ne.etrafficpr.com Open in urlscan Pro
104.31.89.222 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cutt.us/Br3yq
Effective URL:
https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Submission: On December 22 via api (December 22nd 2019, 11:09:42 pm UTC) from US

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 14 domains to perform 23 HTTP transactions. The main IP is 104.31.89.222, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is ne.etrafficpr.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on August 28th 2019. Valid for: 6 months.

This is the only time ne.etrafficpr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	192.111.136.74 192.111.136.74	46562 (TOTAL-SER...) (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C.)
2	2a00:1450:400... 2a00:1450:4001:81a::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
3	216.58.207.66 216.58.207.66	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:814::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2606:4700:30:... 2606:4700:30::681c:5be	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
7	104.31.89.222 104.31.89.222	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2001:4de0:ac1... 2001:4de0:ac19::1:b:2a	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6811:4004	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	104.31.75.224 104.31.75.224	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	104.31.64.128 104.31.64.128	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
23	11

2 192.111.136.74 (Atlanta, United States) 1 redirects

ASN46562 (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C., US)

cutt.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681c:5be (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.therhizomes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.31.89.222 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ne.etrafficpr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.31.75.224 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

joinsafelyonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.31.64.128 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

rhsfty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	etrafficpr.com ne.etrafficpr.com	473 KB
3	bootstrapcdn.com maxcdn.bootstrapcdn.com	34 KB
3	doubleclick.net securepubads.g.doubleclick.net	85 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	cutt.us 1 redirects cutt.us	2 KB
1	rhsfty.com rhsfty.com
1	joinsafelyonline.com 1 redirects joinsafelyonline.com	581 B
1	cloudflare.com cdnjs.cloudflare.com	69 KB
1	googleapis.com fonts.googleapis.com	422 B
1	therhizomes.com 1 redirects www.therhizomes.com	859 B
1	googlesyndication.com tpc.googlesyndication.com
1	google.com adservice.google.com	323 B
1	google.de adservice.google.de	778 B
1	googletagservices.com www.googletagservices.com	16 KB
23	14

	Domain	Requested by
7	ne.etrafficpr.com	cutt.us ne.etrafficpr.com
3	maxcdn.bootstrapcdn.com	ne.etrafficpr.com
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	fonts.gstatic.com	ne.etrafficpr.com
2	cutt.us	1 redirects
1	rhsfty.com	ne.etrafficpr.com
1	joinsafelyonline.com	1 redirects
1	cdnjs.cloudflare.com	ne.etrafficpr.com
1	fonts.googleapis.com	ne.etrafficpr.com
1	www.therhizomes.com	1 redirects
1	tpc.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	www.googletagservices.com	cutt.us
23	14

This site contains no links.

Subject Issuer	Validity	Valid
www.cutt.us Let's Encrypt Authority X3	`2019-12-02` - `2020-03-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
sni95840.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-28` - `2020-03-05`	6 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-12-05` - `2020-06-12`	6 months	crt.sh
sni58563.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-29` - `2020-03-06`	6 months	crt.sh

This page contains 2 frames:

Primary Page: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Frame ID: B6532F8D1350C577A553D6831E8274A5
Requests: 22 HTTP requests in this frame

Frame: https://rhsfty.com/newuser/?ofid=62&a_aid=SC123B&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7&_rmap_ovr_=1&sitekey=2ac3d37350e83b7e&ts=1577056169&tsc=0911e3600e1915cbe28cc999bc8e45b1&rtr=1
Frame ID: 0EC009A2370B7D6C3183B069B5940917
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://cutt.us/Br3yq HTTP 301
https://cutt.us/Br3yq Page URL
http://www.therhizomes.com/TheRhizomes/accounts/go/12/24/VICTM7 HTTP 302
https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=V... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

23
Requests

100 %
HTTPS

62 %
IPv6

14
Domains

14
Subdomains

11
IPs

3
Countries

702 kB
Transfer

1203 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cutt.us/Br3yq HTTP 301
https://cutt.us/Br3yq Page URL
http://www.therhizomes.com/TheRhizomes/accounts/go/12/24/VICTM7 HTTP 302
https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://cutt.us/Br3yq HTTP 301
https://cutt.us/Br3yq

Request Chain 18

https://joinsafelyonline.com/routes/?ofid=62&a_aid=SC123B&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7&_rmap_ovr_=1 HTTP 302
https://rhsfty.com/newuser/?ofid=62&a_aid=SC123B&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7&_rmap_ovr_=1&sitekey=2ac3d37350e83b7e&ts=1577056169&tsc=0911e3600e1915cbe28cc999bc8e45b1&rtr=1

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Br3yq Show response
cutt.us/
Redirect Chain

http://cutt.us/Br3yq
https://cutt.us/Br3yq

3 KB
2 KB

2510ms
2184ms

Document
text/html

192.111.136.74
Total Server Solu...

General

Check archive.org

Show headers Download Go to

Full URL

https://cutt.us/Br3yq

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.111.136.74 Atlanta, United States, ASN46562 (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C., US),

Reverse DNS

Software

Hotcores.com /

Resource Hash

6cf5b5ab42b152bc8b88776c3f2953457c7036e41758a7b399d6f0e7cbec03ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Host: cutt.us
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: Hotcores.com
Date: Sun, 22 Dec 2019 23:09:28 GMT
Content-Type: text/html; Charset=UTF-8;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Robots-Tag: noindex, nofollow
I-AM: Gamma
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip

Redirect headers

Server: Hotcores.com
Date: Sun, 22 Dec 2019 23:09:25 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://cutt.us/Br3yq

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 51 KB
16 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cutt.us
URL: https://cutt.us/Br3yq

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f213be31d540e30366635b474daedd9c0b46287d55429ec9ef7a4829361c6f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cutt.us/Br3yq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "375 / 352 of 1000 / last-modified: 1576520981"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15827
x-xss-protection: 0
expires: Sun, 22 Dec 2019 23:09:26 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
778 B 29ms
15ms Script
application/javascript 2a00:1450:4001:819::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cutt.us

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cutt.us/Br3yq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
323 B 15ms
15ms Script
application/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cutt.us

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cutt.us/Br3yq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2019121002.js Show response
securepubads.g.doubleclick.net/gpt/ 163 KB
60 KB 52ms
39ms Script
text/javascript 216.58.207.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

sffe /

Resource Hash

216fd62bccc74ef4e4d35292cd4874e7072a4fb30685afb6235d894a3ec1a2df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cutt.us/Br3yq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Dec 2019 17:29:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 60922
x-xss-protection: 0
expires: Sun, 22 Dec 2019 23:09:26 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 369 B
677 B 37ms
36ms XHR
text/plain 216.58.207.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1674894668032329&correlator=132896551043476&output=ldjh&impl=fif&adsid=NT&eid=21062453&vrg=2019121002&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20191222&iu=%2F5837603%2FCutt_360&sz=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1577056166&dt=1577056166889&dlt=1577056166783&idt=95&frm=20&biw=1600&bih=1200&oid=3&adx=-12245933&ady=-12245933&adk=1933368604&uci=1&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcutt.us%2FBr3yq&dssz=7&icsg=170&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=344x423&msz=0x0&ga_vid=421038759.1577056167&ga_sid=1577056167&ga_hid=1820954531&fws=128&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

4b2cd33f2436f567f0e4a85e7ee2722fa6a5c9c3988f0f6904f68ad003f5dc46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://cutt.us/Br3yq
Origin: https://cutt.us

Response headers

date: Sun, 22 Dec 2019 23:09:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 189
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cutt.us
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019121002.js Show response
securepubads.g.doubleclick.net/gpt/ 64 KB
24 KB 41ms
41ms Script
text/javascript 216.58.207.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

sffe /

Resource Hash

4c52ed8f9039265ffed7fdca0b967b2624325e6356433f437e044b0dd332cddf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cutt.us/Br3yq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Dec 2019 17:29:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24811
x-xss-protection: 0
expires: Sun, 22 Dec 2019 23:09:26 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 19ms
6ms Other
text/html 2a00:1450:4001:814::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://cutt.us/Br3yq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2

200

Primary Request / Show response
ne.etrafficpr.com/tools/landers/st/001erm/
Redirect Chain

http://www.therhizomes.com/TheRhizomes/accounts/go/12/24/VICTM7
https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7

3 KB
1 KB

972ms
917ms

Document
text/html

104.31.89.222
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Requested by: Host: cutt.us
URL: https://cutt.us/Br3yq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.31.89.222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49e929d1b6fc05d3f36f2e179b87ee5d03c4b93b702f500310edac746880ed29

Request headers

:method: GET
:authority: ne.etrafficpr.com
:scheme: https
:path: /tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Sun, 22 Dec 2019 23:09:28 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d7162de5b41ceaf78082595c52b5779771577056167; expires=Tue, 21-Jan-20 23:09:27 GMT; path=/; domain=.etrafficpr.com; HttpOnly; SameSite=Lax PHPSESSID=4d246rc0junahh1kcpueq60jh4; path=/ trid=1416362881; path=/
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5495c375ea2497ea-FRA
content-encoding: br

Redirect headers

Date: Sun, 22 Dec 2019 23:09:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d26af5e9833e51fe257d9352f3d41cb391577056167; expires=Tue, 21-Jan-20 23:09:27 GMT; path=/; domain=.therhizomes.com; HttpOnly; SameSite=Lax CAKEPHP=qholocpidjnc9pvkdbaith8dp3; expires=Mon, 23-Dec-2019 03:09:26 GMT; Max-Age=14400; path=/; HttpOnly Locate_Cookie_Name=914abdeeaa39e78c7b528cc8df3113bd; expires=Mon, 21-Dec-2020 23:09:26 GMT; Max-Age=31536000
X-Powered-By: PHP/5.5.9-1ubuntu4.21
Location: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 5495c373be3fcbcc-VIE

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ 118 KB
19 KB 8ms
7ms Stylesheet
text/css 2001:4de0:ac19::1:b:2a
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: /
Resource Hash: eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:28 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:34:07 GMT
access-control-allow-origin: *
etag: "1544639647"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 19747

GET
H2 200 style.css
ne.etrafficpr.com/tools/landers/st/001erm/css/ 496 B
366 B 639ms
638ms Stylesheet
text/css 104.31.89.222
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://ne.etrafficpr.com/tools/landers/st/001erm/css/style.css
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.31.89.222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8c7b7499320d9410e8dec74adc9b75892c5fc45832a981b02b2759d7f0c6c2f

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:28 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 Feb 2016 21:08:03 GMT
server: cloudflare
etag: W/"56be49b3-1f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5495c37bbf8b97ea-FRA

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
5 KB 13ms
12ms Stylesheet
text/css 2001:4de0:ac19::1:b:2a
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: /
Resource Hash: 541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:28 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
access-control-allow-origin: *
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 5442

GET
H2 200 css
fonts.googleapis.com/ 872 B
422 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:809::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Droid+Sans:400,700

Requested by

Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

c8ac8a4941513771e120f896cff956662a64dd63223afaa6507e3228548aeed4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sun, 22 Dec 2019 23:09:28 GMT
server: ESF
access-control-allow-origin: *
date: Sun, 22 Dec 2019 23:09:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Sun, 22 Dec 2019 23:09:28 GMT

GET
H2 200 jquery.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/ 242 KB
69 KB 46ms
21ms Script
application/javascript 2606:4700::6811:4004
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.js

Requested by

Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

828cbbcacb430f9c5b5d27fe9302f8795eb338f2421010f5141882125226f94f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:28 GMT
content-encoding: br
cf-cache-status: HIT
age: 3180120
cf-ray: 5495c37befb9cb98-VIE
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:20:15 GMT
server: cloudflare
etag: W/"5afd494f-3c65b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Fri, 11 Dec 2020 23:09:28 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.003

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/ 36 KB
10 KB 13ms
13ms Script
text/javascript 2001:4de0:ac19::1:b:2a
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: /
Resource Hash: 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:28 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:33:51 GMT
access-control-allow-origin: *
etag: "1544639631"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 9764

GET
H2 200 logo.png
ne.etrafficpr.com/tools/landers/st/001erm/img/ 7 KB
7 KB 641ms
640ms Image
image/png 104.31.89.222
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ne.etrafficpr.com/tools/landers/st/001erm/img/logo.png
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.31.89.222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f44f333baa968fb23715ffed7d3d8102bc47401c9e332abfa0011360774c9383

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:28 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Feb 2016 21:08:03 GMT
server: cloudflare
etag: "56be49b3-1ccb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5495c37bbf8f97ea-FRA
content-length: 7371

GET
H2 200 1.jpg
ne.etrafficpr.com/tools/landers/st/001erm/img/ 72 KB
72 KB 939ms
939ms Image
image/jpeg 104.31.89.222
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ne.etrafficpr.com/tools/landers/st/001erm/img/1.jpg
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.31.89.222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f586c06802fab3c647b786a8dcb64b328c119c4020d0e061fc2c431c6c2aa6d

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:29 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Feb 2016 21:07:58 GMT
server: cloudflare
etag: "56be49ae-11e5e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5495c37bbf9397ea-FRA
content-length: 73310

GET
H2 200 2.jpg
ne.etrafficpr.com/tools/landers/st/001erm/img/ 126 KB
126 KB 942ms
942ms Image
image/jpeg 104.31.89.222
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ne.etrafficpr.com/tools/landers/st/001erm/img/2.jpg
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.31.89.222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28df7eb980e2807220fb9ffc0764ed8658b7bacb878a385c83cc3eb986d78e89

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:29 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Feb 2016 21:07:58 GMT
server: cloudflare
etag: "56be49ae-1f8e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5495c37fcba897ea-FRA
content-length: 129256

GET
H2 200 iframeResizer.min.js Show response
ne.etrafficpr.com/common/js/iframeResizer/ 12 KB
5 KB 641ms
640ms Script
application/javascript 104.31.89.222
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://ne.etrafficpr.com/common/js/iframeResizer/iframeResizer.min.js
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.31.89.222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 35a59efb7049b51b061c5b4a00d2cb1a648a047a3406d55e500f3d6349052d33

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 04 Jan 2018 18:22:20 GMT
server: cloudflare
etag: W/"5a4e70dc-2e17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5495c37fcba797ea-FRA

GET
H2

200

/
rhsfty.com/newuser/ Frame 0EC0
Redirect Chain

https://joinsafelyonline.com/routes/?ofid=62&a_aid=SC123B&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7&_rmap_ovr_=1
https://rhsfty.com/newuser/?ofid=62&a_aid=SC123B&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7&_rmap_ovr_=1&sitekey=2ac3d37350e83b7e&ts=1577056169&tsc=0911e3600e1915cbe28cc999bc8e45b1&rtr=1

0
0

893ms
818ms

Document
text/html

104.31.64.128
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://rhsfty.com/newuser/?ofid=62&a_aid=SC123B&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7&_rmap_ovr_=1&sitekey=2ac3d37350e83b7e&ts=1577056169&tsc=0911e3600e1915cbe28cc999bc8e45b1&rtr=1
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.31.64.128 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: rhsfty.com
:scheme: https
:path: /newuser/?ofid=62&a_aid=SC123B&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7&_rmap_ovr_=1&sitekey=2ac3d37350e83b7e&ts=1577056169&tsc=0911e3600e1915cbe28cc999bc8e45b1&rtr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7

Response headers

status: 200
date: Sun, 22 Dec 2019 23:09:30 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d410b622ddc9dcdea87d13bedf9799d051577056169; expires=Tue, 21-Jan-20 23:09:29 GMT; path=/; domain=.rhsfty.com; HttpOnly; SameSite=Lax PHPSESSID=h0o1ascniolpd17o32fu6uiak7; path=/
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5495c383ecc0cbc0-VIE
content-encoding: br

Redirect headers

status: 302
date: Sun, 22 Dec 2019 23:09:29 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d3c3cf791eadd48f3eaf5a8a7d0ce5b141577056169; expires=Tue, 21-Jan-20 23:09:29 GMT; path=/; domain=.joinsafelyonline.com; HttpOnly; SameSite=Lax PHPSESSID=db9k7fk8dk7vf5tqisqrklo5e7; path=/
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://rhsfty.com/newuser/?ofid=62&a_aid=SC123B&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7&_rmap_ovr_=1&sitekey=2ac3d37350e83b7e&ts=1577056169&tsc=0911e3600e1915cbe28cc999bc8e45b1&rtr=1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5495c3805ea25970-VIE

GET
H2 200 bg.jpg
ne.etrafficpr.com/tools/landers/st/001erm/img/ 260 KB
261 KB 939ms
939ms Image
image/jpeg 104.31.89.222
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ne.etrafficpr.com/tools/landers/st/001erm/img/bg.jpg
Requested by: Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.31.89.222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75936f684d1281a6a970fec552000bcd1f649ea9f906bc33e22727916195a434

Request headers

Referer: https://ne.etrafficpr.com/tools/landers/st/001erm/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 22 Dec 2019 23:09:29 GMT
cf-cache-status: MISS
last-modified: Fri, 12 Feb 2016 21:07:58 GMT
server: cloudflare
etag: "56be49ae-41162"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5495c37fdbb197ea-FRA
content-length: 266594

GET
H2 200 SlGWmQWMvZQIdix7AFxXmMh3eDs1ZyHKpWg.woff2
fonts.gstatic.com/s/droidsans/v10/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/droidsans/v10/SlGWmQWMvZQIdix7AFxXmMh3eDs1ZyHKpWg.woff2

Requested by

Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

bd33ffebb82d0e70371aedd27d79a993c98b29fb0d5e3d8c99c376cc9d57414d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Droid+Sans:400,700
Origin: https://ne.etrafficpr.com

Response headers

date: Fri, 20 Dec 2019 04:30:18 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:17:27 GMT
server: sffe
age: 239950
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11396
x-xss-protection: 0
expires: Sat, 19 Dec 2020 04:30:18 GMT

GET
H2 200 SlGVmQWMvZQIdix7AFxXkHNSbRYXags.woff2
fonts.gstatic.com/s/droidsans/v10/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/droidsans/v10/SlGVmQWMvZQIdix7AFxXkHNSbRYXags.woff2

Requested by

Host: ne.etrafficpr.com
URL: https://ne.etrafficpr.com/tools/landers/st/001erm/?a_aid=e773ff76&a_bid=0b475f49&x_agent=VICTM7&chan=VICTM7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c8cb742dbb60decab090cf738bfef2d8a780141573e9a2a3854bf3f78919faed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Droid+Sans:400,700
Origin: https://ne.etrafficpr.com

Response headers

date: Thu, 21 Nov 2019 11:40:51 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:17:29 GMT
server: sffe
age: 2719717
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11236
x-xss-protection: 0
expires: Fri, 20 Nov 2020 11:40:51 GMT

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rhsfty.com/	1970-01-19 06:04:17	Name: __utmb Value: 69496403.1.10.1577056172
.rhsfty.com/	1970-01-19 10:27:04	Name: __utmz Value: 69496403.1577056172.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.rhsfty.com/	1970-01-19 23:35:28	Name: __utma Value: 69496403.1147041950.1577056172.1577056172.1577056172.1
.rhsfty.com/	1970-01-19 06:04:16	Name: __utmt Value: 1
.rhsfty.com/	1969-12-31 23:59:59	Name: __utmc Value: 69496403
rhsfty.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: h0o1ascniolpd17o32fu6uiak7

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdnjs.cloudflare.com
cutt.us
fonts.googleapis.com
fonts.gstatic.com
joinsafelyonline.com
maxcdn.bootstrapcdn.com
ne.etrafficpr.com
rhsfty.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
www.therhizomes.com
104.31.64.128
104.31.75.224
104.31.89.222
192.111.136.74
2001:4de0:ac19::1:b:2a
216.58.207.66
2606:4700:30::681c:5be
2606:4700::6811:4004
2a00:1450:4001:809::200a
2a00:1450:4001:814::2001
2a00:1450:4001:814::2003
2a00:1450:4001:819::2002
2a00:1450:4001:81a::2002
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
1f586c06802fab3c647b786a8dcb64b328c119c4020d0e061fc2c431c6c2aa6d
216fd62bccc74ef4e4d35292cd4874e7072a4fb30685afb6235d894a3ec1a2df
28df7eb980e2807220fb9ffc0764ed8658b7bacb878a385c83cc3eb986d78e89
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
35a59efb7049b51b061c5b4a00d2cb1a648a047a3406d55e500f3d6349052d33
49e929d1b6fc05d3f36f2e179b87ee5d03c4b93b702f500310edac746880ed29
4b2cd33f2436f567f0e4a85e7ee2722fa6a5c9c3988f0f6904f68ad003f5dc46
4c52ed8f9039265ffed7fdca0b967b2624325e6356433f437e044b0dd332cddf
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
6cf5b5ab42b152bc8b88776c3f2953457c7036e41758a7b399d6f0e7cbec03ff
75936f684d1281a6a970fec552000bcd1f649ea9f906bc33e22727916195a434
828cbbcacb430f9c5b5d27fe9302f8795eb338f2421010f5141882125226f94f
a8c7b7499320d9410e8dec74adc9b75892c5fc45832a981b02b2759d7f0c6c2f
bd33ffebb82d0e70371aedd27d79a993c98b29fb0d5e3d8c99c376cc9d57414d
c8ac8a4941513771e120f896cff956662a64dd63223afaa6507e3228548aeed4
c8cb742dbb60decab090cf738bfef2d8a780141573e9a2a3854bf3f78919faed
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
f213be31d540e30366635b474daedd9c0b46287d55429ec9ef7a4829361c6f01
f44f333baa968fb23715ffed7d3d8102bc47401c9e332abfa0011360774c9383

ne.etrafficpr.com Open in urlscan Pro 104.31.89.222 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

62 %IPv6

14 Domains

14 Subdomains

11 IPs

3 Countries

702 kBTransfer

1203 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

6 Cookies

Security Headers

Indicators

ne.etrafficpr.com Open in urlscan Pro
104.31.89.222 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

62 %
IPv6

14
Domains

14
Subdomains

11
IPs

3
Countries

702 kB
Transfer

1203 kB
Size

6
Cookies

23 HTTP transactions
0 data transactions