trk30.zzzperform.com Open in urlscan Pro
2606:4700:e4::ac40:ab0b Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s3.amazonaws.com/fvcffdderf/29068.html#qs=r-ahbdacjbbgickjafhbkcckacbffkcfhafcdhdabababagjacikaccadfcfadgkfacebie...
Effective URL:
https://trk30.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a
Submission: On October 11 via api (October 11th 2022, 5:49:58 am UTC) from BE — Scanned from DE

Summary HTTP 35 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 5 countries across 14 domains to perform 35 HTTP transactions. The main IP is 2606:4700:e4::ac40:ab0b, located in United States and belongs to CLOUDFLARENET, US. The main domain is trk30.zzzperform.com.
TLS certificate: Issued by E1 on October 1st 2022. Valid for: 3 months.

This is the only time trk30.zzzperform.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.216.33.216 52.216.33.216	16509 (AMAZON-02) (AMAZON-02)
1 1	27.255.94.10 27.255.94.10	45382 (EHOSTIDC-...) (EHOSTIDC-AS-KR EHOSTICT)
1	209.236.123.11 209.236.123.11	30277 (DFW-DATAC...) (DFW-DATACENTER)
6	2606:4700:303... 2606:4700:3032::6815:1cae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:303... 2606:4700:3030::ac43:bfdd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	65.60.58.179 65.60.58.179	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
6 9	51.68.81.31 51.68.81.31	16276 (OVH) (OVH)
2 2	34.147.1.177 34.147.1.177	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 4	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	139.59.49.76 139.59.49.76	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.141.179.97 34.141.179.97	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:e4:... 2606:4700:e4::ac40:ab0b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
35	10

1 52.216.33.216 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 27.255.94.10 (Korea, Republic Of) 1 redirects

ASN45382 (EHOSTIDC-AS-KR EHOSTICT, KR)
PTR: otherfusion.net

otherfusion.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.236.123.11 (United States)

ASN30277 (DFW-DATACENTER, US)
PTR: 209.236.123.11

primefrenzy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3032::6815:1cae (United States)

ASN13335 (CLOUDFLARENET, US)

lynku.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zring.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kixa.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3030::ac43:bfdd (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 65.60.58.179 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

otto.sherlowcke.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 51.68.81.31 (France) 6 redirects

ASN16276 (OVH, FR)

www.wewillserv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.147.1.177 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 177.1.147.34.bc.googleusercontent.com

admoustache.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

myofferplus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.bl-easycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
carrytraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.59.49.76 (Bengaluru, India) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

139.59.49.76	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

surf.ueive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.141.179.97 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 97.179.141.34.bc.googleusercontent.com

track.gositego.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e4::ac40:ab0b (United States)

ASN13335 (CLOUDFLARENET, US)

trk30.zzzperform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	wewillserv.com 6 redirects www.wewillserv.com — Cisco Umbrella Rank: 646049	18 KB
9	sherlowcke.com otto.sherlowcke.com	21 KB
6	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 261287	6 KB
6	jukminung.com lynku.jukminung.com zring.jukminung.com kixa.jukminung.com — Cisco Umbrella Rank: 260728	27 KB
3	ueive.com surf.ueive.com	23 KB
2	zzzperform.com trk30.zzzperform.com	12 KB
2	myofferplus.com myofferplus.com — Cisco Umbrella Rank: 359357	3 KB
2	go2affise.com 2 redirects admoustache.go2affise.com — Cisco Umbrella Rank: 225144	421 B
1	carrytraff.com 1 redirects carrytraff.com — Cisco Umbrella Rank: 324875	582 B
1	gositego.live 1 redirects track.gositego.live — Cisco Umbrella Rank: 207537	223 B
1	bl-easycdn.com t.bl-easycdn.com	9 KB
1	primefrenzy.com primefrenzy.com	450 B
1	otherfusion.net 1 redirects otherfusion.net	398 B
1	amazonaws.com s3.amazonaws.com	459 B
35	14

	Domain	Requested by
9	www.wewillserv.com	6 redirects otto.sherlowcke.com
9	otto.sherlowcke.com	lynku.jukminung.com otto.sherlowcke.com myofferplus.com
6	cdn.addlnk.com	lynku.jukminung.com myofferplus.com zring.jukminung.com surf.ueive.com kixa.jukminung.com
4	lynku.jukminung.com	primefrenzy.com s3.amazonaws.com lynku.jukminung.com
3	surf.ueive.com	zring.jukminung.com s3.amazonaws.com surf.ueive.com
2	trk30.zzzperform.com	kixa.jukminung.com s3.amazonaws.com
2	myofferplus.com	www.wewillserv.com
2	admoustache.go2affise.com	2 redirects
1	carrytraff.com	1 redirects
1	kixa.jukminung.com	surf.ueive.com
1	track.gositego.live	1 redirects
1	zring.jukminung.com	t.bl-easycdn.com
1	t.bl-easycdn.com	www.wewillserv.com
1	primefrenzy.com	s3.amazonaws.com
1	otherfusion.net	1 redirects
1	s3.amazonaws.com
35	16

This site contains no links.

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh
primefrenzy.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-23` - `2023-09-22`	a year	crt.sh
*.jukminung.com E1	`2022-09-19` - `2022-12-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
otto.sherlowcke.com R3	`2022-09-13` - `2022-12-12`	3 months	crt.sh
www.wewillserv.com R3	`2022-10-09` - `2023-01-07`	3 months	crt.sh
*.zzzperform.com E1	`2022-10-01` - `2022-12-30`	3 months	crt.sh

This page contains 3 frames:

Frame: https://trk30.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a&code=3aY3VvBDU7PDw8P0E.RUJGQ0ERhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645ajYxMgNtbQc4Ojk6C22ED0BGQUITdX0XSEpJShuQlx9PIIOXjIgmJoqTjitcLJCZkjFhMqKmo6o4OK9uZQNKc3Rtc20pU3lvOw53g3d1FIiHi3wYf4yIHYN-i5OGIpiFJnOWopKWl41cY11gUVqKnaOapq.sIE9WIzU1NDdDKWF0ekNCSjCJSEc9NVeHiIV-coF-aYiUUFdWW1NZXUhRdXOAenpbUJ2bnplVfZybpG8qIkZsd3V0bTg7O0I7Pj1FQ0ZMQk5HN2t6gHyOhk1UU1hQVlolh50pYSqPmS5mL5FlZTRkZWdnaGkAYjY3BTU2B3tvCzs8PT4PdncTREVFFnqAfRtMHIOKlSGHg4.XiiaKkJYrXF1eLpuemDNkZGVmN6utcmgDNDU2Nzg5OQp6f3B.hBERgoV4iIt5GUtKS09NT09XIYeZkJMnWlspnJCSLi6hkpSVNGVlaGxpajU0AmZyeXYICIB4eA0NhXZ8hxNcgol7gzhiiH5KHYGDhyJTVFVWV1hZWlpbXF5fX2BiY2RlZmdoaWoxMjM0NTY3ODg6Ozw9Pj9AQUJDRERGR0hJSktMTU5PUFFSU1RVVlZYKIyToC1eX2BgYmNkZWZnaGlqMTIzMzU1Nzg5OjsLg4KCEIc-Qk6LQ29Nbm9VkkqPUo2Oj5Bem1OSW5aXmJlnpFyjZqZtqmJ6gaRwjwBsbnFrBmt1NV5dRnF7DoGEhRNDFIF3hhkZgoePHk4fjpUjVFVVVlhYWVtcLKSSMGFiYpVmNZmpsDpDaXRycWomV0xPKlt4gnV4fo17gYh6iIV5hUeLgINLlYmGmYiWYGmPmpiXkEx9cnVQh5uYq5qos6WhamdkcGhsaW1ya2x7bXJ9eX93gXuDenx.gX6ChX2GWW2BlYuZiUVpk5GOmJ.olpyjlaOglKBipJibpS1xbnhrbnQHe2xuDD5BDoKAdRNFSBV6h4oaSxuKgIIgUVEikJiVJ1hd&_tdf=17
Frame ID: 0E422EF487B4F9447C6CD5FA7F22176A
Requests: 29 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1665460800
Frame ID: 8D5E6A204736E2E56BA7855E071EB3C7
Requests: 3 HTTP requests in this frame

Frame: https://surf.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1665460800
Frame ID: 785085CF4D83F8AE2BE96AED06CBA670
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Loading...

Page URL History Show full URLs

https://s3.amazonaws.com/fvcffdderf/29068.html Page URL
http://otherfusion.net/qs=r-ahbdacjbbgickjafhbkcckacbffkcfhafcdhdabababagjacikaccadfcfadgkfacebiecacb HTTP 302
https://primefrenzy.com/17639bd80c94102e000/41262_10449146_11/602_180057198_0_0_0_4609119_58_2594_13... Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292990005&pubid=690324 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream... Page URL
https://otto.sherlowcke.com/?utm_term=7153127972621254750&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
https://otto.sherlowcke.com/proc.php?7016722dd781ca03ec5df643213145d3615ca0de Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website... Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website... HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website... HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300007ea939ac6dfd2098a8bf6a0c55... HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=634503ff6b6b270001e97f7c&pubid=503 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream... Page URL
https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
https://otto.sherlowcke.com/proc.php?0c92b66d198be30357971b4df496a8afc6e99427 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website... Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website... HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website... HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000ba16a65ba63e08b997880b51dce... HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=6345040046e5e60001967699&pubid=503 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream... Page URL
https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9... Page URL
https://otto.sherlowcke.com/proc.php?228aee44e1100999f3fed602c6ee0357f9e790ce Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website... Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website... HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website... HTTP 302
https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=5aef9636d9adc86a1a06414c8... Page URL
https://zring.jukminung.com/rc/22e841bd3c?affclick=22101107_01_371812_971d16b006974&pubid=a371812s&affe=... Page URL
http://139.59.49.76/34363?click=pubdbbda4a605f140fba569d1cdaa607b15&pubid=8a71a381 HTTP 302
https://surf.ueive.com/rc/736006a179?affclick=22J11111954A034363012829CMxOT&pubid=34363 Page URL
https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pube9f041a35ee446edbbb80945035cd... HTTP 302
https://kixa.jukminung.com/rc/19aff8b744?affclick=634504036aa2180001a7d2eb&pubid=930_c1713ecf_34363 Page URL
https://carrytraff.com/l/27000695f96a812e27e0?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a HTTP 302
https://trk30.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub779ecd325e654d0ebdfc406294ebec92&source=837... Page URL

Page Statistics

35
Requests

97 %
HTTPS

38 %
IPv6

14
Domains

16
Subdomains

10
IPs

5
Countries

118 kB
Transfer

259 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s3.amazonaws.com/fvcffdderf/29068.html Page URL
http://otherfusion.net/qs=r-ahbdacjbbgickjafhbkcckacbffkcfhafcdhdabababagjacikaccadfcfadgkfacebiecacb HTTP 302
https://primefrenzy.com/17639bd80c94102e000/41262_10449146_11/602_180057198_0_0_0_4609119_58_2594_130731_10449146_10_2414/58 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292990005&pubid=690324 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=0441a9aa&cid=pubf027635688404c05914ca2abeb9edf29&2=690063 Page URL
https://otto.sherlowcke.com/?utm_term=7153127972621254750&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://otto.sherlowcke.com/proc.php?7016722dd781ca03ec5df643213145d3615ca0de Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=2fe876709df77553156e58def203f7c3&eyer=0.622443067098372&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.622443067098372&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300007ea939ac6dfd2098a8bf6a0c55e97901011-202210-flb*5467509-4538f*M7153127972621254750*sl_5467509-4538f*f07ac4d4867ef1efedcb3c7cd16efd94a4948b83*13260-ba0efb09-d6b44a05*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=634503ff6b6b270001e97f7c&pubid=503 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=a210515d&cid=pub12ecbdd441ff4bc3af3745ddbbf4e245&2=503 Page URL
https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9e Page URL
https://otto.sherlowcke.com/proc.php?0c92b66d198be30357971b4df496a8afc6e99427 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=5a46ad2b70f9efb3f6577b1cc6d5d3fd&eyer=0.6177607705013153&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.6177607705013153&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000ba16a65ba63e08b997880b51dce5293f1011-202210-flb*5467509-4538f*M7153127976916222030*sl_5467509-4538f*7c52a9619e85e0560f6d4b5309412a695575af30*13260-58e4d543-00e7196d*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=6345040046e5e60001967699&pubid=503 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=a210515d&cid=pub12ecbdd441ff4bc3af3745ddbbf4e245&2=503 Page URL
https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://otto.sherlowcke.com/proc.php?228aee44e1100999f3fed602c6ee0357f9e790ce Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=58001aff002c79fd8b40500361cf8f16&eyer=0.5881784862148693&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.5881784862148693&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=5aef9636d9adc86a1a06414c876d2e971011-202210-flb Page URL
https://zring.jukminung.com/rc/22e841bd3c?affclick=22101107_01_371812_971d16b006974&pubid=a371812s&affe=rdmfl Page URL
http://139.59.49.76/34363?click=pubdbbda4a605f140fba569d1cdaa607b15&pubid=8a71a381 HTTP 302
https://surf.ueive.com/rc/736006a179?affclick=22J11111954A034363012829CMxOT&pubid=34363 Page URL
https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pube9f041a35ee446edbbb80945035cd29c&sub2=c1713ecf_34363 HTTP 302
https://kixa.jukminung.com/rc/19aff8b744?affclick=634504036aa2180001a7d2eb&pubid=930_c1713ecf_34363 Page URL
https://carrytraff.com/l/27000695f96a812e27e0?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a HTTP 302
https://trk30.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://otherfusion.net/qs=r-ahbdacjbbgickjafhbkcckacbffkcfhafcdhdabababagjacikaccadfcfadgkfacebiecacb HTTP 302
https://primefrenzy.com/17639bd80c94102e000/41262_10449146_11/602_180057198_0_0_0_4609119_58_2594_130731_10449146_10_2414/58

Request Chain 11

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=2fe876709df77553156e58def203f7c3&eyer=0.622443067098372&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.622443067098372&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300007ea939ac6dfd2098a8bf6a0c55e97901011-202210-flb*5467509-4538f*M7153127972621254750*sl_5467509-4538f*f07ac4d4867ef1efedcb3c7cd16efd94a4948b83*13260-ba0efb09-d6b44a05*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=634503ff6b6b270001e97f7c&pubid=503

Request Chain 17

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=5a46ad2b70f9efb3f6577b1cc6d5d3fd&eyer=0.6177607705013153&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.6177607705013153&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000ba16a65ba63e08b997880b51dce5293f1011-202210-flb*5467509-4538f*M7153127976916222030*sl_5467509-4538f*7c52a9619e85e0560f6d4b5309412a695575af30*13260-58e4d543-00e7196d*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=6345040046e5e60001967699&pubid=503

Request Chain 23

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=58001aff002c79fd8b40500361cf8f16&eyer=0.5881784862148693&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.5881784862148693&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=5aef9636d9adc86a1a06414c876d2e971011-202210-flb

Request Chain 26

http://139.59.49.76/34363?click=pubdbbda4a605f140fba569d1cdaa607b15&pubid=8a71a381 HTTP 302
https://surf.ueive.com/rc/736006a179?affclick=22J11111954A034363012829CMxOT&pubid=34363

Request Chain 30

https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pube9f041a35ee446edbbb80945035cd29c&sub2=c1713ecf_34363 HTTP 302
https://kixa.jukminung.com/rc/19aff8b744?affclick=634504036aa2180001a7d2eb&pubid=930_c1713ecf_34363

35 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 29068.html
s3.amazonaws.com/fvcffdderf/ 103 B
459 B 307ms
109ms Document
text/html 52.216.33.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/fvcffdderf/29068.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.33.216 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Content-Length: 103
Content-Type: text/html
Date: Tue, 11 Oct 2022 05:49:48 GMT
ETag: "c130fcb8014c01b3957e85ec05c989a9"
Last-Modified: Tue, 11 Oct 2022 04:42:04 GMT
Server: AmazonS3
x-amz-id-2: ZNLH+DlaE1LVX+Nnh2pH9uClUQAFwmxeqWG5Ggwz0lC8mLEFLvx9U4Zhr3JNn+48ZRjWSWpizPI=
x-amz-request-id: M4KFKSKV0VZMWWY2

GET
H/1.1

200
OK

58
primefrenzy.com/17639bd80c94102e000/41262_10449146_11/602_180057198_0_0_0_4609119_58_2594_130731_10449146_10_2414/
Redirect Chain

http://otherfusion.net/qs=r-ahbdacjbbgickjafhbkcckacbffkcfhafcdhdabababagjacikaccadfcfadgkfacebiecacb
https://primefrenzy.com/17639bd80c94102e000/41262_10449146_11/602_180057198_0_0_0_4609119_58_2594_130731_10449146_10_2414/58

137 B
450 B

1393ms
366ms

Document
text/html

209.236.123.11
DFW-DATACENTER

General

Check archive.org

Show headers Download Go to

Full URL: https://primefrenzy.com/17639bd80c94102e000/41262_10449146_11/602_180057198_0_0_0_4609119_58_2594_130731_10449146_10_2414/58
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/fvcffdderf/29068.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 209.236.123.11 , United States, ASN30277 (DFW-DATACENTER, US),
Reverse DNS: 209.236.123.11
Software: Apache /
Resource Hash

Request headers

Referer: https://s3.amazonaws.com/fvcffdderf/29068.html#qs=r-ahbdacjbbgickjafhbkcckacbffkcfhafcdhdabababagjacikaccadfcfadgkfacebiecacb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Length: 137
Content-Type: text/html; charset=UTF-8
Date: Tue, 11 Oct 2022 05:49:50 GMT
Server: Apache

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 11 Oct 2022 05:49:48 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
location: https://primefrenzy.com/17639bd80c94102e000/41262_10449146_11/602_180057198_0_0_0_4609119_58_2594_130731_10449146_10_2414/58

GET
H2 200 9e8aef8068 Show response
lynku.jukminung.com/rc/ 3 KB
2 KB 96ms
74ms Document
text/html 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292990005&pubid=690324
Requested by: Host: primefrenzy.com
URL: https://primefrenzy.com/17639bd80c94102e000/41262_10449146_11/602_180057198_0_0_0_4609119_58_2594_130731_10449146_10_2414/58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d4790090494caa60d9c8f79c4b8be681fc5f6cde40a96191006733146f971db

Request headers

Referer: https://primefrenzy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 75855095ddc6917c-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=slXgAeeuN82bXIyYzaOzCsjmjEG%2B4bB2ZJwRsve5dHGPYaxlh12aHjcr%2BAtGxVI052FZ%2BJavJO07hAFQIQnf%2BM5wO2UOhwDnmsvFpAXSSrhREETNv1cSBe5lgP8h%2FHitc%2FUnHcJ4bvr1FrM%2Bea02bcov"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 34ms
13ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292990005&pubid=690324
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:50 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 6278
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bm%2B7ceKqckhijPzbaIxZHpmplXk4EzazOpvuTNWTQPUKrAnbjMxf37Tly5VzDhxa%2FGvbmk9t9DzZCiZoJhc4W0KRx293YomAvPgbkuzPQPJOjcE7vPIqVoKxNTdOSaAhWfVWk7cK5DZLOp54JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 758550966addbb4d-FRA

GET
H2 200 invisible.js Show response
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 8D5E 42 KB
15 KB 16ms
15ms Script
application/javascript 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1665460800
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/fvcffdderf/29068.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1961b85be99930322edff77f4915666d65b938535be17aa50cd03efae8936e7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:50 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkcJ6dagsMyRQvO6bi9l2ZT9Y%2BGrfdeEXhO8LJ3ITUdarRazorfycrUX9iInnRv8og2h%2Ba%2BPN38%2BaQdNucuM0Lh7okIobVeILOJeqBd%2FxJur3XIBSU1asuSlt2cfpQhqhj8hmWSJA5Y9DC7jJnB%2Bttwq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 758550969f3d917c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 8D5E 21 KB
8 KB 15ms
14ms Other
application/javascript 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b620d9525124d27771577ff338ea3502db61d1c12a2dc36c976c7b8e06db281

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:50 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIuNHrKe%2FWXo6dOYohFcVl3upGUaeIhFwf%2BGe2wlpdHbqe2CV1sTE7V4TaVMJ%2B8Ci9M6GwTK3HIPIVZl7sArAmxQV1lNPP4jq7%2B4z6axVQo6ehfArU04B4Omo3uC%2FgSzbQi9MmtDJiUAGXo6%2FGElsOoH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 75855096c8899b80-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 /
otto.sherlowcke.com/ 3 KB
2 KB 330ms
108ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=0441a9aa&cid=pubf027635688404c05914ca2abeb9edf29&2=690063

Requested by

Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292990005&pubid=690324

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 11 Oct 2022 05:49:50 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://otto.sherlowcke.com/?utm_term=7153127972621254750&ver=4viyaptcjo
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

POST
H3 200 75855095ddc6917c
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 8D5E 2 B
661 B 36ms
36ms XHR
text/plain 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/75855095ddc6917c
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1665460800
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 11 Oct 2022 05:49:50 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzXUzKxA2pHYsKXZJIJJhkYwj2M3Ke8zpiwRdzwk8vJgRymOXakuFaXGDc3cI3C0e%2FEbECG1dkxuooncuidpdC%2FWcVHmJ%2FzzA%2FnudqPDudRl5EzaoAtbHK6i%2BF2WFl6MowdbC6Dx%2BXHQLSdCP1GT9aKg"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 75855098cc659b80-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
otto.sherlowcke.com/ 9 KB
3 KB 112ms
112ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_term=7153127972621254750&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=0441a9aa&cid=pubf027635688404c05914ca2abeb9edf29&2=690063

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

7b47db55680a988b5e26d2f870472344962ce9f8fe6712ca9f6c3ee6b81c9a45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=0441a9aa&cid=pubf027635688404c05914ca2abeb9edf29&2=690063
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:50 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 proc.php
otto.sherlowcke.com/ 4 KB
2 KB 111ms
110ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/proc.php?7016722dd781ca03ec5df643213145d3615ca0de

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_term=7153127972621254750&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_term=7153127972621254750&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 11 Oct 2022 05:49:51 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H/1.1 200
OK /
www.wewillserv.com/ 5 KB
5 KB 88ms
21ms Document
text/html 51.68.81.31
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Requested by: Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/proc.php?7016722dd781ca03ec5df643213145d3615ca0de
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.81.31 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://otto.sherlowcke.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Tue, 11 Oct 2022 05:49:51 GMT
Transfer-Encoding: chunked

GET
H2

200

a91581ead4 Show response
myofferplus.com/rc/
Redirect Chain

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=3300007ea939ac6dfd2098a8bf6a0c55e97901011-202210-flb*5467509-4538f*M7153127972621254750*sl_5467509-4538f*f07ac4d4867ef1...
https://myofferplus.com/rc/a91581ead4?affclick=634503ff6b6b270001e97f7c&pubid=503

1 KB
1 KB

118ms
90ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://myofferplus.com/rc/a91581ead4?affclick=634503ff6b6b270001e97f7c&pubid=503
Requested by: Host: www.wewillserv.com
URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8cb0d909e370df7521edb77d944d635a864b0a31d5455f37daef38621208f870

Request headers

Referer: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127972621254750&website=13260-ba0efb09-d6b44a05&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7585509d2a819207-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k8q1i5GLyRT8W2aS74bqDDwod7EiA2rBP6GBHS6d4fIuG1WdikU8Lt%2FR22zKaNNjRxt6hdf8IBm%2FK%2BpPStZC6By9LKzQwUn7jrTaE0m4Nl5YIVDz8UBPyLwhEM0Aj734AtCU3zTpCoZX5XBndGI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Tue, 11 Oct 2022 05:49:51 GMT
location: https://myofferplus.com/rc/a91581ead4?affclick=634503ff6b6b270001e97f7c&pubid=503
server: nginx

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 31ms
18ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=634503ff6b6b270001e97f7c&pubid=503
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:51 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 6279
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xD4TGE4K2RNXdPFP4wRSFO5TyLX1W2j95dQzFXA6g%2BZXf8uLb76oAgY5vHA2%2BH%2BYxqK8taO0aXn6uxWeSmTsYTi5dxIVG%2FG9moyYwdHrq3q00lAkWCxPGDjIZ5EQ91K6k2TozmvOAYyEv6OwfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7585509dc84e91e7-FRA

GET
H2 200 /
otto.sherlowcke.com/ 3 KB
2 KB 108ms
108ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=a210515d&cid=pub12ecbdd441ff4bc3af3745ddbbf4e245&2=503

Requested by

Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=634503ff6b6b270001e97f7c&pubid=503

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 11 Oct 2022 05:49:51 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 / Show response
otto.sherlowcke.com/ 9 KB
3 KB 120ms
120ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9e

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=a210515d&cid=pub12ecbdd441ff4bc3af3745ddbbf4e245&2=503

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

4394804547059e1d440f04161220b64190b8a869f5fb08519762c96b7cc6cb5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=a210515d&cid=pub12ecbdd441ff4bc3af3745ddbbf4e245&2=503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:51 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 proc.php
otto.sherlowcke.com/ 4 KB
2 KB 111ms
110ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/proc.php?0c92b66d198be30357971b4df496a8afc6e99427

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 11 Oct 2022 05:49:52 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H/1.1 200
OK /
www.wewillserv.com/ 5 KB
5 KB 20ms
20ms Document
text/html 51.68.81.31
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Requested by: Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/proc.php?0c92b66d198be30357971b4df496a8afc6e99427
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.81.31 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://otto.sherlowcke.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Tue, 11 Oct 2022 05:49:52 GMT
Transfer-Encoding: chunked

GET
H3

200

a91581ead4 Show response
myofferplus.com/rc/
Redirect Chain

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000ba16a65ba63e08b997880b51dce5293f1011-202210-flb*5467509-4538f*M7153127976916222030*sl_5467509-4538f*7c52a9619e85e0...
https://myofferplus.com/rc/a91581ead4?affclick=6345040046e5e60001967699&pubid=503

1 KB
1 KB

83ms
71ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://myofferplus.com/rc/a91581ead4?affclick=6345040046e5e60001967699&pubid=503
Requested by: Host: www.wewillserv.com
URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ae40be8b4ee7b268426587f71e14d639e753460c4051d0ef5550d0da9acd01c

Request headers

Referer: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 758550a29d2abbc7-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z11SM3fqdZS2hUejzUvk3JZj5M6Xbvt0GDd4D7EVvf0l8uKjEj%2BsJqUsAB7BFzZtd%2FHmHih0dgsn3BfS2Ouqdk%2FgVr%2BExkm9ZZpamoY%2BorqcfJRw%2FQQ7A5AyY%2FUdmETb1KmcEZ3HJlk5KD8lG0k%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Tue, 11 Oct 2022 05:49:52 GMT
location: https://myofferplus.com/rc/a91581ead4?affclick=6345040046e5e60001967699&pubid=503
server: nginx

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1016 B 14ms
14ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=6345040046e5e60001967699&pubid=503
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 6280
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ujhulm3pw6G9uL4RzP4epFCdBAt1I%2FumZu4P%2ByBdMH29U57qsw0dI%2FeVLYqGEmw8rREYBhxzM%2Foy8P1esupyjgrklkocfaP72M40tXL1Og%2F8X1HY3Y2cOCzuefIlKGdEIbJW%2FuVYJyTKrRAjHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 758550a3093f91e7-FRA

GET
H2 200 /
otto.sherlowcke.com/ 3 KB
2 KB 108ms
108ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=a210515d&cid=pub12ecbdd441ff4bc3af3745ddbbf4e245&2=503

Requested by

Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=6345040046e5e60001967699&pubid=503

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 11 Oct 2022 05:49:52 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&c=1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 / Show response
otto.sherlowcke.com/ 9 KB
3 KB 108ms
108ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=a210515d&cid=pub12ecbdd441ff4bc3af3745ddbbf4e245&2=503

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

2c8d9b6164a3fc489c682f4c8c35a63a5d7a87e89b5d1290cfc31592c48dc0a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=a210515d&cid=pub12ecbdd441ff4bc3af3745ddbbf4e245&2=503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:52 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 proc.php
otto.sherlowcke.com/ 4 KB
2 KB 108ms
108ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/proc.php?228aee44e1100999f3fed602c6ee0357f9e790ce

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_term=7153127976916222030&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 11 Oct 2022 05:49:53 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H/1.1 200
OK /
www.wewillserv.com/ 5 KB
5 KB 23ms
22ms Document
text/html 51.68.81.31
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Requested by: Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/proc.php?228aee44e1100999f3fed602c6ee0357f9e790ce
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.81.31 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://otto.sherlowcke.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Tue, 11 Oct 2022 05:49:53 GMT
Transfer-Encoding: chunked

GET
H2

200

/ Show response
t.bl-easycdn.com/directclick/
Redirect Chain

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=5aef9636d9adc86a1a06414c876d2e971011-202210-flb

25 KB
9 KB

512ms
479ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=5aef9636d9adc86a1a06414c876d2e971011-202210-flb
Requested by: Host: www.wewillserv.com
URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6f2d005cfaf67f8b14838315697dae4daa27506e831f967b420cffdc0b64db8

Request headers

Referer: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7153127976916222030&website=13260-58e4d543-00e7196d&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 758550a85f259b39-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:53 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82nCbeKIMZnrQkeKRYih6HxkDBW6wYPZVi7Ec3yDAvYwO67Jy367Yy%2BAD5ZCaGp7Zr7Ddu1PxR96X%2BVEU%2B%2BaTp2CTa1wn24Zn2QsJLV0chggZOKDerkBdmKmIFxWo9gVX5JmgtLh0FAMOKtCRlaR"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 0
Date: Tue, 11 Oct 2022 05:49:53 GMT
Location: https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=5aef9636d9adc86a1a06414c876d2e971011-202210-flb

GET
H2 200 22e841bd3c Show response
zring.jukminung.com/rc/ 1 KB
1 KB 151ms
133ms Document
text/html 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zring.jukminung.com/rc/22e841bd3c?affclick=22101107_01_371812_971d16b006974&pubid=a371812s&affe=rdmfl
Requested by: Host: t.bl-easycdn.com
URL: https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=5aef9636d9adc86a1a06414c876d2e971011-202210-flb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3dfb889b5936b5b69f5da403dd92cec905c619c2459dda363b9f9ce11b6f233

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 758550ac081a917c-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fPavwCWSxbWbVbRftSzmMsrZ5MSrbMz7G5WHZ3R14jNeRFHxYsfsgWVo2VpwTJzwGCcIfvQIjdpVxP3e%2FpJ6rtIo2UMK9aj8k%2FVEBX27eFOezqycGFXmpwY6Bhl%2Fx7ejQRH8Qg4edTTpSvWcKZmnJBld"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1016 B 16ms
15ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: zring.jukminung.com
URL: https://zring.jukminung.com/rc/22e841bd3c?affclick=22101107_01_371812_971d16b006974&pubid=a371812s&affe=rdmfl
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 6282
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LMgPnEETqrUuUqZzng%2FozMpMH7PzrgyeF5NzHw2azbI2%2BDqLB3fZFmOhhlaJFr5bXVpAuW%2FjNMT30Mswvtj6zYURxZMh536tVFqpKYc%2BrP45EyzafhZLn6POJ2ns4Ee8M6c%2FrUIvyoFN2PggZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 758550acda4791e7-FRA

GET
H2

200

736006a179 Show response
surf.ueive.com/rc/
Redirect Chain

http://139.59.49.76/34363?click=pubdbbda4a605f140fba569d1cdaa607b15&pubid=8a71a381
https://surf.ueive.com/rc/736006a179?affclick=22J11111954A034363012829CMxOT&pubid=34363

3 KB
2 KB

162ms
130ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://surf.ueive.com/rc/736006a179?affclick=22J11111954A034363012829CMxOT&pubid=34363
Requested by: Host: zring.jukminung.com
URL: https://zring.jukminung.com/rc/22e841bd3c?affclick=22101107_01_371812_971d16b006974&pubid=a371812s&affe=rdmfl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b50195acf8184bf03b6552c8b5c300b257b738d80ffa4623d0d7ee81a8db2e08

Request headers

Referer: https://zring.jukminung.com/rc/22e841bd3c?affclick=22101107_01_371812_971d16b006974&pubid=a371812s&affe=rdmfl
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 758550b34f52911f-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=upgFauCuomDRQGZ52fQMsmW9Z8pXzhoMH1kgxu%2FRqibAErRjMDLq6sl4bfAbolaLfNSFAH%2BpOUXnHKFC6frhv6UIlEqw8APP%2BHX1XkIpZNZQDP1t7i5uTY%2FwlNZzwLjWRhWFzuDnx9%2Bq%2FO1gEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-length: 226
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:54 GMT
expires: 0
location: https://surf.ueive.com/rc/736006a179?affclick=22J11111954A034363012829CMxOT&pubid=34363
pragma: no-cache
surrogate-control: no-store
vary: Accept, Accept-Encoding
x-powered-by: Express

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1017 B 16ms
16ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: surf.ueive.com
URL: https://surf.ueive.com/rc/736006a179?affclick=22J11111954A034363012829CMxOT&pubid=34363
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 6283
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hH0gaiFA5Bz0p0kc5a%2BB%2B%2Fsep%2FVTy2xhyFO8o03rYW9GaMEDam8ZKFPMI0z0bEmjde2mDf17owcN2BXzq3fApTrhITFK%2FyMsmkTw43Co%2F9T4gIja2lwdmcekkL92%2FE5H3434YE%2F7WHpqHh5urQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 758550b41fed91e7-FRA

GET
H3 200 invisible.js Show response
surf.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 7850 38 KB
14 KB 28ms
14ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://surf.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1665460800
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/fvcffdderf/29068.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 777ba552f87c86f0c5ecfdb66780c9bc8bbe85c2b9a693fa6f678ac53807e49f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:55 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Geb%2FhLYp4aGUUG7ogsjBZiYWuo6br5yWnfFU6ALyER4pW%2BnX28vW%2FKdg7Y4IewGaEk9U8ErrUf9qqPjUiTDdCzUHnT%2BB1vpSOGzyuId7lX%2BLLM4pMV%2BmTMaxmOv3uHzR8WzGmqnic84%2BdQvq3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 758550b45b4b9176-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
surf.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 7850 19 KB
7 KB 20ms
19ms Other
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://surf.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: def5241595e55c3af44035ebfee229b1ce4be749eb5d53db5beb1aa9fad15b0b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:55 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HqFULcJxnbscVJSiLFtQyRXWY2E5kRDMUAhATZ2RhCOUH%2FJYCIa8aWxk48J9nJgUGjm7knpKiQGOc43YUU6G7PKo92yLks4w85gphGpL4O179vaZES2KqGlUQQCe5gehWEKu%2BvTzJfTTgqwtTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 758550b49bd59176-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

19aff8b744 Show response
kixa.jukminung.com/rc/
Redirect Chain

https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pube9f041a35ee446edbbb80945035cd29c&sub2=c1713ecf_34363
https://kixa.jukminung.com/rc/19aff8b744?affclick=634504036aa2180001a7d2eb&pubid=930_c1713ecf_34363

1 KB
1 KB

96ms
87ms

Document
text/html

2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kixa.jukminung.com/rc/19aff8b744?affclick=634504036aa2180001a7d2eb&pubid=930_c1713ecf_34363
Requested by: Host: surf.ueive.com
URL: https://surf.ueive.com/rc/736006a179?affclick=22J11111954A034363012829CMxOT&pubid=34363
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 284cf75ec2d041cafc355d4f8d5941cef4ebab942550ccef16511114c4938a52

Request headers

Referer: https://surf.ueive.com/rc/736006a179?affclick=22J11111954A034363012829CMxOT&pubid=34363
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 758550b559b8917c-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 11 Oct 2022 05:49:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sGv%2Fxxyt5hYAZvZltyvzuzomXYN6SBdeyt5ckp1z%2BRUp%2F%2FysfiwpW76oGv5EP91dD%2F0APpOsdVl1TxevbpGRWcfKGuF9JVRSeIdnb8fMCkcRGa5K%2FO%2FkNpb6X5EphRY2UkvH2WnPz0VoonAqoLs3qYA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Tue, 11 Oct 2022 05:49:55 GMT
location: https://kixa.jukminung.com/rc/19aff8b744?affclick=634504036aa2180001a7d2eb&pubid=930_c1713ecf_34363
server: nginx

POST 758550b34f52911f
surf.ueive.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 7850 0
0

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1012 B 12ms
12ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: kixa.jukminung.com
URL: https://kixa.jukminung.com/rc/19aff8b744?affclick=634504036aa2180001a7d2eb&pubid=930_c1713ecf_34363
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 05:49:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 6283
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sk%2Bc4E6KbQY%2Fma5eszVeS2UinV3FqOEo%2BP14Fbc2z5hkf1WCMPz6FheOSyq6wBihZTUHvdFpP4fIe1a76Zayjiz1hmjGHM3orUTZ0S7wLNEual4QaeXNFTibMLvyH%2BlsA2mgxVf05G5IPpY7Zg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 758550b66bea91e7-FRA

GET
H2

200

Primary Request 27000695f96a812e27e0.js Show response
trk30.zzzperform.com/l/
Redirect Chain

https://carrytraff.com/l/27000695f96a812e27e0?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a
https://trk30.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a

36 KB
12 KB

73ms
45ms

Document
text/html

2606:4700:e4::ac40:ab0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk30.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a
Requested by: Host: kixa.jukminung.com
URL: https://kixa.jukminung.com/rc/19aff8b744?affclick=634504036aa2180001a7d2eb&pubid=930_c1713ecf_34363
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:ab0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Referer: https://kixa.jukminung.com/rc/19aff8b744?affclick=634504036aa2180001a7d2eb&pubid=930_c1713ecf_34363
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2944
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000
cf-cache-status: HIT
cf-ray: 758550b7a9846904-FRA
content-encoding: br
content-type: text/html
date: Tue, 11 Oct 2022 05:49:55 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 20 Aug 2019 14:25:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yLzNS4ItWX7x6AjPwBtroh5bCkyQhawff0RrlxRWy3A2VngNUkjNAhdElCtpe0rEsDLdaEw2tnXwAbQYHgWsLTrii95SQHSnHvz9jNahvWwrylECGLHCwV6geun00T%2FXeG4HVUieMBvzqZ%2B4t5vX0CSXlg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 758550b75f92929f-FRA
date: Tue, 11 Oct 2022 05:49:55 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
location: https://trk30.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Goaz0uwztIulmlbDn6UGyYcdqkuwRAwUi9oOCjQjW0hYFW2z2WMxr3SA40YSx32758pRFo34gZ8zEfDTBL7fwqvsZOr2LK8uE%2Bfpd2rWcdROIDRrjZdLTozbTdm1kDUosY34%2BV65Av%2BjOUwZg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 204 27000695f96a812e27e0.js
trk30.zzzperform.com/l/ 0
0 43ms
33ms Document
text/plain 2606:4700:e4::ac40:ab0b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk30.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a&code=3aY3VvBDU7PDw8P0E.RUJGQ0ERhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645ajYxMgNtbQc4Ojk6C22ED0BGQUITdX0XSEpJShuQlx9PIIOXjIgmJoqTjitcLJCZkjFhMqKmo6o4OK9uZQNKc3Rtc20pU3lvOw53g3d1FIiHi3wYf4yIHYN-i5OGIpiFJnOWopKWl41cY11gUVqKnaOapq.sIE9WIzU1NDdDKWF0ekNCSjCJSEc9NVeHiIV-coF-aYiUUFdWW1NZXUhRdXOAenpbUJ2bnplVfZybpG8qIkZsd3V0bTg7O0I7Pj1FQ0ZMQk5HN2t6gHyOhk1UU1hQVlolh50pYSqPmS5mL5FlZTRkZWdnaGkAYjY3BTU2B3tvCzs8PT4PdncTREVFFnqAfRtMHIOKlSGHg4.XiiaKkJYrXF1eLpuemDNkZGVmN6utcmgDNDU2Nzg5OQp6f3B.hBERgoV4iIt5GUtKS09NT09XIYeZkJMnWlspnJCSLi6hkpSVNGVlaGxpajU0AmZyeXYICIB4eA0NhXZ8hxNcgol7gzhiiH5KHYGDhyJTVFVWV1hZWlpbXF5fX2BiY2RlZmdoaWoxMjM0NTY3ODg6Ozw9Pj9AQUJDRERGR0hJSktMTU5PUFFSU1RVVlZYKIyToC1eX2BgYmNkZWZnaGlqMTIzMzU1Nzg5OjsLg4KCEIc-Qk6LQ29Nbm9VkkqPUo2Oj5Bem1OSW5aXmJlnpFyjZqZtqmJ6gaRwjwBsbnFrBmt1NV5dRnF7DoGEhRNDFIF3hhkZgoePHk4fjpUjVFVVVlhYWVtcLKSSMGFiYpVmNZmpsDpDaXRycWomV0xPKlt4gnV4fo17gYh6iIV5hUeLgINLlYmGmYiWYGmPmpiXkEx9cnVQh5uYq5qos6WhamdkcGhsaW1ya2x7bXJ9eX93gXuDenx.gX6ChX2GWW2BlYuZiUVpk5GOmJ.olpyjlaOglKBipJibpS1xbnhrbnQHe2xuDD5BDoKAdRNFSBV6h4oaSxuKgIIgUVEikJiVJ1hd&_tdf=17
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/fvcffdderf/29068.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e4::ac40:ab0b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://trk30.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub779ecd325e654d0ebdfc406294ebec92&source=8378b37a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 758550b8393b9a2a-FRA
date: Tue, 11 Oct 2022 05:49:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5DGj1b69CwqGGqm5fY2tqO46kevj1forqq1bMW0GOYu%2B6EvH8Xod%2B6lAH7tcRGi6XXKmBtKhcJ5eVbidiihjFL6TXA0ubrv55TJu1%2Fv3DwBe2E1SSVmBqPDFDyoUVfaj634DOUVg8gcB71%2Bpy3rc6NZYNA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: surf.ueive.com
URL: https://surf.ueive.com/cdn-cgi/challenge-platform/h/g/cv/result/758550b34f52911f

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
primefrenzy.com/	1970-01-20 07:20:59	Name: uid15295 Value: 1292990005-20221011014950-e0a822b9cdbf057f00d908cb13708911-
lynku.jukminung.com/	1970-01-20 06:47:52	Name: AWSALB Value: UxqgRvYY8fEcWr9D8KmhN3ePsoA5Dwz0xQvw+KuWXNBUSK5ckCd/jQYXk/Q9WtOiD3x8Z08JLTMWB/513FIP5yRQXFHNwKFZZ7+/Vb19A7dcw5uUNe7zc6xP2Pqs
.jukminung.com/	1970-01-20 06:37:49	Name: __cf_bm Value: ZO_ji4R380zQwdkbWSLnG8cky9etyZs_hwSyJhRF8oU-1665467390-0-AT7MkSygRwcURK/pZDyETiuelWXpG1r1dEBokrscCBu30OSAgeU7edAaq3Aud4DqIaEZDEvo8nDo3PxZNidebd1BG7rmBh0MwIZkYE/nc9uHopckU3T55Z8rLqikWvIG4w==
otto.sherlowcke.com/	1970-01-20 15:23:23	Name: u Value: 4b8663207691a543bb20e09e8a915cde
admoustache.go2affise.com/	1970-01-20 15:23:23	Name: afclick Value: 6345040046e5e60001967699
myofferplus.com/	1970-01-20 06:47:52	Name: AWSALB Value: ktZ27/EKrsxia9hwbxCgrenUVEZ0lADQW/Fn7TaJnh3a5VSlHajdhqLhYPxAfaEnxZuqIHIRRx0V+7x1VCsZOdnOW/KwHXO6YR4J5QtpQA8eKDnfHdQxZRHJh2OR
.bl-easycdn.com/	1970-01-20 15:23:23	Name: checkkeks Value: 1
.bl-easycdn.com/	1970-01-20 06:39:13	Name: eTag Value: a60789f9a1b100d20486ef6710515190
.bl-easycdn.com/	1970-01-20 15:23:23	Name: ck_uniques Value: 1665553792%3A24589-115227
.bl-easycdn.com/	1970-01-20 15:23:23	Name: ck_uniquesPa Value: 1665553792%3A89322
.bl-easycdn.com/	1970-01-20 06:39:13	Name: ck_sys_uniques_3 Value: 1
.bl-easycdn.com/	1970-01-20 06:39:13	Name: u_current_ads_view Value: 89322----
zring.jukminung.com/	1970-01-20 06:47:52	Name: AWSALB Value: WzCbbmLJrrmqFB8moD2ZPFWY0v4b5dwCd9rgaqJl948q408esJj82/sFj+tTdyklLnpFPMJTeNhaTcW08KlW94HBJRRW9c3ynQVp10w3aO+wzY8f6fiT1G2EWpOV
surf.ueive.com/	1970-01-20 06:47:52	Name: AWSALB Value: 6Qi1hB9zq6stta6LRSO37CvKKBHd33VY1aaAje6IDT9MIQtjzCvduVUuw/8HyKov3XGBMJA5AUqrwy2cf+D+mcQq8XyoB1J5fJ6PPNdDbxJ1bxQhPNgmCXd6bcla
track.gositego.live/	1970-01-20 15:23:23	Name: afclick Value: 634504036aa2180001a7d2eb
kixa.jukminung.com/	1970-01-20 06:47:52	Name: AWSALB Value: B2zAuBBShvSfo0DhAKl1lORxDT+glOecj3VA4du6jeKshbTmhqF6AGwOTesl1dlIaMtyAus8R0kwq2qxJY3IvZzv4kh9yXqcR4OR5+NxoMt5YIorqAQVG4nPnFPT
trk30.zzzperform.com/	1970-01-20 16:13:47	Name: BSESSID Value: trk11f15c42-311c-42f8-995c-655d1b098693

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admoustache.go2affise.com
carrytraff.com
cdn.addlnk.com
kixa.jukminung.com
lynku.jukminung.com
myofferplus.com
otherfusion.net
otto.sherlowcke.com
primefrenzy.com
s3.amazonaws.com
surf.ueive.com
t.bl-easycdn.com
track.gositego.live
trk30.zzzperform.com
www.wewillserv.com
zring.jukminung.com
surf.ueive.com
139.59.49.76
209.236.123.11
2606:4700:3030::ac43:bfdd
2606:4700:3032::6815:1cae
2606:4700:e4::ac40:ab0b
27.255.94.10
2a06:98c1:3120::3
2a06:98c1:3121::3
34.141.179.97
34.147.1.177
51.68.81.31
52.216.33.216
65.60.58.179
284cf75ec2d041cafc355d4f8d5941cef4ebab942550ccef16511114c4938a52
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
2c8d9b6164a3fc489c682f4c8c35a63a5d7a87e89b5d1290cfc31592c48dc0a7
3ae40be8b4ee7b268426587f71e14d639e753460c4051d0ef5550d0da9acd01c
4394804547059e1d440f04161220b64190b8a869f5fb08519762c96b7cc6cb5f
4b620d9525124d27771577ff338ea3502db61d1c12a2dc36c976c7b8e06db281
777ba552f87c86f0c5ecfdb66780c9bc8bbe85c2b9a693fa6f678ac53807e49f
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
7b47db55680a988b5e26d2f870472344962ce9f8fe6712ca9f6c3ee6b81c9a45
7d4790090494caa60d9c8f79c4b8be681fc5f6cde40a96191006733146f971db
8cb0d909e370df7521edb77d944d635a864b0a31d5455f37daef38621208f870
b50195acf8184bf03b6552c8b5c300b257b738d80ffa4623d0d7ee81a8db2e08
c6f2d005cfaf67f8b14838315697dae4daa27506e831f967b420cffdc0b64db8
d3dfb889b5936b5b69f5da403dd92cec905c619c2459dda363b9f9ce11b6f233
def5241595e55c3af44035ebfee229b1ce4be749eb5d53db5beb1aa9fad15b0b
e1961b85be99930322edff77f4915666d65b938535be17aa50cd03efae8936e7

trk30.zzzperform.com Open in urlscan Pro 2606:4700:e4::ac40:ab0b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

35 Requests

97 %HTTPS

38 %IPv6

14 Domains

16 Subdomains

10 IPs

5 Countries

118 kBTransfer

259 kBSize

17 Cookies

0 Outgoing links

Page URL History

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

trk30.zzzperform.com Open in urlscan Pro
2606:4700:e4::ac40:ab0b Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

97 %
HTTPS

38 %
IPv6

14
Domains

16
Subdomains

10
IPs

5
Countries

118 kB
Transfer

259 kB
Size

17
Cookies

35 HTTP transactions
0 data transactions