urlscan.io logo urlscan.io
SecurityTrails logo

getarrectlive.com Open in urlscan Pro
2606:4700:3034::ac43:ce57  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://wpclk.net/cl/8156c1ff611ffafe
Effective URL: https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&sid=4_5936582-74665064...
Submission: On December 17 via manual from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 10 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3034::ac43:ce57, located in United States and belongs to CLOUDFLARENET, US. The main domain is getarrectlive.com. The Cisco Umbrella rank of the primary domain is 976022.
TLS certificate: Issued by GTS CA 1P5 on November 25th 2022. Valid for: 3 months.
This is the only time getarrectlive.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 139.45.197.251 9002 (RETN-AS)
1 139.45.195.8 9002 (RETN-AS)
2 3 35.190.55.95 15169 (GOOGLE)
1 1 34.90.81.51 396982 (GOOGLE-CL...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:20:... ()
3 2606:4700:20:... ()
14 9
1    2606:4700:3034::6815:1dea (United States)

ASN13335 (CLOUDFLARENET, US)
wpclk.net
2    2606:4700:3031::6815:3418 (United States)

ASN13335 (CLOUDFLARENET, US)
eu.bvmgo.xyz
1    2606:4700:3033::ac43:ce5f (United States)

ASN13335 (CLOUDFLARENET, US)
loading.bvmpsh.xyz
3    139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)
bigrourg.net
1    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
3    35.190.55.95 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 95.55.190.35.bc.googleusercontent.com
onclickperformance.com
1    34.90.81.51 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.81.90.34.bc.googleusercontent.com
tracking.prtrackings.com
2    2606:4700:3034::ac43:ce57 (United States)

ASN13335 (CLOUDFLARENET, US)
getarrectlive.com
1    2606:4700:20::681a:7e4 (None, )

ASN- ()
sdk.ocmhood.com
3    2606:4700:20::681a:6e4 (None, )

ASN- ()
cdn.ocmhood.com
t.ocmhood.com
Apex Domain
Subdomains		 Transfer
4 ocmhood.com
sdk.ocmhood.com
cdn.ocmhood.com
t.ocmhood.com
14 KB
3 onclickperformance.com
onclickperformance.com — Cisco Umbrella Rank: 158594
3 KB
3 bigrourg.net
bigrourg.net — Cisco Umbrella Rank: 402260
15 KB
2 getarrectlive.com
getarrectlive.com — Cisco Umbrella Rank: 976022
15 KB
2 bvmgo.xyz
eu.bvmgo.xyz
1 KB
1 prtrackings.com
tracking.prtrackings.com — Cisco Umbrella Rank: 193196
358 B
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 12387
548 B
1 bvmpsh.xyz
loading.bvmpsh.xyz
2 KB
1 wpclk.net
wpclk.net
1 KB
0 cn-rtb.com Failed
feed.cn-rtb.com Failed
14 10
Domain Requested by
3 onclickperformance.com 2 redirects loading.bvmpsh.xyz
3 bigrourg.net loading.bvmpsh.xyz
bigrourg.net
2 t.ocmhood.com sdk.ocmhood.com
2 getarrectlive.com onclickperformance.com
getarrectlive.com
2 eu.bvmgo.xyz 1 redirects
1 cdn.ocmhood.com sdk.ocmhood.com
1 sdk.ocmhood.com getarrectlive.com
1 tracking.prtrackings.com 1 redirects
1 my.rtmark.net bigrourg.net
1 loading.bvmpsh.xyz eu.bvmgo.xyz
1 wpclk.net 1 redirects
0 feed.cn-rtb.com Failed getarrectlive.com
14 12

This site contains no links.

Subject Issuer Validity Valid
*.bvmgo.xyz
GTS CA 1P5		 2022-11-18 -
2023-02-16		 3 months crt.sh
*.bvmpsh.xyz
GTS CA 1P5		 2022-11-17 -
2023-02-15		 3 months crt.sh
bigrourg.net
R3		 2022-12-12 -
2023-03-12		 3 months crt.sh
rtmark.net
R3		 2022-11-24 -
2023-02-22		 3 months crt.sh
onclickperformance.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-15 -
2023-12-15		 a year crt.sh
*.getarrectlive.com
GTS CA 1P5		 2022-11-25 -
2023-02-23		 3 months crt.sh
ocmhood.com
Cloudflare Inc ECC CA-3		 2022-05-04 -
2023-05-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&sid=4_5936582-746650642-1414483044
Frame ID: 380DDD3F187692294CE785D8A19F95FE
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Click Allow

Page URL History Show full URLs

  1. https://wpclk.net/cl/8156c1ff611ffafe HTTP 302
    https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9/?tb=gg-tb HTTP 301
    https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9?tb=gg-tb Page URL
  2. https://loading.bvmpsh.xyz/check/?tq=aHR0cHM6Ly9vbmNsaWNrcGVyZm9ybWFuY2UuY29tL2p1bXAvbmV4dC5waHA%2Fcj01... Page URL
  3. https://onclickperformance.com/jump/next.php?r=5936582&pub_clickid=ceep8flip8jvj55rpos0&earnings=[payout]&s... Page URL
  4. https://onclickperformance.com/jump/next.php?stamat=m%257COmIjKqY3aQdHQBH0dEdHP3xP.aeb%252C7phLI3QNxrekgyXp... HTTP 302
    https://onclickperformance.com/script/i.php?stamat=m%257C%252C%252CAjZXoiLitGU3Bf-GH0dEdHP3xP.324%252Cac-KC... HTTP 302
    https://tracking.prtrackings.com/click?pid=4&offer_id=3052&sub1=167127148910000TJPTV436497644084V28&sub2=5936... HTTP 302
    https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&si... Page URL

Page Statistics

14
Requests

93 %
HTTPS

60 %
IPv6

10
Domains

12
Subdomains

9
IPs

3
Countries

50 kB
Transfer

116 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://wpclk.net/cl/8156c1ff611ffafe HTTP 302
    https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9/?tb=gg-tb HTTP 301
    https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9?tb=gg-tb Page URL
  2. https://loading.bvmpsh.xyz/check/?tq=aHR0cHM6Ly9vbmNsaWNrcGVyZm9ybWFuY2UuY29tL2p1bXAvbmV4dC5waHA%2Fcj01OTM2NTgyJnB1Yl9jbGlja2lkPWNlZXA4ZmxpcDhqdmo1NXJwb3MwJmVhcm5pbmdzPVtwYXlvdXRdJnN1YjE9MjBmOTBkMmMtNjA5NS00OTBhLTk5NmQtODExMjEzMzU3ZWU4JnN1YjI9YmU0NmUyYTctMTYwMi00MDBlLWJhMjYtM2RmYjUwYjhmMGI5 Page URL
  3. https://onclickperformance.com/jump/next.php?r=5936582&pub_clickid=ceep8flip8jvj55rpos0&earnings=[payout]&sub1=20f90d2c-6095-490a-996d-811213357ee8&sub2=be46e2a7-1602-400e-ba26-3dfb50b8f0b9 Page URL
  4. https://onclickperformance.com/jump/next.php?stamat=m%257COmIjKqY3aQdHQBH0dEdHP3xP.aeb%252C7phLI3QNxrekgyXpDlKfvy-LVHqFu2cpo8h7FDqJJroOEBLwnK_j6rdGKd4ea7V8Hr0aIjdy-8wdyNzPOUb1A1fH4LH-v8hDzdRLv91094UTNnufxy1wp2gc9Dtajst31eioH0BWsr9BMu0LASDqaV5J5QMAlWHh-axbYMT7qWlT747vFSwwaCIaR_CCWPdrAidH-bagBMFkT3JtD5Rs9qylRVozREjYCAc87GX6srY%252C&cbpage=https://onclickperformance.com/jump/next.php?r=5936582&pub_clickid=ceep8flip8jvj55rpos0&earnings=[payout]&sub1=20f90d2c-6095-490a-996d-811213357ee8&sub2=be46e2a7-1602-400e-ba26-3dfb50b8f0b9&cbur=0.95762622854181&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Floading.bvmpsh.xyz%2F HTTP 302
    https://onclickperformance.com/script/i.php?stamat=m%257C%252C%252CAjZXoiLitGU3Bf-GH0dEdHP3xP.324%252Cac-KCUp8U5mQ_wT5vO3alBCzMOxCvAHhkWT4SK4YoM2rlBE9hFC5YxEE9XSFlGIOg36c_KroeP_SrEWO-dgmQneNja1_gNSFfHGx3PnOYCiu1R91zPVi2sICEFmVtUFdq81osNnupgw2OfhkL2D-pAMzNf1m9HL845aGGHEqOPR2HV7s4wnsdtLo5zcZzlxWTt7y8pS0xtiMf-bE5-eS5r21fniRtuHl7Oj3M-UubtPXfRofvI4985WscpeVpvAMrF0ZQ1lUFmf-VK3RsFsCq5Jb90ovCzwUfoqeEBFshPzTTRWhD0vJT2F4JGb7-ZOAtkSBlwx4B0hdJMs6WAJ6tRPhPE8ek5wsppl8XJW5Y34jPV_ETEJ_8sPoJXPUI42GK0iA-kqqTbCi6cUHANhAQPbV0N3fy8_SaUIxxPLuw9LFMWnEdLetSk42Nmr8-YlAISRfaRQKKqt6uXphrhPbwYNDJcOwi5YmW4yBx6u1p_0NUa22bb5pjp76e4XRiSLuxsEv2Nemp2Bn7Gm25nS2nXknv8SdNHH5qSQ39dZ74YdnRTSoOTypHrjSgTRyWzH0V8iPMEz5QDncyOMVAntLkHhw9wCA0gG32gH9YHreb_qNErDydwT53gMTk98i_PaqqVsFYZvf2klRYdmmHxS-9omQrvE174O4c6JWzB9XEXX8_oapebtK-xc1mBPgVJ2w HTTP 302
    https://tracking.prtrackings.com/click?pid=4&offer_id=3052&sub1=167127148910000TJPTV436497644084V28&sub2=5936582-746650642-1414483044 HTTP 302
    https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&sid=4_5936582-746650642-1414483044 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://wpclk.net/cl/8156c1ff611ffafe HTTP 302
  • https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9/?tb=gg-tb HTTP 301
  • https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9?tb=gg-tb

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
be46e2a7-1602-400e-ba26-3dfb50b8f0b9
eu.bvmgo.xyz/request/
Redirect Chain
  • https://wpclk.net/cl/8156c1ff611ffafe
  • https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9/?tb=gg-tb
  • https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9?tb=gg-tb
1 KB
820 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9?tb=gg-tb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:3418 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
77aed62648b680fc-NRT
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 17 Dec 2022 10:04:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2B%2Bi3W1SSBFWjXCxS41KJXpeqHEsW4W%2BZMkD8g6u6KrbdjEOjtXXOWcjndbDY%2BuQpDpvkVo3c6UmkrszZM5m%2Flzz3v%2FATPsoMO7YJJCgu1Uyx9cGZajc9dCvg2MJqYFp0Nr3X7mgMyH0Two%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
77aed61eda8680fc-NRT
content-type
text/html; charset=utf-8
date
Sat, 17 Dec 2022 10:04:46 GMT
location
/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9?tb=gg-tb
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ttugdGwSlE%2B%2FLJc4rDUGRI48Q8SFeWYTsi3%2FvwSyBH3Cf%2FYMstywDbXZCa2SF9YqoWAL1YzOz3wCNC0xwyLAZs4IKYwOM0OHSj7Tb65ognnAmK13YRcIe2ljuIx2HMdxPA%2BsAfQ0Zj4VZY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
/
loading.bvmpsh.xyz/check/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://loading.bvmpsh.xyz/check/?tq=aHR0cHM6Ly9vbmNsaWNrcGVyZm9ybWFuY2UuY29tL2p1bXAvbmV4dC5waHA%2Fcj01OTM2NTgyJnB1Yl9jbGlja2lkPWNlZXA4ZmxpcDhqdmo1NXJwb3MwJmVhcm5pbmdzPVtwYXlvdXRdJnN1YjE9MjBmOTBkMmMtNjA5NS00OTBhLTk5NmQtODExMjEzMzU3ZWU4JnN1YjI9YmU0NmUyYTctMTYwMi00MDBlLWJhMjYtM2RmYjUwYjhmMGI5
Requested by
Host: eu.bvmgo.xyz
URL: https://eu.bvmgo.xyz/request/be46e2a7-1602-400e-ba26-3dfb50b8f0b9?tb=gg-tb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:ce5f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69fff2794d5472494dbfd3290c7f4e342db4a6fc521c888c58c3ba45d9e71baf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
77aed6288fda2669-NRT
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 17 Dec 2022 10:04:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=feCc0cSP%2B%2F9saXqfXLdCXlDDlxveyXDbWv3Gl%2F9anjZ%2FGxdgqybT%2BGm%2BzjvlADm%2B4lRQtahSloq9xCnTns1Dv9vD7nU85XkYmnsfBAcdtwFDnpUHd%2BMWV3ufJ8ba0kqhojwtoMxwCRsRspnrK%2Fr93II%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=63072000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
micro.tag.min.js
bigrourg.net/pfe/current/ 		39 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bigrourg.net/pfe/current/micro.tag.min.js?z=5458318&sw=/sw-check-permissions-5b189.js
Requested by
Host: loading.bvmpsh.xyz
URL: https://loading.bvmpsh.xyz/check/?tq=aHR0cHM6Ly9vbmNsaWNrcGVyZm9ybWFuY2UuY29tL2p1bXAvbmV4dC5waHA%2Fcj01OTM2NTgyJnB1Yl9jbGlja2lkPWNlZXA4ZmxpcDhqdmo1NXJwb3MwJmVhcm5pbmdzPVtwYXlvdXRdJnN1YjE9MjBmOTBkMmMtNjA5NS00OTBhLTk5NmQtODExMjEzMzU3ZWU4JnN1YjI9YmU0NmUyYTctMTYwMi00MDBlLWJhMjYtM2RmYjUwYjhmMGI5
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
d7ed66994fe31ead9527dc818ac5af8f458d1a39af989faca249897a5e3e3219

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://loading.bvmpsh.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 17 Dec 2022 10:04:48 GMT
content-encoding
gzip
last-modified
Tue, 13 Dec 2022 09:06:10 GMT
server
nginx
etag
W/"63984082-9a87"
content-type
application/javascript
cache-control
no-cache
access-control-allow-credentials
true
zone
bigrourg.net/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bigrourg.net/zone?&pub=0&zone_id=5458318&is_mobile=false&domain=loading.bvmpsh.xyz&var=&ymid=&var_3=&dsig=&action=prerequest
Requested by
Host: bigrourg.net
URL: https://bigrourg.net/pfe/current/micro.tag.min.js?z=5458318&sw=/sw-check-permissions-5b189.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://loading.bvmpsh.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-trace-id
74e46df8aebcda65e750c513079d8a64
date
Sat, 17 Dec 2022 10:04:48 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-origin
https://loading.bvmpsh.xyz
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
0
gid.js
my.rtmark.net/ 		65 B
548 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=5458318&checkDuplicate=true&ymid=&var=
Requested by
Host: bigrourg.net
URL: https://bigrourg.net/pfe/current/micro.tag.min.js?z=5458318&sw=/sw-check-permissions-5b189.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e5fdab6167052b8ac96c9bbfc4353647d690c493c81dbc99e4221f6822697e72
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://loading.bvmpsh.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 17 Dec 2022 10:04:49 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://loading.bvmpsh.xyz
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
zone
bigrourg.net/ 		695 B
986 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bigrourg.net/zone?&pub=0&zone_id=5458318&is_mobile=false&domain=loading.bvmpsh.xyz&var=&ymid=&var_3=&dsig=&action=settings
Requested by
Host: bigrourg.net
URL: https://bigrourg.net/pfe/current/micro.tag.min.js?z=5458318&sw=/sw-check-permissions-5b189.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
60bf903a4ffbec2ffaeeeb70496b1d7b74be5ebd0da5e69549bd3c3930a5b202
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://loading.bvmpsh.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-trace-id
989312bdb0f2894a46d32ce1a2fb35f9
date
Sat, 17 Dec 2022 10:04:49 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://loading.bvmpsh.xyz
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
695
next.php
onclickperformance.com/jump/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onclickperformance.com/jump/next.php?r=5936582&pub_clickid=ceep8flip8jvj55rpos0&earnings=[payout]&sub1=20f90d2c-6095-490a-996d-811213357ee8&sub2=be46e2a7-1602-400e-ba26-3dfb50b8f0b9
Requested by
Host: loading.bvmpsh.xyz
URL: https://loading.bvmpsh.xyz/check/?tq=aHR0cHM6Ly9vbmNsaWNrcGVyZm9ybWFuY2UuY29tL2p1bXAvbmV4dC5waHA%2Fcj01OTM2NTgyJnB1Yl9jbGlja2lkPWNlZXA4ZmxpcDhqdmo1NXJwb3MwJmVhcm5pbmdzPVtwYXlvdXRdJnN1YjE9MjBmOTBkMmMtNjA5NS00OTBhLTk5NmQtODExMjEzMzU3ZWU4JnN1YjI9YmU0NmUyYTctMTYwMi00MDBlLWJhMjYtM2RmYjUwYjhmMGI5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.55.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.55.190.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Referer
https://loading.bvmpsh.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sat, 17 Dec 2022 10:04:49 GMT
server
openresty
via
1.1 google
Primary Request /
getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/
Redirect Chain
  • https://onclickperformance.com/jump/next.php?stamat=m%257COmIjKqY3aQdHQBH0dEdHP3xP.aeb%252C7phLI3QNxrekgyXpDlKfvy-LVHqFu2cpo8h7FDqJJroOEBLwnK_j6rdGKd4ea7V8Hr0aIjdy-8wdyNzPOUb1A1fH4LH-v8hDzdRLv91094...
  • https://onclickperformance.com/script/i.php?stamat=m%257C%252C%252CAjZXoiLitGU3Bf-GH0dEdHP3xP.324%252Cac-KCUp8U5mQ_wT5vO3alBCzMOxCvAHhkWT4SK4YoM2rlBE9hFC5YxEE9XSFlGIOg36c_KroeP_SrEWO-dgmQneNja1_gNS...
  • https://tracking.prtrackings.com/click?pid=4&offer_id=3052&sub1=167127148910000TJPTV436497644084V28&sub2=5936582-746650642-1414483044
  • https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&sid=4_5936582-746650642-1414483044
28 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&sid=4_5936582-746650642-1414483044
Requested by
Host: onclickperformance.com
URL: https://onclickperformance.com/jump/next.php?r=5936582&pub_clickid=ceep8flip8jvj55rpos0&earnings=[payout]&sub1=20f90d2c-6095-490a-996d-811213357ee8&sub2=be46e2a7-1602-400e-ba26-3dfb50b8f0b9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:ce57 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c89ecc3853c8c6e45749821278ea06257858ab8f38cce4f2011dd2716e4a450

Request headers

Referer
https://onclickperformance.com/jump/next.php?r=5936582&pub_clickid=ceep8flip8jvj55rpos0&earnings=[payout]&sub1=20f90d2c-6095-490a-996d-811213357ee8&sub2=be46e2a7-1602-400e-ba26-3dfb50b8f0b9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
77aed642aef7b006-NRT
content-encoding
br
content-type
text/html
date
Sat, 17 Dec 2022 10:04:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ox9FuWZ%2BJO6zUZJHRqhKYBqH3kAjGcFc3%2FRB2BE0ydebTm9fB3uJo7kfG%2Bz8JZV0Xbzxi%2FClzj8gw0%2BVD7uK55S46Oqo1ssrqOk9hbziWwBMX5KxWKpV4mL4qQ31foyxColhr50PkcyhXhjmx7w5Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

access-control-allow-origin
*
content-length
0
date
Sat, 17 Dec 2022 10:04:50 GMT
location
https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&sid=4_5936582-746650642-1414483044
server
nginx
x-adjust-use-original-forwarded-for
1
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/png
AFU1kAAPatM
feed.cn-rtb.com/v1/native/ 		0
0
conf.json
getarrectlive.com/hood/Z2V0YXJyZWN0bGl2ZS5jb20=/ 		49 B
569 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://getarrectlive.com/hood/Z2V0YXJyZWN0bGl2ZS5jb20=/conf.json
Requested by
Host: getarrectlive.com
URL: https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&sid=4_5936582-746650642-1414483044
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:ce57 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd8c88faedeb4d7b6cd9f7b0e4d0bdb3cd1b7b478488adaf960e89e6e678c537

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&sid=4_5936582-746650642-1414483044
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 17 Dec 2022 10:04:51 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Sat, 17 Dec 2022 09:57:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"639d9293-31"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvDdsWHJ64k9UQ7vSoiA%2F1jzR4OCs9vz4X%2Bj58xhOFfBo7cKUjnHg1C7Nn5oA5rwkGricPvNVXS4fkX1aFQulI55lgLfZ5PVJPqzeJdkwJNkOupWpUmhFHYHCFXNyTyJqHwVJnApRK5JcBEO2Oq8lg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
77aed6455c8caf24-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
truncated
/ 		748 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
ht.js
sdk.ocmhood.com/sdk/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2NigxNDY4MjE0Nj1p
Requested by
Host: getarrectlive.com
URL: https://getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY/?cid=639d944200748e0001b02e21&sid=4_5936582-746650642-1414483044
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7e4 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
d3ef2ef4d0e253a8898c7b84927bb772ac8335e03e81f49858c62f00d4fce9d2

Request headers

Referer
https://getarrectlive.com/
Origin
https://getarrectlive.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 17 Dec 2022 10:04:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5918
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
service-worker-allowed
/
last-modified
Tue, 08 Nov 2022 13:43:48 GMT
server
cloudflare
etag
W/"636a5d14-2e7e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vPUUfDM%2BNoDgr28ZrwaDJVvmIvkw4n7RoxXjevpaC6aaOFwwHDqRa3viNYev6PjfGp6pjBnPpzLLUmttv4Nh2UKgwGuZ4UkiISGE7tX5uq9TDkfc7jt35CQZjpS6ItXtWHVy7alioD38Zx1y6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
77aed646bf24e374-NRT
NjY4ZwSkNAFfmDQ2NigxNDY4MjE0Nj1p.js
cdn.ocmhood.com/tag/ 		191 B
714 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ocmhood.com/tag/NjY4ZwSkNAFfmDQ2NigxNDY4MjE0Nj1p.js
Requested by
Host: sdk.ocmhood.com
URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2NigxNDY4MjE0Nj1p
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:6e4 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
17a232242959acd39efd1919dc40d03f4488c2697faa0141f0adf10964a2c0ae

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://getarrectlive.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 17 Dec 2022 10:04:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1339
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
service-worker-allowed
/
last-modified
Wed, 30 Nov 2022 11:11:45 GMT
server
cloudflare
etag
W/"63873a71-bf"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UqtFfqEvJyU2ukIMOx3dtXLJUU%2BgHERKn3TnwDLdGsUSAZHQpLKx%2F9TUte4hUP%2BRT0TfFnwp1KpsYp34hfHcZuXORRiOYMt3iHh%2Bqg3tTJHaL0XpxvaZUgtXniJiE%2BrdgNDONM3EHUa88vU2Nw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=300
cf-ray
77aed646ebdae360-NRT
activity
t.ocmhood.com/v2/ 		0
309 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://t.ocmhood.com/v2/activity
Requested by
Host: sdk.ocmhood.com
URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2NigxNDY4MjE0Nj1p
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:6e4 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://getarrectlive.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 17 Dec 2022 10:04:51 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2B0r7qeW4FRUjgYf5mqc8uINYNuX%2FdVK6F%2B%2B8SogrFZ%2FubrLLHp8Uwdt3UYk28qXoKcQdZLQBmJ%2F6lsvIBjVrrCRWGn4uqcGrZbMNtws%2BHvoHM3oZDceItHpg9%2Bo%2F13lsnjEQdmHU1WeJ5w%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
no-cache
cf-ray
77aed6470beee360-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
activity
t.ocmhood.com/v2/ 		0
267 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://t.ocmhood.com/v2/activity
Requested by
Host: sdk.ocmhood.com
URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2NigxNDY4MjE0Nj1p
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:6e4 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://getarrectlive.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 17 Dec 2022 10:04:51 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J8PVaTka1T%2BFCj7RCfo98QKgSSU%2FT2G%2BACF7xYEDlQzwlhMHS3H7uFzlvUo4aJy1MBDFALkHYLlgtqvl81M9pL553lPcZ07ZpTcXf9pZn7I%2BiVmY8gbsWu71Y3lvqz9iGechP7dp6IWizXI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
no-cache
cf-ray
77aed6470bf0e360-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
feed.cn-rtb.com
URL
https://feed.cn-rtb.com/v1/native/AFU1kAAPatM?subid=59861&uid=5f8134d4-edca-4021-a624-b1b9acce4a5a&kw=download%20install

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange string| qs function| importOmpServiceWorker function| initOmpServiceWorker function| clearSession function| getLpType function| fetchAd function| getOCP function| popme function| pbcid function| finalRedirect function| goNextStep function| goToRedirectonAllow function| goToRedirectSmart2 function| isPushApiSupported function| uuidv4 function| initLpPush function| startOmpWorker object| ad number| cpc object| o_eid object| o_ocid string| fallback_url function| before_redirect_block

7 Cookies

Domain/Path Name / Value
getarrectlive.com/vvprPD2bnMCwLxo5743cMOedIP7sREIr9J8Uo0cc8kY Name: session
Value: SLBrTPnwobUqWCH7myTs7C5mRWfKduRv
wpclk.net/ Name: sbc8156c1ff611ffafe
Value: eyJpdiI6ImNUVHFCRDRwVDc0YzRob2QwTkZOYUE9PSIsInZhbHVlIjoicGRYZXpRUitBTTJqRk1Qci9HRnhLQT09IiwibWFjIjoiODQ3ZGVkNmYyYjFhMmE2ZmRiNGQwYzgxODYyMmU3MmEwMzQ1ZmE3ODNhNjk3ZGFjMjlhNGRiYjg4Y2Q1ZjYxYSIsInRhZyI6IiJ9
wpclk.net/ Name: vis
Value: eyJpdiI6IjNNMkdSNk1McFpBUzBLVzBKeFpzc3c9PSIsInZhbHVlIjoiWkVHbEJUc1RDZUcvYzd1WUtadE00dz09IiwibWFjIjoiZmM4MGRlMDBkMDQ1MjNkNjNkMzlkMjE1YThkNGJiYTJiNWM5OTE4NGI1MjE5YzA3OGNkOWZlNTFkNmM1YTQ0MiIsInRhZyI6IiJ9
eu.bvmgo.xyz/ Name: vrt-be46e2a7-1602-400e-ba26-3dfb50b8f0b9
Value: 1
my.rtmark.net/ Name: ID
Value: 3795bea77e554b0e96858d1ae7841823
tracking.prtrackings.com/ Name: afclick
Value: 639d944200748e0001b02e21
tracking.prtrackings.com/ Name: afoffers
Value: {"3052":1671271490}