

ASN- ()
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
4 jukminung.com
lynku.jukminung.com
25 KB
3 linkonclick.com
www.linkonclick.com — Cisco Umbrella Rank: 165727
4 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 15127
widgets.amung.us — Cisco Umbrella Rank: 19551
711 B
2 popmyads.com
popmyads.com — Cisco Umbrella Rank: 213227
2 KB
2 trffclb.com
ron.trffclb.com — Cisco Umbrella Rank: 421333
1 KB
1 google-analytics.com
region1.google-analytics.com
345 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 61
74 KB
1 goosebomb.com
goosebomb.com — Cisco Umbrella Rank: 380550
1 KB
1 hightid.com
t3.hightid.com
292 B
1 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 400192
1 KB
1 nineteendrunk.com
nineteendrunk.com
450 B
1 fabstylish.co.uk
fabstylish.co.uk
273 B
0 etoro.com Failed
med.etoro.com Failed
14 13
Domain Requested by
4 lynku.jukminung.com nineteendrunk.com
lynku.jukminung.com
3 www.linkonclick.com 2 redirects
2 popmyads.com 1 redirects ron.trffclb.com
2 ron.trffclb.com 1 redirects lynku.jukminung.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com goosebomb.com
1 goosebomb.com www.linkonclick.com
1 widgets.amung.us
1 whos.amung.us 1 redirects
1 t3.hightid.com 1 redirects
1 cdn.addlnk.com lynku.jukminung.com
1 nineteendrunk.com
1 fabstylish.co.uk 1 redirects
0 med.etoro.com Failed
14 14

This site contains no links.

Subject Issuer Validity Valid
nineteendrunk.com
Sectigo RSA Domain Validation Secure Server CA		 2021-12-30 -
2023-01-23		 a year crt.sh
*.jukminung.com
E1		 2022-09-19 -
2022-12-18		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-15 -
2023-05-15		 a year crt.sh
lone-star.landingtrack.com
R3		 2022-09-30 -
2022-12-29		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh

This page contains 2 frames:

Frame: http://med.etoro.com/aw.aspx?B=15341&A=89099&Task=Click&SubAffiliateID=166611752110000TDETV432397757844Vab
Frame ID: 555CB08B47310A304D566342E865E225
Requests: 11 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1666108800
Frame ID: 7C093C5EF3C92B57543C0AFC23F03349
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

loading...

Page URL History Show full URLs

  1. http://fabstylish.co.uk/G5KyR.jsw?d5pn2Wcc3PNNcyclkcccvGdgc7LpFdxzzcbbb3w HTTP 302
    https://nineteendrunk.com/176465ed30136731000/1_190340_2674679/867_3490333_4043086_56/571881020_193-27... Page URL
  2. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295088990&pubid=690415 Page URL
  3. https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub7defaf570017... HTTP 302
    https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6 Page URL
  4. https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6&bv=1 HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  5. https://popmyads.com/gget HTTP 302
    http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250 Page URL
  6. http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Cso2fvI2MqB1dQO0dEdHP3xP.ff6%252CS0kXXHXf2ck-... HTTP 302
    http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CAjaXojYToGU3B0-GH0dEdHP3xP.23d%252C5qM0B... HTTP 302
    https://goosebomb.com/gogate/etoro/26/index.html?action=166611752110000TDETV432397757844Vab Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

14
Requests

79 %
HTTPS

58 %
IPv6

13
Domains

14
Subdomains

11
IPs

4
Countries

108 kB
Transfer

287 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://fabstylish.co.uk/G5KyR.jsw?d5pn2Wcc3PNNcyclkcccvGdgc7LpFdxzzcbbb3w HTTP 302
    https://nineteendrunk.com/176465ed30136731000/1_190340_2674679/867_3490333_4043086_56/571881020_193-27-14-40 Page URL
  2. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295088990&pubid=690415 Page URL
  3. https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub7defaf5700174945a56b3549e5a43e16&s=c283d9f6 HTTP 302
    https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6 Page URL
  4. https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6&bv=1 HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  5. https://popmyads.com/gget HTTP 302
    http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250 Page URL
  6. http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Cso2fvI2MqB1dQO0dEdHP3xP.ff6%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6sQQdGgDhC8DO2lEpOlLseA%252C%252C&cbpage=http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250&cbur=0.17082131304081938&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
    http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CAjaXojYToGU3B0-GH0dEdHP3xP.23d%252C5qM0BWbGztKOVRY0Yylcn8XbQo0owCkQjiTIlq9ic4jJNjw19l6MJqtK8K9uW5VmZVMFed5TinigHB646hAfOI2DIMrWtFGpr8maXalwIagrg8lbivMI0YgSTWgICzNF6RNY1-02FL2jdcxuB3r8lRDUr1AUE3hhONJ5OiASBEocUZjn0E-Fikfg0ajfF9TVdOy3kQ6FftSbp_88BmzPD8frpnLDEX7HfcspTGG3EZsUxsqz9nOgWntWG2fLCbWpzYjzxxQFOp6VcJTW5pypAS1Tf1UZrk2KVse8gZ1WWEZ_h9W9aZy8aOnydL0w8DkiLh6DTVd75AKIkiW_yS24U-oyVyKzebvrRBH7ijnU__D4wkwn_WGEnIoE-6UHLq0KmWDuEdeIhUnasg2vECxrobPAW2AeVlqhap6-FAD_JQsABaYxUoWxqtAjC78wWAuURmWe_PySIrt3dK8STjWA-6x-IJbcJ9u9ZHPrTcv1EISz8rTZGYohh5PjToz-0xUZ4G0GFtWNc7brYZjDI6eg6Nhg8raAUoXbqS4JKl6RFeFbRmOvf_zPo-JkTx4Q41bxYqg-EZ_pgcyoS7-NnSaPuOT37jS6lWgmgoR6r0QxIrg%252C HTTP 302
    https://goosebomb.com/gogate/etoro/26/index.html?action=166611752110000TDETV432397757844Vab Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://fabstylish.co.uk/G5KyR.jsw?d5pn2Wcc3PNNcyclkcccvGdgc7LpFdxzzcbbb3w HTTP 302
  • https://nineteendrunk.com/176465ed30136731000/1_190340_2674679/867_3490333_4043086_56/571881020_193-27-14-40
Request Chain 5
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub7defaf5700174945a56b3549e5a43e16&s=c283d9f6 HTTP 302
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6
Request Chain 7
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6&bv=1 HTTP 302
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Request Chain 8
  • https://whos.amung.us/swidget/popmyads.png HTTP 307
  • https://widgets.amung.us/draw/?w=small&n=13500&c=ffc20e000000&p=left
Request Chain 9
  • https://popmyads.com/gget HTTP 302
  • http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Request Chain 12
  • https://med.etoro.com/B15341_A89099_TClick_S166611752110000TDETV432397757844Vab.aspx HTTP 301
  • http://med.etoro.com/aw.aspx?B=15341&A=89099&Task=Click&SubAffiliateID=166611752110000TDETV432397757844Vab

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
571881020_193-27-14-40
nineteendrunk.com/176465ed30136731000/1_190340_2674679/867_3490333_4043086_56/
Redirect Chain
  • http://fabstylish.co.uk/G5KyR.jsw?d5pn2Wcc3PNNcyclkcccvGdgc7LpFdxzzcbbb3w
  • https://nineteendrunk.com/176465ed30136731000/1_190340_2674679/867_3490333_4043086_56/571881020_193-27-14-40
137 B
450 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nineteendrunk.com/176465ed30136731000/1_190340_2674679/867_3490333_4043086_56/571881020_193-27-14-40
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.91.248.67 Boston, United States, ASN64249 (ENDOFFICE, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
137
Content-Type
text/html; charset=UTF-8
Date
Tue, 18 Oct 2022 18:25:17 GMT
Server
Apache

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Tue, 18 Oct 2022 18:25:16 GMT
Location
https://nineteendrunk.com/176465ed30136731000/1_190340_2674679/867_3490333_4043086_56/571881020_193-27-14-40
Server
Apache
9e8aef8068
lynku.jukminung.com/rc/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295088990&pubid=690415
Requested by
Host: nineteendrunk.com
URL: https://nineteendrunk.com/176465ed30136731000/1_190340_2674679/867_3490333_4043086_56/571881020_193-27-14-40
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c94a95c9fef5a5ec11f47c108c870876bf8fa9de1654981d701237b4a46d0d4c

Request headers

Referer
https://nineteendrunk.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
75c350d85ece1655-WAW
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Tue, 18 Oct 2022 18:25:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kwBXKlUA1jxNczvMv%2B11RInDkDHlQg6IZ4QSF%2ByEVATZ86LyFrPSf1qZSJkaDdMpF8oohD4C1Gu9DwkcclnAyl365KW6kwmKE0GBSrr%2FQm06g5Bapw%2F12kLys7Yj3wz9DZ2kR0lr5DJxGYyH46fBT%2FYR"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295088990&pubid=690415
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 18:25:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
D6288551CQVNVE8E
age
4531
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
hQdShyiC4N+EB6xTvKphmml+5b4pYNKZYA6WxIwlrhZDx+ppHds0VQVmUYqUbeiIcg6uI1BcCo4=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZbCJVnSuTWfc84JNpFgJvM6%2FGXW2IRml1xvVaLiLAAkcTzOZ6MtjIA9vrjJTf%2FV823rUmAWbe6fB0YuVC2T%2BmzE48RzES29eT4K%2BR2zKVy8QB0s6RE4gqXzOFqrnJAY%2FWVrKBv4JSScsAbKKmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
75c350dc883f8e6c-PDX
invisible.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 7C09 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1666108800
Requested by
Host: nineteendrunk.com
URL: https://nineteendrunk.com/176465ed30136731000/1_190340_2674679/867_3490333_4043086_56/571881020_193-27-14-40
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da9448abf7d8bcaff44492277f48b43720c9127d1eddef53e3cad8f2f2690715

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 18:25:18 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FM0AGcsyTV3AF60SMe3AdveA9WKb4GYh7UeJBBLdIaO3OFWcq1tqFB5hpmFXn8Im6CP%2BZENrV2GESoQPBhT8F1CsuuDKIJ0cfMwsMt1dQ7BhQlSCn%2FzLnD9VtJl%2B1JtyJoU0cGPy%2FJNPPda5zpWj9xFh"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
75c350dd9e6c1655-WAW
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pica.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 7C09 		26 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 18:25:19 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pUJVOiuJMILMM3Gia%2BVk3fCakZRWbM%2FMEouYxp58UTKtZcIl%2BbYD4PfFK1YoTZVPaKbBdmx2pzMBH%2Bjfn%2F4V94D9jaHXHMX4VihiS77drOgkYN1YPGdYCYBDA4eBIZsLHMkkFltSyGK%2BBboKcz0P%2FcVy"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
75c350ddeee01655-WAW
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
f.php
ron.trffclb.com/
Redirect Chain
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub7defaf5700174945a56b3549e5a43e16&s=c283d9f6
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6
883 B
856 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295088990&pubid=690415
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.83.143.92 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3155458.ip-51-83-143.eu
Software
nginx /
Resource Hash

Request headers

Referer
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295088990&pubid=690415
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 18 Oct 2022 18:25:19 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Tue, 18 Oct 2022 18:25:19 GMT
Location
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6
Raund
1jh
Round
1217p3t0dz
Server
nginx
75c350d85ece1655
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 7C09 		2 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/cv/result/75c350d85ece1655
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1666108800
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 18 Oct 2022 18:25:19 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSrbjwZvMQX7Zcmty59vgMJsGKR2N8rMEuT7QzytIB6L%2FTRnh07yO%2FsRB1%2FYFy8HIQiK%2BLRiO1J14bjuHNCdOFC7RTpMlsRTEhVzNKMSKzj9Vde9GHnP8Nm0G%2Fsrs3lg32UQk7%2BKi92VZKMHIrzR6If0"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
75c350e17ef509b2-MIA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
aHR0cDovL3RyYWZmaXgxMy5jb20=
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/
Redirect Chain
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6&bv=1
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Requested by
Host: ron.trffclb.com
URL: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options DENY

Request headers

Referer
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-c283d9f6
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
75c350e30d3c91ea-FRA
content-encoding
br
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=UTF-8
date
Tue, 18 Oct 2022 18:25:19 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8F%2FfC9KIanRgoqeIMIZ3%2FVws0t2NE7I5mDqro0yyJsylTGSG2oP71rTkpgydedUbxzI%2BYg7llVa3MmIFtqFyDcugkPfxNQl2RXjFeFveQOz%2FXdq0cNW%2F46T8158JMWXQID0Vwqh2wB5Fs9I%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
DENY
x-powered-by
PHP/7.1.33

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Tue, 18 Oct 2022 18:25:19 GMT
Location
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Raund
2hp
Round
11kgq037yu
Server
nginx
/
widgets.amung.us/draw/
Redirect Chain
  • https://whos.amung.us/swidget/popmyads.png
  • https://widgets.amung.us/draw/?w=small&n=13500&c=ffc20e000000&p=left
371 B
537 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.amung.us/draw/?w=small&n=13500&c=ffc20e000000&p=left
Protocol
H2
Server
2606:4700:10::6816:4bab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://popmyads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 18:25:20 GMT
cf-cache-status
HIT
last-modified
Fri, 23 Sep 2022 15:08:14 GMT
server
cloudflare
age
2171826
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2678400
content-disposition
filename=wau-widget.png
cf-ray
75c350e4de9b9b4b-FRA
expires
Sat, 24 Sep 2022 15:08:14 GMT

Redirect headers

location
https://widgets.amung.us/draw/?w=small&n=13500&c=ffc20e000000&p=left
date
Tue, 18 Oct 2022 18:25:20 GMT
cache-control
max-age=295
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
75c350e3dcc49b4b-FRA
content-type
text/html; charset=UTF-8
next.php
www.linkonclick.com/jump/
Redirect Chain
  • https://popmyads.com/gget
  • http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Protocol
HTTP/1.1
Server
35.186.193.41 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
41.193.186.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://popmyads.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Tue, 18 Oct 2022 18:25:20 GMT
Server
openresty
Transfer-Encoding
chunked
Via
1.1 google

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
75c350e5b85e09da-MIA
content-type
text/html; charset=UTF-8
date
Tue, 18 Oct 2022 18:25:20 GMT
location
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YP11xXr28mVLvmhc0iC7PeiiMPk8nMIh5hyfchvpbMnK9k9MahL8hovSrg%2F3R8tZUmoGatgMTPUiUXD9%2F9DS5zNK8LAavvHzSguy6qbpkQAEPIgzRYx5tMh%2F0w%2FlQc7clT5SAU8UA%2FLONSc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.1.33
Primary Request index.html
goosebomb.com/gogate/etoro/26/
Redirect Chain
  • http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Cso2fvI2MqB1dQO0dEdHP3xP.ff6%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6sQQdGgDhC8DO2lEpOlLseA%252C%252C&cbpage=ht...
  • http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CAjaXojYToGU3B0-GH0dEdHP3xP.23d%252C5qM0BWbGztKOVRY0Yylcn8XbQo0owCkQjiTIlq9ic4jJNjw19l6MJqtK8K9uW5VmZVMFed5TinigHB646hAfOI2DIMrWtFGpr8m...
  • https://goosebomb.com/gogate/etoro/26/index.html?action=166611752110000TDETV432397757844Vab
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://goosebomb.com/gogate/etoro/26/index.html?action=166611752110000TDETV432397757844Vab
Requested by
Host: www.linkonclick.com
URL: http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1a4f2849f141e386fe27fe771f5a3ffcd8211a1b78514efa62a8d31444df52e

Request headers

Referer
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=3600
cf-cache-status
DYNAMIC
cf-ray
75c350f04b16cea4-SJC
content-encoding
br
content-language
en
content-type
text/html
date
Tue, 18 Oct 2022 18:25:22 GMT
expires
Tue, 18 Oct 2022 19:25:22 GMT
last-modified
Tue, 09 Mar 2021 12:58:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofSs80KoyVQnfTf6m%2Fn30UL8ZlTKfptMurXGhhE4iW1b6iqt3pthk%2BLbU2X54dz1EEB00K4x%2Bb5JTT9%2Fe6VrwmDvn6AexryCkEijv4GVp229xwnVdRgtOuYDhC8fzYwvVghf20G%2BbTSR8Raj"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-goog-generation
1615294680196620
x-goog-hash
crc32c=gCJAdw== md5=bYCYnsnopoUz34sRf8/zEA==
x-goog-meta-goog-reserved-file-mtime
1614945425
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
1290
x-guploader-uploadid
ADPycdvpyKeiBH3FAkVSdLhso-DlvWeEsZnvnCSnrKcBYbEOYxVZH7uxre20qm2KLgRI4dpzZnitbLXAePlyIZJP739EKQ

Redirect headers

Access-Control-Allow-Origin
*
Content-Type
text/html; charset=utf-8
Date
Tue, 18 Oct 2022 18:25:21 GMT
Location
https://goosebomb.com/gogate/etoro/26/index.html?action=166611752110000TDETV432397757844Vab
Referrer-Policy
no-referrer
Server
openresty
Transfer-Encoding
chunked
Via
1.1 google
js
www.googletagmanager.com/gtag/ 		210 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-E9QBCJNBNS
Requested by
Host: goosebomb.com
URL: https://goosebomb.com/gogate/etoro/26/index.html?action=166611752110000TDETV432397757844Vab
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e50371ef38812ce128197767a52fd0add961c0bf30204f0dc5a124b3370d4d31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 18:25:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75505
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 18 Oct 2022 18:25:22 GMT
collect
region1.google-analytics.com/g/ 		0
345 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-E9QBCJNBNS&gtm=2oeah0&_p=1214612850&cid=1455385803.1666117523&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1666117522&sct=1&seg=0&dl=https%3A%2F%2Fgoosebomb.com%2Fgogate%2Fetoro%2F26%2Findex.html%3Faction%3D166611752110000TDETV432397757844Vab&dt=loading...&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E9QBCJNBNS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 18 Oct 2022 18:25:22 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://goosebomb.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
aw.aspx
med.etoro.com/
Redirect Chain
  • https://med.etoro.com/B15341_A89099_TClick_S166611752110000TDETV432397757844Vab.aspx
  • http://med.etoro.com/aw.aspx?B=15341&A=89099&Task=Click&SubAffiliateID=166611752110000TDETV432397757844Vab
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
med.etoro.com
URL
http://med.etoro.com/aw.aspx?B=15341&A=89099&Task=Click&SubAffiliateID=166611752110000TDETV432397757844Vab

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| gtag object| dataLayer function| getUrlVars object| url_vars function| metaRefresh object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal

3 Cookies

Domain/Path Name / Value
nineteendrunk.com/ Name: uid15295
Value: 1295088990-20221018142517-094f33beb051503173fd5df84462ced1-
lynku.jukminung.com/ Name: AWSALB
Value: Md7cTwU1jKQXA+9+ba087BAtHLnXw92Etse6LzZqsVfzzVZlBM6zK8gE2nFC0D0zcmizz+4tD6P1PWq3jyCWeKjmUvfXAd7a4HxXRuP6fPHJ5wZdIsAANMp3OAYj
.jukminung.com/ Name: __cf_bm
Value: ZH7_Eg1yFaOI4zfkkPKqNOsKhjOtJZhgt5QhvSqhFaY-1666117519-0-AeDqAT1Yhl368FkvfNJaSM5IeZju2MhAmY1Ke0Crzzq1iyxaLyz697BpdFhR/K5Lndz9u+6yZXZBPdnOLBGlmJokBGItLNxzSqBq6tf0+j6k9k20SsxKaXBYpT7y4ZUVMg==