urlscan.io logo urlscan.io
SecurityTrails logo

3tyu.captcha.optinmostr.site Open in urlscan Pro
176.9.80.29  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://captcha.optinmostr.site/
Effective URL: https://3tyu.captcha.optinmostr.site/?r=1
Submission Tags: phishingrod
Submission: On October 30 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 8 domains to perform 13 HTTP transactions. The main IP is 176.9.80.29, located in Germany and belongs to HETZNER-AS, DE. The main domain is 3tyu.captcha.optinmostr.site.
TLS certificate: Issued by R3 on August 31st 2023. Valid for: 3 months.
This is the only time 3tyu.captcha.optinmostr.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 176.9.80.29 24940 (HETZNER-AS)
2 45.133.44.25 39572 (ADVANCEDH...)
1 78.47.181.156 24940 (HETZNER-AS)
1 45.133.44.52 39572 (ADVANCEDH...)
1 88.198.204.164 24940 (HETZNER-AS)
1 2 2a01:4f8:252:... 24940 (HETZNER-AS)
1 2606:4700:e2:... 13335 (CLOUDFLAR...)
1 136.243.134.97 24940 (HETZNER-AS)
1 67.27.157.121 3356 (LEVEL3)
13 10
4    176.9.80.29 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.29.80.9.176.clients.your-server.de
captcha.optinmostr.site
3tyu.captcha.optinmostr.site
2    45.133.44.25 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
cdn.tubecorp.com
1    78.47.181.156 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.156.181.47.78.clients.your-server.de
metricswpsh.com
1    45.133.44.52 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
js.wpshsdk.com
1    88.198.204.164 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-204-164.clients.your-server.de
notification.tubecup.net
2    2a01:4f8:252:564d::2 (Falkenstein, Germany)

ASN24940 (HETZNER-AS, DE)
rtbbnr.com
1    2606:4700:e2::ac40:881f (United States)

ASN13335 (CLOUDFLARENET, US)
preroll.hostave3.net
1    136.243.134.97 (Sindelfingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.97.134.243.136.clients.your-server.de
pxl.tsyndicate.com
1    67.27.157.121 (United States)

ASN3356 (LEVEL3, US)
lcdn.tsyndicate.com
Apex Domain
Subdomains		 Transfer
4 optinmostr.site
captcha.optinmostr.site
3tyu.captcha.optinmostr.site
179 KB
2 tsyndicate.com
pxl.tsyndicate.com — Cisco Umbrella Rank: 13080
lcdn.tsyndicate.com — Cisco Umbrella Rank: 12978
30 KB
2 rtbbnr.com
rtbbnr.com — Cisco Umbrella Rank: 576215
4 KB
2 tubecorp.com
cdn.tubecorp.com — Cisco Umbrella Rank: 317545
20 KB
1 hostave3.net
preroll.hostave3.net — Cisco Umbrella Rank: 86698
586 B
1 tubecup.net
notification.tubecup.net — Cisco Umbrella Rank: 14739
201 B
1 wpshsdk.com
js.wpshsdk.com — Cisco Umbrella Rank: 16109
238 B
1 metricswpsh.com
metricswpsh.com — Cisco Umbrella Rank: 34744
13 8
Domain Requested by
2 rtbbnr.com 1 redirects cdn.tubecorp.com
2 cdn.tubecorp.com 3tyu.captcha.optinmostr.site
cdn.tubecorp.com
2 3tyu.captcha.optinmostr.site captcha.optinmostr.site
3tyu.captcha.optinmostr.site
2 captcha.optinmostr.site captcha.optinmostr.site
1 lcdn.tsyndicate.com rtbbnr.com
1 pxl.tsyndicate.com rtbbnr.com
1 preroll.hostave3.net rtbbnr.com
1 notification.tubecup.net
1 js.wpshsdk.com 3tyu.captcha.optinmostr.site
1 metricswpsh.com 3tyu.captcha.optinmostr.site
13 10

This site contains no links.

Subject Issuer Validity Valid
captcha.optinmostr.site
R3		 2023-08-31 -
2023-11-29		 3 months crt.sh
cdn.tubecorp.com
R3		 2023-10-07 -
2024-01-05		 3 months crt.sh
notification.tubecup.net
R3		 2023-10-16 -
2024-01-14		 3 months crt.sh
js.wpshsdk.com
R3		 2023-09-22 -
2023-12-21		 3 months crt.sh
rtbbnr.com
R3		 2023-10-11 -
2024-01-09		 3 months crt.sh
tsyndicate.com
R3		 2023-10-12 -
2024-01-10		 3 months crt.sh
lcdn.tsyndicate.com
Sectigo RSA Domain Validation Secure Server CA		 2023-03-08 -
2024-04-07		 a year crt.sh

This page contains 3 frames:

Primary Page: https://3tyu.captcha.optinmostr.site/?r=1
Frame ID: 06045EF2DB4D62538CC1802FADEF1EC6
Requests: 10 HTTP requests in this frame

Frame: https://cdn.tubecorp.com/i/b.html?spot=2&pid=10340&width=300&height=250&spaceid=1696
Frame ID: 6413D952F73DB9BE0D7B7D9AEF166725
Requests: 2 HTTP requests in this frame

Frame: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjIsImlkIjoxNjk2LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoyLCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTY5Niwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IiIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjIiLCJ1dG0zIjoiMTAzNDAiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjIiLCJwYWdlIjoiaHR0cHM6Ly8zdHl1LmNhcHRjaGEub3B0aW5tb3N0ci5zaXRlLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiI2NWQ0ZGM4Y2RhZjllNzllZDA1MzdhNjgwYjY1YjczMSJ9LCJleHQiOnsiZHQiOjE2OTg2MzQ0OTA0NDd9fQ==
Frame ID: C81A0AFB819AFEA3A698EF0C04EC08D2
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://captcha.optinmostr.site/ Page URL
  2. https://3tyu.captcha.optinmostr.site/?r=1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div [^>]*id="__nuxt"

Page Statistics

13
Requests

92 %
HTTPS

22 %
IPv6

8
Domains

10
Subdomains

10
IPs

2
Countries

233 kB
Transfer

566 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://captcha.optinmostr.site/ Page URL
  2. https://3tyu.captcha.optinmostr.site/?r=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://rtbbnr.com/banner/in/show/?mid=6655235988820921885&pid=0&site=2&sc=DE&usage_type=DCH&subid=0&sid=0&cid=17032&price=0&is_cpm=1&cpm=0.017&ecpm=0.0130696003437043&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=3tyu.captcha.optinmostr.site&hostname=auc-banner-hz-10&site_id=0&spot_id=0&utm_source=tcban_i&utm_medium=2&utm_campaign=10340&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=6&pop_winurl=&ip=2a01:4a0:2b::9&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=a2&iabcat=IAB24&min_cpm=0.00013007283737018782&placement_type_id=269&skin_test=&verify_hash=&score=1&ml=&tag_ab=&v2=0&ttl=&space_id=1696&banner_width=300&banner_height=250&accel=0&gyr=0&iabcat=IAB24&url=https%3A%2F%2Fpreroll.hostave3.net%2Fnotifications%2Fzeropixel.png&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=&stratagem=&ssp=3758&refresh=0&priority=0&bb=0.0001&label_ids=&site_id64=0&container=ClickadillaTuple&original_bid_usd=0.017&comeback=&topics= HTTP 302
  • https://preroll.hostave3.net/notifications/zeropixel.png

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
captcha.optinmostr.site/ 		216 KB
85 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://captcha.optinmostr.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
176.9.80.29 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.29.80.9.176.clients.your-server.de
Software
nginx/1.24.0 / PHP/7.4.33
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 30 Oct 2023 02:54:50 GMT
server
nginx/1.24.0
x-powered-by
PHP/7.4.33
captcha.css
captcha.optinmostr.site/assets/styles/ 		9 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://captcha.optinmostr.site/assets/styles/captcha.css
Requested by
Host: captcha.optinmostr.site
URL: https://captcha.optinmostr.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
176.9.80.29 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.29.80.9.176.clients.your-server.de
Software
nginx/1.24.0 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://captcha.optinmostr.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Mon, 30 Oct 2023 02:54:50 GMT
content-encoding
gzip
last-modified
Thu, 12 Oct 2023 08:56:31 GMT
server
nginx/1.24.0
etag
W/"6527b4bf-2435"
content-type
text/css
Primary Request /
3tyu.captcha.optinmostr.site/ 		216 KB
85 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3tyu.captcha.optinmostr.site/?r=1
Requested by
Host: captcha.optinmostr.site
URL: https://captcha.optinmostr.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
176.9.80.29 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.29.80.9.176.clients.your-server.de
Software
nginx/1.24.0 / PHP/7.4.33
Resource Hash
6418001912cca8fb97f4d63c7f9a83f57092704f708583945154ab34d228d176

Request headers

Referer
https://captcha.optinmostr.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 30 Oct 2023 02:54:50 GMT
server
nginx/1.24.0
x-powered-by
PHP/7.4.33
captcha.css
3tyu.captcha.optinmostr.site/assets/styles/ 		9 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://3tyu.captcha.optinmostr.site/assets/styles/captcha.css
Requested by
Host: 3tyu.captcha.optinmostr.site
URL: https://3tyu.captcha.optinmostr.site/?r=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
176.9.80.29 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.29.80.9.176.clients.your-server.de
Software
nginx/1.24.0 /
Resource Hash
0d3052df53fb528269653ab6900571ada40df7dd80af28505da6d1d05dfc0fdc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3tyu.captcha.optinmostr.site/?r=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Mon, 30 Oct 2023 02:54:50 GMT
content-encoding
gzip
last-modified
Thu, 12 Oct 2023 08:56:31 GMT
server
nginx/1.24.0
etag
W/"6527b4bf-2435"
content-type
text/css
b.html
cdn.tubecorp.com/i/ Frame 6413 		223 B
462 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.tubecorp.com/i/b.html?spot=2&pid=10340&width=300&height=250&spaceid=1696
Requested by
Host: 3tyu.captcha.optinmostr.site
URL: https://3tyu.captcha.optinmostr.site/?r=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
dee7baef733b9e0de6f65fc1b7016aa5564b90a7f1c99a67d15335bacf32d69b

Request headers

Referer
https://3tyu.captcha.optinmostr.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=3600
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 30 Oct 2023 02:54:50 GMT
etag
W/"df-5d132d021cf80"
expires
Mon, 30 Oct 2023 03:54:50 GMT
last-modified
Sat, 20 Nov 2021 06:50:54 GMT
server
nginx/1.20.1
x-proxy-cache
HIT
x-request-id
001d1b889462e4f12ebce75195245cb0
truncated
/ 		24 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a72fd7760f623c9fd5fee0bd98df809a347471902fc479bcdae38681c1a071d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ca7a07233506b5529a951fd2c4580757f5606d874b8a2b0a153d14a418b201ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Content-Type
image/png
tcbanner.js
cdn.tubecorp.com/b/ Frame 6413 		50 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.tubecorp.com/b/tcbanner.js?v=21
Requested by
Host: cdn.tubecorp.com
URL: https://cdn.tubecorp.com/i/b.html?spot=2&pid=10340&width=300&height=250&spaceid=1696
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
3eb693b3d6b913111d8676b4a077fce9d517b9ab46305fb6db20995e248f7517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.tubecorp.com/i/b.html?spot=2&pid=10340&width=300&height=250&spaceid=1696
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

expires
Mon, 30 Oct 2023 03:54:50 GMT
date
Mon, 30 Oct 2023 02:54:50 GMT
content-encoding
gzip
last-modified
Sat, 20 Nov 2021 06:50:35 GMT
server
nginx/1.20.1
etag
W/"61989abb-c604"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600
x-request-id
ccab79b7fdcd09fae5629fe984c4e0c3
x-proxy-cache
HIT
track
metricswpsh.com/in/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://metricswpsh.com/in/track?data=eyJ0YWdfaWQiOjB9
Requested by
Host: 3tyu.captcha.optinmostr.site
URL: https://3tyu.captcha.optinmostr.site/?r=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
78.47.181.156 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.156.181.47.78.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3tyu.captcha.optinmostr.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Oct 2023 02:54:50 GMT
server
nginx/1.18.0
vary
Origin
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type
content-length
0
wp-banners.js
js.wpshsdk.com/npc/sdk/ 		0
238 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.wpshsdk.com/npc/sdk/wp-banners.js
Requested by
Host: 3tyu.captcha.optinmostr.site
URL: https://3tyu.captcha.optinmostr.site/?r=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3tyu.captcha.optinmostr.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

expires
Mon, 30 Oct 2023 02:59:50 GMT
date
Mon, 30 Oct 2023 02:54:50 GMT
last-modified
Sat, 15 Jul 2023 12:01:31 GMT
server
nginx/1.18.0
etag
"64b28a9b-0"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
0
x-proxy-cache
HIT
subscription-offers
notification.tubecup.net/in/ 		0
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2F3tyu.captcha.optinmostr.site%2F%3Fr%3D1&tcid=0&spot_id=&site=landing&source_id=0&utm_source=null&utm_medium=null&utm_campaign=null&utm_content=null&spotId=&adFormat=push&clickId=null
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.198.204.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-204-164.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3tyu.captcha.optinmostr.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Oct 2023 02:54:50 GMT
server
nginx/1.18.0
vary
Origin
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type
content-length
0
/
rtbbnr.com/get/ Frame C81A 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjIsImlkIjoxNjk2LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoyLCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTY5Niwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IiIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjIiLCJ1dG0zIjoiMTAzNDAiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjIiLCJwYWdlIjoiaHR0cHM6Ly8zdHl1LmNhcHRjaGEub3B0aW5tb3N0ci5zaXRlLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiI2NWQ0ZGM4Y2RhZjllNzllZDA1MzdhNjgwYjY1YjczMSJ9LCJleHQiOnsiZHQiOjE2OTg2MzQ0OTA0NDd9fQ==
Requested by
Host: cdn.tubecorp.com
URL: https://cdn.tubecorp.com/b/tcbanner.js?v=21
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:4f8:252:564d::2 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
b23e58d74b561eb92cb4b4ad42b10559388e86e957998c962c2ffe288991de75

Request headers

Referer
https://cdn.tubecorp.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
text/html
date
Mon, 30 Oct 2023 02:54:50 GMT
pragma
no-cache
server
nginx/1.16.0
vary
Origin
zeropixel.png
preroll.hostave3.net/notifications/ Frame C81A
Redirect Chain
  • https://rtbbnr.com/banner/in/show/?mid=6655235988820921885&pid=0&site=2&sc=DE&usage_type=DCH&subid=0&sid=0&cid=17032&price=0&is_cpm=1&cpm=0.017&ecpm=0.0130696003437043&crid=&crtid=d41d8cd98f00b204e...
  • https://preroll.hostave3.net/notifications/zeropixel.png
42 B
586 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://preroll.hostave3.net/notifications/zeropixel.png
Requested by
Host: rtbbnr.com
URL: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjIsImlkIjoxNjk2LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoyLCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTY5Niwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IiIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjIiLCJ1dG0zIjoiMTAzNDAiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjIiLCJwYWdlIjoiaHR0cHM6Ly8zdHl1LmNhcHRjaGEub3B0aW5tb3N0ci5zaXRlLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiI2NWQ0ZGM4Y2RhZjllNzllZDA1MzdhNjgwYjY1YjczMSJ9LCJleHQiOnsiZHQiOjE2OTg2MzQ0OTA0NDd9fQ==
Protocol
H2
Server
2606:4700:e2::ac40:881f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtbbnr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Mon, 30 Oct 2023 02:54:50 GMT
strict-transport-security
max-age=0
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1734155
alt-svc
h3=":443"; ma=86400
content-length
42
last-modified
Tue, 11 Sep 2018 08:40:52 GMT
server
cloudflare
etag
"5b977f94-2a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjCtQwHF1jbCtdrcSYsW7FlpFw4qT1ibg0HHKw8ftrJx1X5YS0L9BYei7lXZAA5DhzgNRnMU%2FdH1AZIe5QTQGlwr5O3HLXGUv1D8aUyVKYPxZOTe4VWYI5gjNUAPcmQVsJVIsURwvkQMR9hv1k8OYDWGFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
81e0603e2d6892b3-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

pragma
no-cache
date
Mon, 30 Oct 2023 02:54:50 GMT
server
nginx/1.16.0
vary
Origin
access-control-allow-methods
*
access-control-allow-origin
*
location
https://preroll.hostave3.net/notifications/zeropixel.png
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type
content-length
0
p.gif
pxl.tsyndicate.com/api/v1/p/ Frame C81A 		35 B
134 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0HGDhYgwY-gsjOGQzpmFImKQsXFjDA4zOVrUqBEjJI0yNmK0EFNDxowWNsbMEDMGBg4bZsTICCPC4Rwxacgo1LFFBAwRXRyOcTPUJY4ZDsPUGYPRho2RLmvkwMFVBowcMmJwrdFTBFAyGNPQKdPmS4yyBu0s1IojhgyHcOqImTujZVQ4cCbGmNHXJxyJOmiUhOGVoogyeOh8mXMYo0E9b9yUcWsjh42yY9oE1mEDBo0cN2xEJWNmokMxbtwsnGHDK42bDtu4uZiYhs27IuDo5h3jBgwYqkXUkcNmNg6SMmokryMDIxo6dODM0fHixZk0bdqUQfNmDh0Xb-SceWEHjpsXP-rQaTvnzfIxZXrQmcOlznEZNsjXlnhkpFFHGz2IEUZsCPX3X4DzfTFGGKKFkcYZbvRQ2mmpOcgYhG1hpllQPVAxRR2AsZFHDIP15cIYb7SlWA6MwRCDhwAKKCEbaYyxRg9jWBGFGFfAkUMOcnwRRR5I2CAEDFrcgGEU1LVRBBlv2JGGYkGIAUMLVMxxXBhEEKEbFEWYgYRFYTShhxl5UKFFGFAs0QISTiRBkxAyNDGEG3jMoNkXbgQRBh0x1ABDGE7AMIQUQVjRxBtImAFDGUeEkQUTYgRBQxZWwDAHGk-d8cUZVSRBhBRVpFEWlm1gNAMdedTxYhiHjYFGGOgdloYbbZRHhxwuzKFWGaAdutAWM8SQVHByUKWDDGW0AEMNr7WmAwwuHGcjVCKMIdwXcES7ELc2NiSCHO1NhO1j4sa6bbfA1VGHqzqIcBUZNJDh0RhkhAFSGTfkUAYZ185wQxg24ACDGFeJcUOzZaUxmgg72ZhYGDBMK4YOOuRQVh085TupHmmwwUYYL9TQLQgoXPErlnfMAYITVIAQA7o7gCCzGzbQ0DMeQacAQhAplnFFGWIsoVbLCrtAG8xLIEFFE0ywAAKPa5QBwhFl-PiG0UOgIUeMZbzAIg7duqBVDjO4wOINIEwhcBhypAH1DVJ_ppS0IhBRRFnpSQi44GWxcfjgDh1kxxdylNGcDoneQFINOPgGg0PqyRbyDY45_oUYciyEQ-NlPB4sWtPWRUPjZ7smQnkLvQ7tG3jkUXvjeXg-bB1lcF6GtgNhpx13L8xa66257torHb8Gax6xxq71QllzsIvR2XQcml4LdbihlrU2uODvDYRnL1frMoAFwwzvg-svRgd9cX5Z803U2U0z0HDa5iKYT3Uotz8b9O9_t7GdQSBXBsp8QVkE3IoB_Ucjh6TugWxAyH6W1ZdnhUEMiBHBQcwgFTZIBC-KO5dSeAODPiggIA%3D%3D&r=1&s=7c92e248c74a4f3538dc1528fccef89982581e32cb100270569b10dd195a729c1698634490&w=t
Requested by
Host: rtbbnr.com
URL: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjIsImlkIjoxNjk2LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoyLCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTY5Niwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IiIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjIiLCJ1dG0zIjoiMTAzNDAiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjIiLCJwYWdlIjoiaHR0cHM6Ly8zdHl1LmNhcHRjaGEub3B0aW5tb3N0ci5zaXRlLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiI2NWQ0ZGM4Y2RhZjllNzllZDA1MzdhNjgwYjY1YjczMSJ9LCJleHQiOnsiZHQiOjE2OTg2MzQ0OTA0NDd9fQ==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
136.243.134.97 Sindelfingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.97.134.243.136.clients.your-server.de
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtbbnr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Mon, 30 Oct 2023 02:54:50 GMT
server
nginx
x-robots-tag
noindex, nofollow
content-length
35
content-type
text/plain; charset=utf-8
d94792bc5d542ee45c4b5001d5c6006bc64525.png
lcdn.tsyndicate.com/images/4/e/ Frame C81A 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lcdn.tsyndicate.com/images/4/e/d94792bc5d542ee45c4b5001d5c6006bc64525.png
Requested by
Host: rtbbnr.com
URL: https://rtbbnr.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InNwb3QiOjIsImlkIjoxNjk2LCJsYWJlbHMiOiIiLCJzaXRlX2lkIjoyLCJ0eXBlIjoiYmFubmVyIiwic3BhY2VpZCI6MTY5Niwic3BvdF9pZCI6MCwiaWR6b25lIjozODMwODE5LCJ6b25lIjoidGNfcGFiXzMwMHgyNTAiLCJhZF90YWdzIjoiIiwidGl0bGUiOiIiLCJzdWJpZCI6IiIsInV0bTEiOiJ0Y2Jhbl9pIiwidXRtMiI6IjIiLCJ1dG0zIjoiMTAzNDAiLCJ1dG00IjoiIn0sImJhbm5lciI6eyJ3IjozMDAsImgiOjI1MH19XSwic2l0ZSI6eyJpZCI6IjIiLCJwYWdlIjoiaHR0cHM6Ly8zdHl1LmNhcHRjaGEub3B0aW5tb3N0ci5zaXRlLyJ9LCJkZXZpY2UiOnsidyI6MTYwMCwiaCI6MTIwMH0sInVzZXIiOnsiaWQiOiI2NWQ0ZGM4Y2RhZjllNzllZDA1MzdhNjgwYjY1YjczMSJ9LCJleHQiOnsiZHQiOjE2OTg2MzQ0OTA0NDd9fQ==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.27.157.121 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx /
Resource Hash
77485b83145f3fb1c1b88f7755d577d20b6f99406aea2cea98612281380f2d39

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtbbnr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Mon, 30 Oct 2023 02:54:50 GMT
content-encoding
gzip
last-modified
Wed, 08 Feb 2023 05:53:31 GMT
server
nginx
age
6838312
etag
W/"63e338db-7553"
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes
x-robots-tag
noindex, nofollow
content-length
30061

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture string| SxE2 string| spotID function| init function| AdManagerPushFormat boolean| isOpera object| banner function| _onAlreadySubscribed

0 Cookies