www.shareasale-analytics.com Open in urlscan Pro
104.18.67.79 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://qe8.ghyoutube.com/
Effective URL:
https://www.shareasale-analytics.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_de&shrsl_analytics_s...
Submission Tags: falconsandbox
Submission: On January 26 via api (January 26th 2022, 10:47:51 pm UTC) from US — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 7 domains to perform 8 HTTP transactions. The main IP is 104.18.67.79, located in and belongs to CLOUDFLARENET, US. The main domain is www.shareasale-analytics.com. The Cisco Umbrella rank of the primary domain is 130287.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 2nd 2021. Valid for: a year.

This is the only time www.shareasale-analytics.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	103.224.182.210 103.224.182.210	133618 (TRELLIAN-...) (TRELLIAN-AS-AP Trellian Pty. Limited)
1 5	103.224.182.206 103.224.182.206	133618 (TRELLIAN-...) (TRELLIAN-AS-AP Trellian Pty. Limited)
1 1	78.46.197.88 78.46.197.88	24940 (HETZNER-AS) (HETZNER-AS)
2	157.90.169.168 157.90.169.168	24940 (HETZNER-AS) (HETZNER-AS)
1 1	104.16.227.72 104.16.227.72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.67.79 104.18.67.79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	45.33.108.91 45.33.108.91	() ()
8	4

1 103.224.182.210 (Australia) 1 redirects

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-182-210.above.com

qe8.ghyoutube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 103.224.182.206 (Australia) 1 redirects

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: bidr.trellian.com

1redirb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.46.197.88 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.88.197.46.78.clients.your-server.de

clever-redirect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.90.169.168 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.168.169.90.157.clients.your-server.de

lookandfind.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.227.72 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.shareasale.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.67.79 (None, )

ASN13335 (CLOUDFLARENET, US)

www.shareasale-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.33.108.91 (None, )

ASN- ()

www.rolecosplay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	1redirb.com 1 redirects 1redirb.com — Cisco Umbrella Rank: 552700	8 KB
2	lookandfind.me lookandfind.me	1 KB
1	rolecosplay.com www.rolecosplay.com
1	shareasale-analytics.com www.shareasale-analytics.com — Cisco Umbrella Rank: 130287	2 KB
1	shareasale.com 1 redirects www.shareasale.com — Cisco Umbrella Rank: 48978	2 KB
1	clever-redirect.com 1 redirects clever-redirect.com	235 B
1	ghyoutube.com 1 redirects qe8.ghyoutube.com	1 KB
8	7

	Domain	Requested by
5	1redirb.com	1 redirects 1redirb.com
2	lookandfind.me	1redirb.com
1	www.rolecosplay.com	www.shareasale-analytics.com
1	www.shareasale-analytics.com	lookandfind.me
1	www.shareasale.com	1 redirects
1	clever-redirect.com	1 redirects
1	qe8.ghyoutube.com	1 redirects
8	7

This site contains no links.

Subject Issuer	Validity	Valid
lookandfind.me R3	`2022-01-02` - `2022-04-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-02` - `2022-07-01`	a year	crt.sh
www.wig-supplier.com Go Daddy Secure Certificate Authority - G2	`2021-03-07` - `2022-02-09`	a year	crt.sh

This page contains 1 frames:

Frame: https://www.rolecosplay.com/?sscid=11k6_u63xh
Frame ID: 879E25DA0E254332AC73AB7DA530B308
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://qe8.ghyoutube.com/ HTTP 302
http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2... Page URL
http://1redirb.com/r.php?u=https%3A%2F%2Fclever-redirect.com%2Fs%2Fr6%3Fs%3D721614%26s3%3D60846... HTTP 302
https://clever-redirect.com/s/r6?s=721614&s3=608462593&sid=2022012709474545a0f94c3ddb101440 HTTP 302
https://lookandfind.me/s/a?t=8&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=rolecosplay.com&s1=721614&s... Page URL
https://lookandfind.me/s/r?u=https%3A%2F%2Fwww.shareasale.com%2Fr.cfm%3Fb%3D1175905%26u%3D2939522%2... Page URL
https://www.shareasale.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_de HTTP 302
https://www.shareasale-analytics.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_... Page URL

Detected technologies

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

Page Statistics

8
Requests

50 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

4
IPs

3
Countries

10 kB
Transfer

17 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://qe8.ghyoutube.com/ HTTP 302
http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wksLaBv0UCWpBo4bgXTHb0pfX%2FdBe1tRIqIYbBD65L3QkugPpdWTDFITRXUhgGirEutRLR%2FcEvVdUSoLadsi7Cdf4UUmswPjR0f7Oak4MLls8p%2FuUh0CQYdTq%2FPbLkdFnnsolJxH3xOmIjr4pa93Du%2BkQ9mIYFvVkHVFA3lqo10rUOwIkaRGQOA%2FZEnU6qQ1HQFfRfa3uimromJ15Boj%2Fyc4Un65y7%2FRP4UbwkqPs7l8%2Fn2p3jJUlwteNg4vPblsc%2FGxI9NUoTYB0cbNqTQPqhGujwK0dkBBpT2Rc9jlkyuDI%2B5TribkJz3ZximePeXjUKq9pu4YvJWk5ltQzx8%2BuTxop0lkX2KctM5KcKNjTOn78IqMcJaQeX%2F1sQbQsYJdTFMtRR%2BoGZrHpu1a5STCy57hO5cn3jTUutc2Ka1OeOcAzcAQ8L2KRREoXPZ1iLLL5aSeydJyv2UdPv%2Bym%2Bw4POb2NHV9kQkR9GrRyPuvgINV7AHKuLeGYg0OFt%2BvB8%2FwAq2ieq3JeaVnGgpH0gJbideQdel%2Bk9B70nAhsABal5uTfCxgrvQ%2Bx5WiYIcQNgpqfaourGvs9Eogmr0sr7X5l9Nsw%3D%3D Page URL
http://1redirb.com/r.php?u=https%3A%2F%2Fclever-redirect.com%2Fs%2Fr6%3Fs%3D721614%26s3%3D608462593%26sid%3D2022012709474545a0f94c3ddb101440&s=j&enc=Ylc2VDdwRmk5WktWSzJUSHZqcmFrMzQ5ZmxGWFpFcE1kMVZvVVdsUGMwdERiWFJuTmxWc056ZFFjR1JNTmtRM1ptUjFSbUZPYlZaaFEydzViMU5pTWprMk9EQmhLMkpFYUdwa2FtMXVaRWxRU25CRE1FbGxabWt2VkVZMGRuSkdTMk5aVWpscFpuQTJObFZ6V2tWNk5GVjFNWFF2TUM5S01qTlNTRWx3T0hkNlprdDJOa2RwY3pSVFVuRm5USFZhYjNkSmEwcEtaWE40Y3pWT1VWaHFXVGR2WVdSblRraG5RVVpsUzJaNmJXOW9WMHQ0WkRkME5pdFRRa3BZV0ZSV1pUbEhPSFJVUmtsd2IxUnNXVWRFVjB0TEswRnFUMEo2UTIxeVYwUm9UVE5hZDBVcmQzUTJNM2RLVERJME1WWlpRemcyTjFsM05ubFpVakZQVFRsUU0wRkVXSGxQT0dOWmJFVlBOa3hZVG5kbE0yOTRjRWR5YUc4emREWlRkelZpU2k5RVJXaDVUVkV3Y0dWdk16YzRkalZqWlhkdlZHVlVSMFZRTUdKb1lqVTJVVVpaU0ZaNVRWUlNWR1JxWkhWQmRrVmxWVkUxYTA5UGIzbDZUVFZoYzNkV1QycE9TMjA0WVRCQk9Ha3Zlbmt5U1V4aVRqWkNRMVJ3YWt4UVVWTktla1JMWkhWclprRTBiSEJOVm05T1VVSnFUSGhQV0dSR1p6Tk5LMDVhYjJOQ01GVm1hVFZuU2tsTFZscERUa2xHWm5OS1RrdDNhR3MzVERJcllYTlNUMlJqYkVOMWIweDJZbVZ2YzNRNFMzUTVMMnBITDA5SVZGZHFWRk5pVld4RGEyZElXVTVpUzFSSFZsTkdTV05hYTFBeVYzbzRabTVGVDNCMGEwRm5NVTlEUVZKNE5qUldOMlp6WVVkNWRGTmlaVXBKVWpJMVlYWTFhWEJpUzA1T1ZXbEdWWFpSYmtkQmNXOUVZVUprZUM5UlEwNUplVUl3V0hsNE9XMU1jV2R0VmxKS1NVd3ZUeXRNVW5seWMxVTVjbFZUV2toc1ptSTVSbXg1Tm5vMVpTdGhNVnAxYVdWYVRrSlVVMWROUlZrM1MzaDNabWR6UnpWaVJuQjZVVlpRVW5KR1F5dDFZWGxST0U5blZuWnFNR1JtYldoRVR6UTJSV0ZtVVM5S1NGaFhUMHRtZUdwemREbFVlbU5oVFdRclZuZFpUSEp6TnpCbWJTdDVUMHBHYVVGdVFUZG9MMXByUnpSalJHOHpkbE5oVHpCNWMzZE5Oa2xWWkRkNWVURmFTVFF6WlVkTFRteENVR3BvYVVGRFZVVmhja00xVkdoTVREWmplVmhyYjFKM2VVSnRRa3RrV25SUWFrbGhjbmR2TVZwcVNXbFFOWE5PTmpCSVJqQlNjemxzYld0eVRWUk1UVTB4VkRaV2QyUllhRzlMWTFsTVJGaHNha3hWVFVOWlZEaFdkemx1VUU5MEwxY3dUR3BNYldKUFJFSXdVMjVpUjNVNVNESm5laXROWjI5RmVERnZkMHBuUFQwPQ%3D%3D&vs=1600:1200&ds=1600:1200&sl=0:0&os=f&nos=f&swfV=0.0.0&if=f&sc=f&gpu=Intel%20Inc.%20-%20Intel%20Iris%20OpenGL%20Engine HTTP 302
https://clever-redirect.com/s/r6?s=721614&s3=608462593&sid=2022012709474545a0f94c3ddb101440 HTTP 302
https://lookandfind.me/s/a?t=8&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=rolecosplay.com&s1=721614&s2=&s3=608462593&s5=woc Page URL
https://lookandfind.me/s/r?u=https%3A%2F%2Fwww.shareasale.com%2Fr.cfm%3Fb%3D1175905%26u%3D2939522%26m%3D79381%26afftrack%3D5ad8fb0e3b81dd2fb750c42df0617e98_de&h=00abce9c3ca6ad4da6687c185f89b2d9 Page URL
https://www.shareasale.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_de HTTP 302
https://www.shareasale-analytics.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_de&shrsl_analytics_sscid=11k6%5Fu63xh&shrsl_analytics_sstid=11k6%5Fu63xh Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://qe8.ghyoutube.com/ HTTP 302
http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wksLaBv0UCWpBo4bgXTHb0pfX%2FdBe1tRIqIYbBD65L3QkugPpdWTDFITRXUhgGirEutRLR%2FcEvVdUSoLadsi7Cdf4UUmswPjR0f7Oak4MLls8p%2FuUh0CQYdTq%2FPbLkdFnnsolJxH3xOmIjr4pa93Du%2BkQ9mIYFvVkHVFA3lqo10rUOwIkaRGQOA%2FZEnU6qQ1HQFfRfa3uimromJ15Boj%2Fyc4Un65y7%2FRP4UbwkqPs7l8%2Fn2p3jJUlwteNg4vPblsc%2FGxI9NUoTYB0cbNqTQPqhGujwK0dkBBpT2Rc9jlkyuDI%2B5TribkJz3ZximePeXjUKq9pu4YvJWk5ltQzx8%2BuTxop0lkX2KctM5KcKNjTOn78IqMcJaQeX%2F1sQbQsYJdTFMtRR%2BoGZrHpu1a5STCy57hO5cn3jTUutc2Ka1OeOcAzcAQ8L2KRREoXPZ1iLLL5aSeydJyv2UdPv%2Bym%2Bw4POb2NHV9kQkR9GrRyPuvgINV7AHKuLeGYg0OFt%2BvB8%2FwAq2ieq3JeaVnGgpH0gJbideQdel%2Bk9B70nAhsABal5uTfCxgrvQ%2Bx5WiYIcQNgpqfaourGvs9Eogmr0sr7X5l9Nsw%3D%3D

Request Chain 4

http://1redirb.com/r.php?u=https%3A%2F%2Fclever-redirect.com%2Fs%2Fr6%3Fs%3D721614%26s3%3D608462593%26sid%3D2022012709474545a0f94c3ddb101440&s=j&enc=Ylc2VDdwRmk5WktWSzJUSHZqcmFrMzQ5ZmxGWFpFcE1kMVZvVVdsUGMwdERiWFJuTmxWc056ZFFjR1JNTmtRM1ptUjFSbUZPYlZaaFEydzViMU5pTWprMk9EQmhLMkpFYUdwa2FtMXVaRWxRU25CRE1FbGxabWt2VkVZMGRuSkdTMk5aVWpscFpuQTJObFZ6V2tWNk5GVjFNWFF2TUM5S01qTlNTRWx3T0hkNlprdDJOa2RwY3pSVFVuRm5USFZhYjNkSmEwcEtaWE40Y3pWT1VWaHFXVGR2WVdSblRraG5RVVpsUzJaNmJXOW9WMHQ0WkRkME5pdFRRa3BZV0ZSV1pUbEhPSFJVUmtsd2IxUnNXVWRFVjB0TEswRnFUMEo2UTIxeVYwUm9UVE5hZDBVcmQzUTJNM2RLVERJME1WWlpRemcyTjFsM05ubFpVakZQVFRsUU0wRkVXSGxQT0dOWmJFVlBOa3hZVG5kbE0yOTRjRWR5YUc4emREWlRkelZpU2k5RVJXaDVUVkV3Y0dWdk16YzRkalZqWlhkdlZHVlVSMFZRTUdKb1lqVTJVVVpaU0ZaNVRWUlNWR1JxWkhWQmRrVmxWVkUxYTA5UGIzbDZUVFZoYzNkV1QycE9TMjA0WVRCQk9Ha3Zlbmt5U1V4aVRqWkNRMVJ3YWt4UVVWTktla1JMWkhWclprRTBiSEJOVm05T1VVSnFUSGhQV0dSR1p6Tk5LMDVhYjJOQ01GVm1hVFZuU2tsTFZscERUa2xHWm5OS1RrdDNhR3MzVERJcllYTlNUMlJqYkVOMWIweDJZbVZ2YzNRNFMzUTVMMnBITDA5SVZGZHFWRk5pVld4RGEyZElXVTVpUzFSSFZsTkdTV05hYTFBeVYzbzRabTVGVDNCMGEwRm5NVTlEUVZKNE5qUldOMlp6WVVkNWRGTmlaVXBKVWpJMVlYWTFhWEJpUzA1T1ZXbEdWWFpSYmtkQmNXOUVZVUprZUM5UlEwNUplVUl3V0hsNE9XMU1jV2R0VmxKS1NVd3ZUeXRNVW5seWMxVTVjbFZUV2toc1ptSTVSbXg1Tm5vMVpTdGhNVnAxYVdWYVRrSlVVMWROUlZrM1MzaDNabWR6UnpWaVJuQjZVVlpRVW5KR1F5dDFZWGxST0U5blZuWnFNR1JtYldoRVR6UTJSV0ZtVVM5S1NGaFhUMHRtZUdwemREbFVlbU5oVFdRclZuZFpUSEp6TnpCbWJTdDVUMHBHYVVGdVFUZG9MMXByUnpSalJHOHpkbE5oVHpCNWMzZE5Oa2xWWkRkNWVURmFTVFF6WlVkTFRteENVR3BvYVVGRFZVVmhja00xVkdoTVREWmplVmhyYjFKM2VVSnRRa3RrV25SUWFrbGhjbmR2TVZwcVNXbFFOWE5PTmpCSVJqQlNjemxzYld0eVRWUk1UVTB4VkRaV2QyUllhRzlMWTFsTVJGaHNha3hWVFVOWlZEaFdkemx1VUU5MEwxY3dUR3BNYldKUFJFSXdVMjVpUjNVNVNESm5laXROWjI5RmVERnZkMHBuUFQwPQ%3D%3D&vs=1600:1200&ds=1600:1200&sl=0:0&os=f&nos=f&swfV=0.0.0&if=f&sc=f&gpu=Intel%20Inc.%20-%20Intel%20Iris%20OpenGL%20Engine HTTP 302
https://clever-redirect.com/s/r6?s=721614&s3=608462593&sid=2022012709474545a0f94c3ddb101440 HTTP 302
https://lookandfind.me/s/a?t=8&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=rolecosplay.com&s1=721614&s2=&s3=608462593&s5=woc

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

r2.php Show response
1redirb.com/
Redirect Chain

http://qe8.ghyoutube.com/
http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wk...

4 KB
3 KB

563ms
183ms

Document
text/html

103.224.182.206
TRELLIAN-AS-AP Tr...

General

Check archive.org

Show headers Download Go to

Full URL: http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wksLaBv0UCWpBo4bgXTHb0pfX%2FdBe1tRIqIYbBD65L3QkugPpdWTDFITRXUhgGirEutRLR%2FcEvVdUSoLadsi7Cdf4UUmswPjR0f7Oak4MLls8p%2FuUh0CQYdTq%2FPbLkdFnnsolJxH3xOmIjr4pa93Du%2BkQ9mIYFvVkHVFA3lqo10rUOwIkaRGQOA%2FZEnU6qQ1HQFfRfa3uimromJ15Boj%2Fyc4Un65y7%2FRP4UbwkqPs7l8%2Fn2p3jJUlwteNg4vPblsc%2FGxI9NUoTYB0cbNqTQPqhGujwK0dkBBpT2Rc9jlkyuDI%2B5TribkJz3ZximePeXjUKq9pu4YvJWk5ltQzx8%2BuTxop0lkX2KctM5KcKNjTOn78IqMcJaQeX%2F1sQbQsYJdTFMtRR%2BoGZrHpu1a5STCy57hO5cn3jTUutc2Ka1OeOcAzcAQ8L2KRREoXPZ1iLLL5aSeydJyv2UdPv%2Bym%2Bw4POb2NHV9kQkR9GrRyPuvgINV7AHKuLeGYg0OFt%2BvB8%2FwAq2ieq3JeaVnGgpH0gJbideQdel%2Bk9B70nAhsABal5uTfCxgrvQ%2Bx5WiYIcQNgpqfaourGvs9Eogmr0sr7X5l9Nsw%3D%3D
Protocol: HTTP/1.1
Server: 103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS: bidr.trellian.com
Software: Apache/2.4.25 (Debian) /
Resource Hash: 462f5083264548c2d7702c806a94d533541fb5d160b94b6b97ed4efab0fbc228

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Wed, 26 Jan 2022 22:47:46 GMT
Server: Apache/2.4.25 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2297
Connection: close
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Wed, 26 Jan 2022 22:47:45 GMT
Server: Apache/2.4.25 (Debian)
Location: http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wksLaBv0UCWpBo4bgXTHb0pfX%2FdBe1tRIqIYbBD65L3QkugPpdWTDFITRXUhgGirEutRLR%2FcEvVdUSoLadsi7Cdf4UUmswPjR0f7Oak4MLls8p%2FuUh0CQYdTq%2FPbLkdFnnsolJxH3xOmIjr4pa93Du%2BkQ9mIYFvVkHVFA3lqo10rUOwIkaRGQOA%2FZEnU6qQ1HQFfRfa3uimromJ15Boj%2Fyc4Un65y7%2FRP4UbwkqPs7l8%2Fn2p3jJUlwteNg4vPblsc%2FGxI9NUoTYB0cbNqTQPqhGujwK0dkBBpT2Rc9jlkyuDI%2B5TribkJz3ZximePeXjUKq9pu4YvJWk5ltQzx8%2BuTxop0lkX2KctM5KcKNjTOn78IqMcJaQeX%2F1sQbQsYJdTFMtRR%2BoGZrHpu1a5STCy57hO5cn3jTUutc2Ka1OeOcAzcAQ8L2KRREoXPZ1iLLL5aSeydJyv2UdPv%2Bym%2Bw4POb2NHV9kQkR9GrRyPuvgINV7AHKuLeGYg0OFt%2BvB8%2FwAq2ieq3JeaVnGgpH0gJbideQdel%2Bk9B70nAhsABal5uTfCxgrvQ%2Bx5WiYIcQNgpqfaourGvs9Eogmr0sr7X5l9Nsw%3D%3D
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jscheck.js Show response
1redirb.com/javascript/ 899 B
718 B 180ms
180ms Script
application/javascript 103.224.182.206
TRELLIAN-AS-AP Tr...

General

Check archive.org

Show headers Download Go to

Full URL: http://1redirb.com/javascript/jscheck.js
Requested by: Host: 1redirb.com
URL: http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wksLaBv0UCWpBo4bgXTHb0pfX%2FdBe1tRIqIYbBD65L3QkugPpdWTDFITRXUhgGirEutRLR%2FcEvVdUSoLadsi7Cdf4UUmswPjR0f7Oak4MLls8p%2FuUh0CQYdTq%2FPbLkdFnnsolJxH3xOmIjr4pa93Du%2BkQ9mIYFvVkHVFA3lqo10rUOwIkaRGQOA%2FZEnU6qQ1HQFfRfa3uimromJ15Boj%2Fyc4Un65y7%2FRP4UbwkqPs7l8%2Fn2p3jJUlwteNg4vPblsc%2FGxI9NUoTYB0cbNqTQPqhGujwK0dkBBpT2Rc9jlkyuDI%2B5TribkJz3ZximePeXjUKq9pu4YvJWk5ltQzx8%2BuTxop0lkX2KctM5KcKNjTOn78IqMcJaQeX%2F1sQbQsYJdTFMtRR%2BoGZrHpu1a5STCy57hO5cn3jTUutc2Ka1OeOcAzcAQ8L2KRREoXPZ1iLLL5aSeydJyv2UdPv%2Bym%2Bw4POb2NHV9kQkR9GrRyPuvgINV7AHKuLeGYg0OFt%2BvB8%2FwAq2ieq3JeaVnGgpH0gJbideQdel%2Bk9B70nAhsABal5uTfCxgrvQ%2Bx5WiYIcQNgpqfaourGvs9Eogmr0sr7X5l9Nsw%3D%3D
Protocol: HTTP/1.1
Server: 103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS: bidr.trellian.com
Software: Apache/2.4.25 (Debian) /
Resource Hash: 40daba765e68df81072dba603adecbd49b4c9b0ee836189af681c3a7827bfd9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wksLaBv0UCWpBo4bgXTHb0pfX%2FdBe1tRIqIYbBD65L3QkugPpdWTDFITRXUhgGirEutRLR%2FcEvVdUSoLadsi7Cdf4UUmswPjR0f7Oak4MLls8p%2FuUh0CQYdTq%2FPbLkdFnnsolJxH3xOmIjr4pa93Du%2BkQ9mIYFvVkHVFA3lqo10rUOwIkaRGQOA%2FZEnU6qQ1HQFfRfa3uimromJ15Boj%2Fyc4Un65y7%2FRP4UbwkqPs7l8%2Fn2p3jJUlwteNg4vPblsc%2FGxI9NUoTYB0cbNqTQPqhGujwK0dkBBpT2Rc9jlkyuDI%2B5TribkJz3ZximePeXjUKq9pu4YvJWk5ltQzx8%2BuTxop0lkX2KctM5KcKNjTOn78IqMcJaQeX%2F1sQbQsYJdTFMtRR%2BoGZrHpu1a5STCy57hO5cn3jTUutc2Ka1OeOcAzcAQ8L2KRREoXPZ1iLLL5aSeydJyv2UdPv%2Bym%2Bw4POb2NHV9kQkR9GrRyPuvgINV7AHKuLeGYg0OFt%2BvB8%2FwAq2ieq3JeaVnGgpH0gJbideQdel%2Bk9B70nAhsABal5uTfCxgrvQ%2Bx5WiYIcQNgpqfaourGvs9Eogmr0sr7X5l9Nsw%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 22:47:46 GMT
Content-Encoding: gzip
Last-Modified: Fri, 14 Jan 2022 13:27:28 GMT
Server: Apache/2.4.25 (Debian)
ETag: "383-5d58ac3a31000-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 405

GET
H/1.1 200
OK swfobject.js Show response
1redirb.com/javascript/ 10 KB
4 KB 366ms
206ms Script
application/javascript 103.224.182.206
TRELLIAN-AS-AP Tr...

General

Check archive.org

Show headers Download Go to

Full URL: http://1redirb.com/javascript/swfobject.js
Requested by: Host: 1redirb.com
URL: http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wksLaBv0UCWpBo4bgXTHb0pfX%2FdBe1tRIqIYbBD65L3QkugPpdWTDFITRXUhgGirEutRLR%2FcEvVdUSoLadsi7Cdf4UUmswPjR0f7Oak4MLls8p%2FuUh0CQYdTq%2FPbLkdFnnsolJxH3xOmIjr4pa93Du%2BkQ9mIYFvVkHVFA3lqo10rUOwIkaRGQOA%2FZEnU6qQ1HQFfRfa3uimromJ15Boj%2Fyc4Un65y7%2FRP4UbwkqPs7l8%2Fn2p3jJUlwteNg4vPblsc%2FGxI9NUoTYB0cbNqTQPqhGujwK0dkBBpT2Rc9jlkyuDI%2B5TribkJz3ZximePeXjUKq9pu4YvJWk5ltQzx8%2BuTxop0lkX2KctM5KcKNjTOn78IqMcJaQeX%2F1sQbQsYJdTFMtRR%2BoGZrHpu1a5STCy57hO5cn3jTUutc2Ka1OeOcAzcAQ8L2KRREoXPZ1iLLL5aSeydJyv2UdPv%2Bym%2Bw4POb2NHV9kQkR9GrRyPuvgINV7AHKuLeGYg0OFt%2BvB8%2FwAq2ieq3JeaVnGgpH0gJbideQdel%2Bk9B70nAhsABal5uTfCxgrvQ%2Bx5WiYIcQNgpqfaourGvs9Eogmr0sr7X5l9Nsw%3D%3D
Protocol: HTTP/1.1
Server: 103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS: bidr.trellian.com
Software: Apache/2.4.25 (Debian) /
Resource Hash: a2d68e4530bbf55b595085ad00ef6999cb64574eb58b44b53ef0516fa7fa4aed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wksLaBv0UCWpBo4bgXTHb0pfX%2FdBe1tRIqIYbBD65L3QkugPpdWTDFITRXUhgGirEutRLR%2FcEvVdUSoLadsi7Cdf4UUmswPjR0f7Oak4MLls8p%2FuUh0CQYdTq%2FPbLkdFnnsolJxH3xOmIjr4pa93Du%2BkQ9mIYFvVkHVFA3lqo10rUOwIkaRGQOA%2FZEnU6qQ1HQFfRfa3uimromJ15Boj%2Fyc4Un65y7%2FRP4UbwkqPs7l8%2Fn2p3jJUlwteNg4vPblsc%2FGxI9NUoTYB0cbNqTQPqhGujwK0dkBBpT2Rc9jlkyuDI%2B5TribkJz3ZximePeXjUKq9pu4YvJWk5ltQzx8%2BuTxop0lkX2KctM5KcKNjTOn78IqMcJaQeX%2F1sQbQsYJdTFMtRR%2BoGZrHpu1a5STCy57hO5cn3jTUutc2Ka1OeOcAzcAQ8L2KRREoXPZ1iLLL5aSeydJyv2UdPv%2Bym%2Bw4POb2NHV9kQkR9GrRyPuvgINV7AHKuLeGYg0OFt%2BvB8%2FwAq2ieq3JeaVnGgpH0gJbideQdel%2Bk9B70nAhsABal5uTfCxgrvQ%2Bx5WiYIcQNgpqfaourGvs9Eogmr0sr7X5l9Nsw%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 22:47:46 GMT
Content-Encoding: gzip
Last-Modified: Fri, 14 Jan 2022 13:27:28 GMT
Server: Apache/2.4.25 (Debian)
ETag: "27ef-5d58ac3a31000-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 3949

GET
H/1.1 200
OK jscheck.php
1redirb.com/ 0
166 B 370ms
168ms XHR
text/html 103.224.182.206
TRELLIAN-AS-AP Tr...

General

Check archive.org

Show headers Download Go to

Full URL: http://1redirb.com/jscheck.php?enc=Ylc2VDdwRmk5WktWSzJUSHZqcmFrMzQ5ZmxGWFpFcE1kMVZvVVdsUGMwdERiWFJuTmxWc056ZFFjR1JNTmtRM1ptUjFSbUZPYlZaaFEydzViMU5pTWprMk9EQmhLMkpFYUdwa2FtMXVaRWxRU25CRE1FbGxabWt2VkVZMGRuSkdTMk5aVWpscFpuQTJObFZ6V2tWNk5GVjFNWFF2TUM5S01qTlNTRWx3T0hkNlprdDJOa2RwY3pSVFVuRm5USFZhYjNkSmEwcEtaWE40Y3pWT1VWaHFXVGR2WVdSblRraG5RVVpsUzJaNmJXOW9WMHQ0WkRkME5pdFRRa3BZV0ZSV1pUbEhPSFJVUmtsd2IxUnNXVWRFVjB0TEswRnFUMEo2UTIxeVYwUm9UVE5hZDBVcmQzUTJNM2RLVERJME1WWlpRemcyTjFsM05ubFpVakZQVFRsUU0wRkVXSGxQT0dOWmJFVlBOa3hZVG5kbE0yOTRjRWR5YUc4emREWlRkelZpU2k5RVJXaDVUVkV3Y0dWdk16YzRkalZqWlhkdlZHVlVSMFZRTUdKb1lqVTJVVVpaU0ZaNVRWUlNWR1JxWkhWQmRrVmxWVkUxYTA5UGIzbDZUVFZoYzNkV1QycE9TMjA0WVRCQk9Ha3Zlbmt5U1V4aVRqWkNRMVJ3YWt4UVVWTktla1JMWkhWclprRTBiSEJOVm05T1VVSnFUSGhQV0dSR1p6Tk5LMDVhYjJOQ01GVm1hVFZuU2tsTFZscERUa2xHWm5OS1RrdDNhR3MzVERJcllYTlNUMlJqYkVOMWIweDJZbVZ2YzNRNFMzUTVMMnBITDA5SVZGZHFWRk5pVld4RGEyZElXVTVpUzFSSFZsTkdTV05hYTFBeVYzbzRabTVGVDNCMGEwRm5NVTlEUVZKNE5qUldOMlp6WVVkNWRGTmlaVXBKVWpJMVlYWTFhWEJpUzA1T1ZXbEdWWFpSYmtkQmNXOUVZVUprZUM5UlEwNUplVUl3V0hsNE9XMU1jV2R0VmxKS1NVd3ZUeXRNVW5seWMxVTVjbFZUV2toc1ptSTVSbXg1Tm5vMVpTdGhNVnAxYVdWYVRrSlVVMWROUlZrM1MzaDNabWR6UnpWaVJuQjZVVlpRVW5KR1F5dDFZWGxST0U5blZuWnFNR1JtYldoRVR6UTJSV0ZtVVM5S1NGaFhUMHRtZUdwemREbFVlbU5oVFdRclZuZFpUSEp6TnpCbWJTdDVUMHBHYVVGdVFUZG9MMXByUnpSalJHOHpkbE5oVHpCNWMzZE5Oa2xWWkRkNWVURmFTVFF6WlVkTFRteENVR3BvYVVGRFZVVmhja00xVkdoTVREWmplVmhyYjFKM2VVSnRRa3RrV25SUWFrbGhjbmR2TVZwcVNXbFFOWE5PTmpCSVJqQlNjemxzYld0eVRWUk1UVTB4VkRaV2QyUllhRzlMWTFsTVJGaHNha3hWVFVOWlZEaFdkemx1VUU5MEwxY3dUR3BNYldKUFJFSXdVMjVpUjNVNVNESm5laXROWjI5RmVERnZkMHBuUFQwPQ%3D%3D&rand=0.8119370716498571
Requested by: Host: 1redirb.com
URL: http://1redirb.com/javascript/jscheck.js
Protocol: HTTP/1.1
Server: 103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS: bidr.trellian.com
Software: Apache/2.4.25 (Debian) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://1redirb.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yCqbWEd%2BCdB%2FSRN3YZkiFNsjQUS4CPi0ynmtTHPg5m2bJIeHHnYLCgRexoFTc%2Fvph7QcxJjx79lgxvnvEWoK6BOe92TKnLO0BJxGA%2BXKq6BCZTWk%2B7waaPHXGlfhB7wqwLiZ28SR4wksLaBv0UCWpBo4bgXTHb0pfX%2FdBe1tRIqIYbBD65L3QkugPpdWTDFITRXUhgGirEutRLR%2FcEvVdUSoLadsi7Cdf4UUmswPjR0f7Oak4MLls8p%2FuUh0CQYdTq%2FPbLkdFnnsolJxH3xOmIjr4pa93Du%2BkQ9mIYFvVkHVFA3lqo10rUOwIkaRGQOA%2FZEnU6qQ1HQFfRfa3uimromJ15Boj%2Fyc4Un65y7%2FRP4UbwkqPs7l8%2Fn2p3jJUlwteNg4vPblsc%2FGxI9NUoTYB0cbNqTQPqhGujwK0dkBBpT2Rc9jlkyuDI%2B5TribkJz3ZximePeXjUKq9pu4YvJWk5ltQzx8%2BuTxop0lkX2KctM5KcKNjTOn78IqMcJaQeX%2F1sQbQsYJdTFMtRR%2BoGZrHpu1a5STCy57hO5cn3jTUutc2Ka1OeOcAzcAQ8L2KRREoXPZ1iLLL5aSeydJyv2UdPv%2Bym%2Bw4POb2NHV9kQkR9GrRyPuvgINV7AHKuLeGYg0OFt%2BvB8%2FwAq2ieq3JeaVnGgpH0gJbideQdel%2Bk9B70nAhsABal5uTfCxgrvQ%2Bx5WiYIcQNgpqfaourGvs9Eogmr0sr7X5l9Nsw%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 26 Jan 2022 22:47:46 GMT
Server: Apache/2.4.25 (Debian)
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

200

a
lookandfind.me/s/
Redirect Chain

http://1redirb.com/r.php?u=https%3A%2F%2Fclever-redirect.com%2Fs%2Fr6%3Fs%3D721614%26s3%3D608462593%26sid%3D2022012709474545a0f94c3ddb101440&s=j&enc=Ylc2VDdwRmk5WktWSzJUSHZqcmFrMzQ5ZmxGWFpFcE1kMVZv...
https://clever-redirect.com/s/r6?s=721614&s3=608462593&sid=2022012709474545a0f94c3ddb101440
https://lookandfind.me/s/a?t=8&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=rolecosplay.com&s1=721614&s2=&s3=608462593&s5=woc

380 B
746 B

67ms
21ms

Document
text/html

157.90.169.168
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lookandfind.me/s/a?t=8&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=rolecosplay.com&s1=721614&s2=&s3=608462593&s5=woc
Requested by: Host: 1redirb.com
URL: http://1redirb.com/javascript/jscheck.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 157.90.169.168 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.168.169.90.157.clients.your-server.de
Software: Apache/2.4.49 (codeit) OpenSSL/1.1.1l PHP/7.4.24 / PHP/7.4.24
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

referrer-policy: strict-origin-when-cross-origin
x-powered-by: PHP/7.4.24
content-length: 380
content-type: text/html; charset=UTF-8
date: Wed, 26 Jan 2022 22:47:47 GMT
server: Apache/2.4.49 (codeit) OpenSSL/1.1.1l PHP/7.4.24

Redirect headers

referrer-policy: no-referrer
x-powered-by: PHP/7.4.27
location: https://lookandfind.me/s/a?t=8&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=rolecosplay.com&s1=721614&s2=&s3=608462593&s5=woc
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 26 Jan 2022 22:47:47 GMT
server: Apache/2.4.52 (codeit) OpenSSL/1.1.1m PHP/7.4.27

GET
H2 200 r
lookandfind.me/s/ 310 B
339 B 12ms
12ms Document
text/html 157.90.169.168
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lookandfind.me/s/r?u=https%3A%2F%2Fwww.shareasale.com%2Fr.cfm%3Fb%3D1175905%26u%3D2939522%26m%3D79381%26afftrack%3D5ad8fb0e3b81dd2fb750c42df0617e98_de&h=00abce9c3ca6ad4da6687c185f89b2d9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 157.90.169.168 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.168.169.90.157.clients.your-server.de
Software: Apache/2.4.49 (codeit) OpenSSL/1.1.1l PHP/7.4.24 / PHP/7.4.24
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://lookandfind.me/s/a?t=8&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=rolecosplay.com&s1=721614&s2=&s3=608462593&s5=woc

Response headers

referrer-policy: strict-origin-when-cross-origin
x-powered-by: PHP/7.4.24
content-length: 310
content-type: text/html; charset=UTF-8
date: Wed, 26 Jan 2022 22:47:47 GMT
server: Apache/2.4.49 (codeit) OpenSSL/1.1.1l PHP/7.4.24

GET
H2

200

Primary Request r.cfm Show response
www.shareasale-analytics.com/
Redirect Chain

https://www.shareasale.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_de
https://www.shareasale-analytics.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_de&shrsl_analytics_sscid=11k6%5Fu63xh&shrsl_analytics_sstid=11k6%5Fu63xh

2 KB
2 KB

437ms
409ms

Document
text/html

104.18.67.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.shareasale-analytics.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_de&shrsl_analytics_sscid=11k6%5Fu63xh&shrsl_analytics_sstid=11k6%5Fu63xh

Requested by

Host: lookandfind.me
URL: https://lookandfind.me/s/r?u=https%3A%2F%2Fwww.shareasale.com%2Fr.cfm%3Fb%3D1175905%26u%3D2939522%26m%3D79381%26afftrack%3D5ad8fb0e3b81dd2fb750c42df0617e98_de&h=00abce9c3ca6ad4da6687c185f89b2d9

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.18.67.79 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1b8ec8a44d95817a5852fd2b095e511f912c9285937c4b41b58f9af960a32534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://lookandfind.me/s/r?u=https%3A%2F%2Fwww.shareasale.com%2Fr.cfm%3Fb%3D1175905%26u%3D2939522%26m%3D79381%26afftrack%3D5ad8fb0e3b81dd2fb750c42df0617e98_de&h=00abce9c3ca6ad4da6687c185f89b2d9

Response headers

date: Wed, 26 Jan 2022 22:47:48 GMT
content-type: text/html;charset=UTF-8
x-powered-by: ASP.NET
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR CUR ADMi TAIi PSAi IVAi OUR STP NAV"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 6d3d48fb5982920d-FRA
content-encoding: gzip

Redirect headers

date: Wed, 26 Jan 2022 22:47:47 GMT
content-type: text/html;charset=UTF-8
location: https://www.shareasale-analytics.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_de&shrsl_analytics_sscid=11k6%5Fu63xh&shrsl_analytics_sstid=11k6%5Fu63xh
cf-ray: 6d3d48fa4887925f-FRA
access-control-allow-origin: *
cache-control: no-cache
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: BYPASS
cf-apo-via: origin,page-rules
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR CUR ADMi TAIi PSAi IVAi OUR STP NAV"
pragma: no-cache
x-content-type-options: nosniff
x-frame-options: SAME-ORIGIN
vary: Accept-Encoding
server: cloudflare

GET
H/1.1 200
OK /
www.rolecosplay.com/ 0
0 2789ms
1695ms Document
text/html 45.33.108.91

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rolecosplay.com/?sscid=11k6_u63xh

Requested by

Host: www.shareasale-analytics.com
URL: https://www.shareasale-analytics.com/r.cfm?b=1175905&u=2939522&m=79381&afftrack=5ad8fb0e3b81dd2fb750c42df0617e98_de&shrsl_analytics_sscid=11k6%5Fu63xh&shrsl_analytics_sstid=11k6%5Fu63xh

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

45.33.108.91 -, , ASN (),

Reverse DNS

Software

nginx / PHP/5.6.9

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.shareasale-analytics.com/

Response headers

Server: nginx
Date: Wed, 26 Jan 2022 22:47:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
P3p: CP="CAO PSA OUR"
Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
qe8.ghyoutube.com/	1970-01-23 16:03:17	Name: __tad Value: 1643237265.3616216
.1redirb.com/	1970-01-20 09:12:53	Name: __dsnsid Value: 2022012709474545a0f94c3ddb101440
lookandfind.me/	1970-01-20 00:28:43	Name: 25129350eda7d8f0bfd177f38544494b Value: 5a199289a67d28b7ddd70ddb48824416b819317ce9bcd7325714d50d7f99a9b4a%3A2%3A%7Bi%3A0%3Bs%3A32%3A%2225129350eda7d8f0bfd177f38544494b%22%3Bi%3A1%3Bs%3A1%3A%221%22%3B%7D
.shareasale.com/	1970-01-30 23:25:22	Name: XD0 Value: 79381%7Bu2939522%5Der7vtzn%5Ds11k6%5Fu63xh%5Dt11k6%5Fu63xh
.shareasale.com/	1969-12-31 23:59:59	Name: XSJ Value:
.shareasale-analytics.com/	1970-01-30 23:25:22	Name: XD0 Value: 79381%7Bu2939522%5Der7vtzn%5Ds11k6%5Fu63xh%5Dt11k6%5Fu63xh
.shareasale-analytics.com/	1969-12-31 23:59:59	Name: XSJ Value:

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1redirb.com
clever-redirect.com
lookandfind.me
qe8.ghyoutube.com
www.rolecosplay.com
www.shareasale-analytics.com
www.shareasale.com
103.224.182.206
103.224.182.210
104.16.227.72
104.18.67.79
157.90.169.168
45.33.108.91
78.46.197.88
1b8ec8a44d95817a5852fd2b095e511f912c9285937c4b41b58f9af960a32534
40daba765e68df81072dba603adecbd49b4c9b0ee836189af681c3a7827bfd9e
462f5083264548c2d7702c806a94d533541fb5d160b94b6b97ed4efab0fbc228
a2d68e4530bbf55b595085ad00ef6999cb64574eb58b44b53ef0516fa7fa4aed

www.shareasale-analytics.com Open in urlscan Pro 104.18.67.79 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

50 %HTTPS

0 %IPv6

7 Domains

7 Subdomains

4 IPs

3 Countries

10 kBTransfer

17 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

7 Cookies

Indicators

www.shareasale-analytics.com Open in urlscan Pro
104.18.67.79 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

50 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

4
IPs

3
Countries

10 kB
Transfer

17 kB
Size

7
Cookies

8 HTTP transactions
0 data transactions