watchadsfree.com Open in urlscan Pro
2606:4700:3030::6815:3438 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tghfghffnfhhggg.s3.amazonaws.com/tghfghffnfhhggg.html#qs=r-aecefafddbfjighafgbjddeacbfckgghafgefeabababaicadbiaceaccdkackgcahejhiacb
Effective URL:
https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr
Submission: On October 10 via api (October 10th 2022, 12:17:37 am UTC) from BE — Scanned from DE

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 19 domains to perform 22 HTTP transactions. The main IP is 2606:4700:3030::6815:3438, located in United States and belongs to CLOUDFLARENET, US. The main domain is watchadsfree.com. The Cisco Umbrella rank of the primary domain is 177972.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 12th 2022. Valid for: a year.

This is the only time watchadsfree.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	54.231.164.185 54.231.164.185	16509 (AMAZON-02) (AMAZON-02)
1 1	146.255.85.150 146.255.85.150	34547 (TELESMART-AS) (TELESMART-AS)
1	67.209.114.82 67.209.114.82	55293 (A2HOSTING) (A2HOSTING)
4	2606:4700:303... 2606:4700:3032::6815:1cae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3033::6815:1446	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	65.60.58.179 65.60.58.179	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2 3	51.68.82.147 51.68.82.147	16276 (OVH) (OVH)
1 1	34.147.1.177 34.147.1.177	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 3	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.91.234.242 34.91.234.242	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	51.161.115.163 51.161.115.163	16276 (OVH) (OVH)
1 2	51.83.143.92 51.83.143.92	16276 (OVH) (OVH)
1 2	2606:4700:10:... 2606:4700:10::6816:4aab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	35.186.193.41 35.186.193.41	15169 (GOOGLE) (GOOGLE)
1 1	34.147.21.42 34.147.21.42	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:303... 2606:4700:3030::6815:3438	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3033::6815:c84	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	14

1 54.231.164.185 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

tghfghffnfhhggg.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.255.85.150 (Macedonia, The Former Yugoslav Republic Of) 1 redirects

ASN34547 (TELESMART-AS, MK)
PTR: todoedge.net

146.255.85.150	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.209.114.82 (United States)

ASN55293 (A2HOSTING, US)
PTR: server.smartdatamarketers.com

hostforserverline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3032::6815:1cae (United States)

ASN13335 (CLOUDFLARENET, US)

lynku.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::6815:1446 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.60.58.179 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

otto.sherlowcke.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.68.82.147 (France) 2 redirects

ASN16276 (OVH, FR)

www.wewillserv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.147.1.177 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 177.1.147.34.bc.googleusercontent.com

admoustache.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

myofferplus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
popmyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.234.242 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 242.234.91.34.bc.googleusercontent.com

track.gositego.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.161.115.163 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net

t3.blowingwnd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.83.143.92 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu

ron.trffclb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:4aab (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.193.41 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 41.193.186.35.bc.googleusercontent.com

www.linkonclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.147.21.42 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 42.21.147.34.bc.googleusercontent.com

tracking.prtrackings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3030::6815:3438 (United States)

ASN13335 (CLOUDFLARENET, US)

watchadsfree.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:c84 (United States)

ASN13335 (CLOUDFLARENET, US)

bestexp1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	jukminung.com lynku.jukminung.com	25 KB
3	linkonclick.com 2 redirects www.linkonclick.com — Cisco Umbrella Rank: 52839	4 KB
3	wewillserv.com 2 redirects www.wewillserv.com — Cisco Umbrella Rank: 646049	6 KB
3	sherlowcke.com otto.sherlowcke.com	7 KB
2	watchadsfree.com watchadsfree.com — Cisco Umbrella Rank: 177972	3 KB
2	amung.us 1 redirects whos.amung.us — Cisco Umbrella Rank: 9363 widgets.amung.us — Cisco Umbrella Rank: 10920	705 B
2	popmyads.com 1 redirects popmyads.com — Cisco Umbrella Rank: 112153	2 KB
2	trffclb.com 1 redirects ron.trffclb.com — Cisco Umbrella Rank: 454587	1 KB
2	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 261287	2 KB
1	bestexp1.com bestexp1.com	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 492	29 KB
1	prtrackings.com 1 redirects tracking.prtrackings.com — Cisco Umbrella Rank: 67048	308 B
1	blowingwnd.com 1 redirects t3.blowingwnd.com — Cisco Umbrella Rank: 652554	299 B
1	gositego.live 1 redirects track.gositego.live — Cisco Umbrella Rank: 207537	264 B
1	myofferplus.com myofferplus.com — Cisco Umbrella Rank: 359357	1 KB
1	go2affise.com 1 redirects admoustache.go2affise.com — Cisco Umbrella Rank: 225144	209 B
1	hostforserverline.com hostforserverline.com	450 B
1	amazonaws.com tghfghffnfhhggg.s3.amazonaws.com	510 B
0	Failed function sub() { [native code] }. Failed
22	19

	Domain	Requested by
4	lynku.jukminung.com	hostforserverline.com tghfghffnfhhggg.s3.amazonaws.com lynku.jukminung.com
3	www.linkonclick.com	2 redirects
3	www.wewillserv.com	2 redirects otto.sherlowcke.com
3	otto.sherlowcke.com	lynku.jukminung.com otto.sherlowcke.com
2	watchadsfree.com	www.linkonclick.com watchadsfree.com
2	popmyads.com	1 redirects ron.trffclb.com
2	ron.trffclb.com	1 redirects myofferplus.com
2	cdn.addlnk.com	lynku.jukminung.com myofferplus.com
1	bestexp1.com	watchadsfree.com
1	cdn.jsdelivr.net	watchadsfree.com
1	tracking.prtrackings.com	1 redirects
1	widgets.amung.us
1	whos.amung.us	1 redirects
1	t3.blowingwnd.com	1 redirects
1	track.gositego.live	1 redirects
1	myofferplus.com	www.wewillserv.com
1	admoustache.go2affise.com	1 redirects
1	hostforserverline.com	tghfghffnfhhggg.s3.amazonaws.com
1	tghfghffnfhhggg.s3.amazonaws.com
0	joiopgnnkakffgifginnblnegdbgigal Failed	watchadsfree.com
22	20

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.amazonaws.com Amazon	`2021-12-15` - `2022-12-03`	a year	crt.sh
hostforserverline.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-21` - `2023-04-18`	a year	crt.sh
*.jukminung.com E1	`2022-09-19` - `2022-12-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
otto.sherlowcke.com R3	`2022-09-13` - `2022-12-12`	3 months	crt.sh
www.wewillserv.com R3	`2022-10-09` - `2023-01-07`	3 months	crt.sh
lone-star.landingtrack.com R3	`2022-09-30` - `2022-12-29`	3 months	crt.sh
*.bestexp1.com E1	`2022-09-27` - `2022-12-26`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr
Frame ID: 47BF9028FEDD49B03BC07FD94E520902
Requests: 17 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1665360000
Frame ID: 98A750955D279FB460FA5ED1C4E6EFFD
Requests: 3 HTTP requests in this frame

Frame: https://bestexp1.com/a.php?id=0058&e=VPGCNBK0FG&c=bjprD05t6e&r=pr&cid=6343649f8e81b30001d1df2f&z=4_1041905-329088980-0&v=13&dr=&inw=1600&inh=1200
Frame ID: F23A3354A5D75E5E2E272249B78405A5
Requests: 1 HTTP requests in this frame

Frame: https://watchadsfree.com/d.php
Frame ID: 3F627768332893A8030A5212B3365DFF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Adblock Enterprise-Edition

Page URL History Show full URLs

https://tghfghffnfhhggg.s3.amazonaws.com/tghfghffnfhhggg.html Page URL
http://146.255.85.150/qs=r-aecefafddbfjighafgbjddeacbfckgghafgefeabababaicadbiaceaccdkackgcahejhiacb HTTP 302
https://hostforserverline.com/17644fc5f2c4f87f800/45343_10419556_13/3134_422048756_0_0_0_4508223_71_1951_6... Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292590255&pubid=690405 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream... Page URL
https://otto.sherlowcke.com/?utm_term=7152671250093965374&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
https://otto.sherlowcke.com/proc.php?0620c1036ffa24e742e8447813bf25712012c672 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website... Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website... HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website... HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330001582a493cd52fbb1002ebbbf92e... HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=6343649c8002f1000100a683&pubid=503 Page URL
https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubd4bf0ad44277414a9237692c80d90... HTTP 302
https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&p... HTTP 302
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503 Page URL
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503... HTTP 302
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
https://popmyads.com/gget HTTP 302
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250 Page URL
http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Cso2fvI2MqB1dQO0dEdHP3xP.ff6%252CS0kXXHXf2ck-... HTTP 302
http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CQ2fTI2EmtGU3B0-GH0dEdHP3xP.84d%252C_CQvd... HTTP 302
https://tracking.prtrackings.com/click?pid=4&offer_id=2880&sub1=166536105410000TDETV413588908524V31&sub2=1041... HTTP 302
https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&d... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

22
Requests

86 %
HTTPS

39 %
IPv6

19
Domains

20
Subdomains

14
IPs

5
Countries

81 kB
Transfer

298 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tghfghffnfhhggg.s3.amazonaws.com/tghfghffnfhhggg.html Page URL
http://146.255.85.150/qs=r-aecefafddbfjighafgbjddeacbfckgghafgefeabababaicadbiaceaccdkackgcahejhiacb HTTP 302
https://hostforserverline.com/17644fc5f2c4f87f800/45343_10419556_13/3134_422048756_0_0_0_4508223_71_1951_63867_10419556_10_1129/71 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292590255&pubid=690405 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=66f37892&cid=pub7151b1370d62475c8f19d6ec7208bedb&2=690405 Page URL
https://otto.sherlowcke.com/?utm_term=7152671250093965374&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://otto.sherlowcke.com/proc.php?0620c1036ffa24e742e8447813bf25712012c672 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=a9e91fd304c5e686070f0dfc9d32b9a4&eyer=0.19706279494076528&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.19706279494076528&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330001582a493cd52fbb1002ebbbf92ee169e1010-202210-flb*5467509-4538f*M7152671250093965374*sl_5467509-4538f*d82d0d21403fca3bc21298d9b02de3029f0225c2*13260-7d8a5a17-dc93b329*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=6343649c8002f1000100a683&pubid=503 Page URL
https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubd4bf0ad44277414a9237692c80d90565&sub2=cde43947_503 HTTP 302
https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6343649d88d6b30001dcb530&s=930_cde43947_503 HTTP 302
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503 Page URL
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503&bv=1 HTTP 302
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
https://popmyads.com/gget HTTP 302
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250 Page URL
http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Cso2fvI2MqB1dQO0dEdHP3xP.ff6%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6sQQdGgDhC8DO2lEpOlLseA%252C%252C&cbpage=http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250&cbur=0.9354709624191331&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CQ2fTI2EmtGU3B0-GH0dEdHP3xP.84d%252C_CQvdhJNH9DC8YlGKUl9kXxujXrWfhmfYPebAj9Syca1boEdOdxenAn6cfNUhaeYqam7amLyX4bQChW5_Vyc5TWKjPOJoqtBft5pfihru8HQ-B24gLF4GQjxjcG7VlyxQkyip5X6c1cJkapzf9X71bAzMj5sdky4gpibkVcMrucT2VFm1fby8n8ItW0wj5laofS4zRCzcyaB5P9XPyQ4MupJ-DQXlppB0F1iAB7mF4zRAb5DFVSHSv2gdnc6O549h1L9PHkkANjEyRzdYJFz4Gxo0cwOlsMoSZzgMDQrhhtK7q9C5IHrHI9me5b5a6BEr2WnDQ5ysAch7LTVng1nYC_NgaNPp1P9C1_W33pee6AJKgZsByOOi_wKMAMMcaTJVINKC19FNc5CnSDsfjrFn9xreEyWB22a2BZbT7pAy-9BjTAEXxesty83juHg3delXAEKlch7r1F44a9Eo0dWNQY3Nujp6OiaBks1FXoWkv3J5XcjjnuLaEYjXlexvKv1nt9k1EJ2Ko1FCA1U2DN_IR8DI0aLhUHQLjAq7koY64I2NIPPTfp-y03BEbbLXT7JHvqBhplFiqbTruJsOaaZmJyCE5_I10VXKZbILgccSVs%252C HTTP 302
https://tracking.prtrackings.com/click?pid=4&offer_id=2880&sub1=166536105410000TDETV413588908524V31&sub2=1041905-329088980-0 HTTP 302
https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://146.255.85.150/qs=r-aecefafddbfjighafgbjddeacbfckgghafgefeabababaicadbiaceaccdkackgcahejhiacb HTTP 302
https://hostforserverline.com/17644fc5f2c4f87f800/45343_10419556_13/3134_422048756_0_0_0_4508223_71_1951_63867_10419556_10_1129/71

Request Chain 11

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=a9e91fd304c5e686070f0dfc9d32b9a4&eyer=0.19706279494076528&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.19706279494076528&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330001582a493cd52fbb1002ebbbf92ee169e1010-202210-flb*5467509-4538f*M7152671250093965374*sl_5467509-4538f*d82d0d21403fca3bc21298d9b02de3029f0225c2*13260-7d8a5a17-dc93b329*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=6343649c8002f1000100a683&pubid=503

Request Chain 13

https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubd4bf0ad44277414a9237692c80d90565&sub2=cde43947_503 HTTP 302
https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6343649d88d6b30001dcb530&s=930_cde43947_503 HTTP 302
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503

Request Chain 14

https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503&bv=1 HTTP 302
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

Request Chain 15

https://whos.amung.us/swidget/popmyads.png HTTP 307
https://widgets.amung.us/draw/?w=small&n=14400&c=ffc20e000000&p=left

Request Chain 16

https://popmyads.com/gget HTTP 302
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK tghfghffnfhhggg.html
tghfghffnfhhggg.s3.amazonaws.com/ 102 B
510 B 454ms
165ms Document
text/html 54.231.164.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tghfghffnfhhggg.s3.amazonaws.com/tghfghffnfhhggg.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.164.185 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Content-Length: 102
Content-Type: text/html
Date: Mon, 10 Oct 2022 00:17:23 GMT
ETag: "44e8e9ff1514b3c287b9bf6c9399b75d"
Last-Modified: Sun, 09 Oct 2022 19:23:33 GMT
Server: AmazonS3
x-amz-id-2: t6B8kyXi7PKszfRG8AGCwU2YJgAqDzOjnG2PHCdZOBwlpEH2RzJOx/15SRggsSjKEIfB9MOVzBg=
x-amz-request-id: X0R25XGWFTRD3ZMK
x-amz-version-id: Ran25IdIrzxydLPermy9KeIeuRqn2_LL

GET
H/1.1

200
OK

71
hostforserverline.com/17644fc5f2c4f87f800/45343_10419556_13/3134_422048756_0_0_0_4508223_71_1951_63867_10419556_10_1129/
Redirect Chain

http://146.255.85.150/qs=r-aecefafddbfjighafgbjddeacbfckgghafgefeabababaicadbiaceaccdkackgcahejhiacb
https://hostforserverline.com/17644fc5f2c4f87f800/45343_10419556_13/3134_422048756_0_0_0_4508223_71_1951_63867_10419556_10_1129/71

137 B
450 B

1139ms
406ms

Document
text/html

67.209.114.82
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://hostforserverline.com/17644fc5f2c4f87f800/45343_10419556_13/3134_422048756_0_0_0_4508223_71_1951_63867_10419556_10_1129/71
Requested by: Host: tghfghffnfhhggg.s3.amazonaws.com
URL: https://tghfghffnfhhggg.s3.amazonaws.com/tghfghffnfhhggg.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 67.209.114.82 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS: server.smartdatamarketers.com
Software: Apache /
Resource Hash

Request headers

Referer: https://tghfghffnfhhggg.s3.amazonaws.com/tghfghffnfhhggg.html#qs=r-aecefafddbfjighafgbjddeacbfckgghafgefeabababaicadbiaceaccdkackgcahejhiacb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Length: 137
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Oct 2022 00:17:30 GMT
Server: Apache

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Oct 2022 00:17:29 GMT
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/7.1.33
location: https://hostforserverline.com/17644fc5f2c4f87f800/45343_10419556_13/3134_422048756_0_0_0_4508223_71_1951_63867_10419556_10_1129/71

GET
H2 200 9e8aef8068 Show response
lynku.jukminung.com/rc/ 3 KB
2 KB 232ms
137ms Document
text/html 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292590255&pubid=690405
Requested by: Host: hostforserverline.com
URL: https://hostforserverline.com/17644fc5f2c4f87f800/45343_10419556_13/3134_422048756_0_0_0_4508223_71_1951_63867_10419556_10_1129/71
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce6a0571a0198972431192009f85365f371e34529c32ad2713f1bea0f3f89d29

Request headers

Referer: https://hostforserverline.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 757b2c679dff9000-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Mon, 10 Oct 2022 00:17:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2BxLlKHty9ERwnureL2oAVEYlSmkTdic7R7BoA02ytQgIhQEK5hFnXY%2B077Z%2BLSBBntyDTZ2vNVhlEJvuUl5uca2RHcbO3buqvvXzNfTM8NEwwqfUPHgYU7BxhQnE15aT%2FB2kmyMT5VSBn6vUOJ5Ki%2F7"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 133ms
45ms Stylesheet
text/css 2606:4700:3033::6815:1446
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292590255&pubid=690405
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:1446 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 00:17:31 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 817
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CZGEKoV7IOL6WG9iPpPdQlr1zId1og8LbKCOT%2BShzYA5%2F%2B7F1UNr03FET2wWy0o%2Fd%2FWNrMbBHu%2BZnW4WV4WqEVJwvo9W4tCRiTwTN7OTbS5anYa0e4Qtgp1ZLqYaKhj2%2Fy21F7UfDl1NwHwwhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 757b2c690af0bb49-FRA

GET
H2 200 invisible.js Show response
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 98A7 42 KB
15 KB 43ms
42ms Script
application/javascript 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1665360000
Requested by: Host: tghfghffnfhhggg.s3.amazonaws.com
URL: https://tghfghffnfhhggg.s3.amazonaws.com/tghfghffnfhhggg.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c085d5319a7db5e7c8ee7384760f68113a953a1ca14ddf7a7c21d1e9e2a4043

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 00:17:31 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yoMygGCQaONIkzBzBn%2BLUQdXrO2%2FiiTO7hKRs0e0VTv8AVsGR4vTrZKHDkb%2FlD%2BnwSajWGSalVhAI1Tcv0DIEZcRyYLm9z7yrbhDWZX4nPQMuG7%2FINr2NjKiO%2BeIJ39YWN4zaIdH6zdjDr2DEAD17ziO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 757b2c696f439000-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 pica.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 98A7 20 KB
8 KB 42ms
42ms Other
application/javascript 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 00:17:31 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uamRdnJApQQ82t0UezyL2ZzALq1HB3f03W2%2F73lv9dB%2B%2F3Tot%2FuAEB3zQuArPKdRuPD21iAmw%2F3Cgw7T5CEjhBGpWj7ViZ8WV2rx6kOlXLjbAa0AFRvOAcJIvhw%2Bd%2BQRAgt1wKhly0u0AF8etQzb9%2Bg%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 757b2c69bf8f9000-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 /
otto.sherlowcke.com/ 3 KB
2 KB 422ms
139ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=66f37892&cid=pub7151b1370d62475c8f19d6ec7208bedb&2=690405

Requested by

Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1292590255&pubid=690405

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 10 Oct 2022 00:17:31 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://otto.sherlowcke.com/?utm_term=7152671250093965374&ver=4viyaptcjo
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

POST
H3 200 757b2c679dff9000
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 98A7 2 B
691 B 56ms
55ms XHR
text/plain 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/757b2c679dff9000
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1665360000
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 10 Oct 2022 00:17:31 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDihur1rxwkEiGe%2F2r4%2BPyngGBpqNVz6qBL3GsuMaEY%2FleFp8H2E3t3fZ%2FwZ3AjH6rXBse6bjzLvia8YQ43B23eDU53xWBsGoXHJBIJSrBKXbEhIr7kmkaZeIJHoonGsS1yKrU18CsbS2EX0tBiWkFsp"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 757b2c6b88f6905e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
otto.sherlowcke.com/ 9 KB
3 KB 147ms
147ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_term=7152671250093965374&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=66f37892&cid=pub7151b1370d62475c8f19d6ec7208bedb&2=690405

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

e17fd1d722139b476aefb642005dd92d393d5ca99fc30933f1ac5aa74b401883

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=66f37892&cid=pub7151b1370d62475c8f19d6ec7208bedb&2=690405
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 10 Oct 2022 00:17:31 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 proc.php
otto.sherlowcke.com/ 4 KB
2 KB 140ms
140ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/proc.php?0620c1036ffa24e742e8447813bf25712012c672

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_term=7152671250093965374&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_term=7152671250093965374&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 10 Oct 2022 00:17:32 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H/1.1 200
OK /
www.wewillserv.com/ 5 KB
5 KB 326ms
39ms Document
text/html 51.68.82.147
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Requested by: Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/proc.php?0620c1036ffa24e742e8447813bf25712012c672
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.82.147 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://otto.sherlowcke.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Mon, 10 Oct 2022 00:17:32 GMT
Transfer-Encoding: chunked

GET
H2

200

a91581ead4 Show response
myofferplus.com/rc/
Redirect Chain

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330001582a493cd52fbb1002ebbbf92ee169e1010-202210-flb*5467509-4538f*M7152671250093965374*sl_5467509-4538f*d82d0d21403fca...
https://myofferplus.com/rc/a91581ead4?affclick=6343649c8002f1000100a683&pubid=503

1 KB
1 KB

216ms
128ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://myofferplus.com/rc/a91581ead4?affclick=6343649c8002f1000100a683&pubid=503
Requested by: Host: www.wewillserv.com
URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa539cf863f151965352baf1d5205f96a140b015063f3415ac8274f5350b3d13

Request headers

Referer: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7152671250093965374&website=13260-7d8a5a17-dc93b329&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 757b2c7519e09bcb-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Mon, 10 Oct 2022 00:17:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M2Pact6gpfYKr7756JpCi793gqxyV4zeahO1NDMK7hdP8S8JeNaNXCVBL0T0ZC0vueRcUfoMJvwB7FGv5yhIM0XmYk3Afwzc8gnVQ4AgrcHkNK63OBlXLdKnDiKXMEzyrxWsTYT70k4uLcsTlNQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Mon, 10 Oct 2022 00:17:32 GMT
location: https://myofferplus.com/rc/a91581ead4?affclick=6343649c8002f1000100a683&pubid=503
server: nginx

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 86ms
42ms Stylesheet
text/css 2606:4700:3033::6815:1446
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=6343649c8002f1000100a683&pubid=503
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:1446 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 00:17:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 72BQ43Z832DMHS8A
age: 1079
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1xqBtAtRog1y5vyHROYI%2FJUwK52cHVpfJGfQCuqJtuMDSeeXvNmQDjo1q3lIsOZ0UEJVl6jmiXVMW5A8L6K8yktMprTpcoGVVf0gas%2BJOVYGCxmnYwPhjsKYToh4bGGlEKU8Tj53jH4oTHlE3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 757b2c763b709072-FRA

GET
H/1.1

200
OK

f.php
ron.trffclb.com/
Redirect Chain

https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubd4bf0ad44277414a9237692c80d90565&sub2=cde43947_503
https://t3.blowingwnd.com/p.php?p=c:8pnojh5wwryg9ycmq&d=61b86bb2caff0c3520644fec&pid=CLICKID&s=SUBID&pid=6343649d88d6b30001dcb530&s=930_cde43947_503
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503

891 B
864 B

186ms
58ms

Document
text/html

51.83.143.92
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503
Requested by: Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=6343649c8002f1000100a683&pubid=503
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.83.143.92 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3155458.ip-51-83-143.eu
Software: nginx /
Resource Hash

Request headers

Referer: https://myofferplus.com/rc/a91581ead4?affclick=6343649c8002f1000100a683&pubid=503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Oct 2022 00:17:34 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Oct 2022 00:17:33 GMT
Location: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503
Raund: xi
Round: 1217p3t0dz
Server: nginx

GET
H2

200

aHR0cDovL3RyYWZmaXgxMy5jb20=
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/
Redirect Chain

https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503&bv=1
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

2 KB
1 KB

151ms
59ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

Requested by

Host: ron.trffclb.com
URL: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

Referer: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-930_cde43947_503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 757b2c7d1d21bb44-FRA
content-encoding: br
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=UTF-8
date: Mon, 10 Oct 2022 00:17:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NeLMxUiOBpkZpFn65I2pIf7op%2FMVanw7Y2xCXOH5qxfA1Whrwg%2FmPkA6WW0TAPEkhmbT0hB5iE8phicemjZxWWP1BjwFFV9BoVM07jb1Mlvt7x8YuCsK9KRDsvrRCCwSfX4kEjMHFm%2FKvqI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: DENY
x-powered-by: PHP/7.1.33

Redirect headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Oct 2022 00:17:34 GMT
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Raund: 2hp
Round: 11kgq037yu
Server: nginx

GET
H2

200

/
widgets.amung.us/draw/
Redirect Chain

https://whos.amung.us/swidget/popmyads.png
https://widgets.amung.us/draw/?w=small&n=14400&c=ffc20e000000&p=left

365 B
531 B

53ms
43ms

Image
image/png

2606:4700:10::6816:4aab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.amung.us/draw/?w=small&n=14400&c=ffc20e000000&p=left
Protocol: H2
Server: 2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://popmyads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 00:17:34 GMT
cf-cache-status: HIT
last-modified: Sat, 24 Sep 2022 10:21:21 GMT
server: cloudflare
age: 1346173
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2678400
content-disposition: filename=wau-widget.png
cf-ray: 757b2c7f19edbbcd-FRA
expires: Sun, 25 Sep 2022 10:21:21 GMT

Redirect headers

location: https://widgets.amung.us/draw/?w=small&n=14400&c=ffc20e000000&p=left
date: Mon, 10 Oct 2022 00:17:34 GMT
cache-control: max-age=295
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 757b2c7e08ecbbcd-FRA
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

next.php
www.linkonclick.com/jump/
Redirect Chain

https://popmyads.com/gget
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250

7 KB
3 KB

213ms
158ms

Document
text/html

35.186.193.41
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Protocol: HTTP/1.1
Server: 35.186.193.41 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 41.193.186.35.bc.googleusercontent.com
Software: openresty /
Resource Hash

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://popmyads.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 10 Oct 2022 00:17:34 GMT
Server: openresty
Transfer-Encoding: chunked
Via: 1.1 google

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 757b2c7dd98c91de-FRA
content-type: text/html; charset=UTF-8
date: Mon, 10 Oct 2022 00:17:34 GMT
location: http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wZNiNq1rF%2Fpieh6w8r7lkqWutZWAAq12ucmMExs0VVOjpBssBNRa%2F2LlRShrHMHkUH3vq5LB%2Fut%2Bo9XpjuqG%2B5vlXS8edeSdOZiYu9bhv2BnfUFdLOysEdBkdlGDl7R8qkXoxQ%2BaGWu8pf0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33

GET
H2

200

Primary Request add.php Show response
watchadsfree.com/
Redirect Chain

http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Cso2fvI2MqB1dQO0dEdHP3xP.ff6%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6sQQdGgDhC8DO2lEpOlLseA%252C%252C&cbpage=ht...
http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CQ2fTI2EmtGU3B0-GH0dEdHP3xP.84d%252C_CQvdhJNH9DC8YlGKUl9kXxujXrWfhmfYPebAj9Syca1boEdOdxenAn6cfNUhaeYqam7amLyX4bQChW5_Vyc5TWKjPOJoqtBft5...
https://tracking.prtrackings.com/click?pid=4&offer_id=2880&sub1=166536105410000TDETV413588908524V31&sub2=1041905-329088980-0
https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr

8 KB
3 KB

180ms
92ms

Document
text/html

2606:4700:3030::6815:3438
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr
Requested by: Host: www.linkonclick.com
URL: http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:3438 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 168e6793e7165d84a52f143084b82427323394cce6b835a5091d4c36fd10c256

Request headers

Referer: http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 757b2c844e3f9c0d-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 10 Oct 2022 00:17:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2r3vDw7xs9GMRWvAH%2BQChPXGw2qafXaxwVZ%2Fl%2FNkZWpRoREly5C2oNMD2VqMcLq1JO4F7Do22uhFjF9Z%2BM%2B6Jk6JrZCL7uk2x07TFM04CncsZhkwOB1wNy%2BMix%2BqaPejCjXVDJ7SRLbRzkmxoov"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Mon, 10 Oct 2022 00:17:35 GMT
location: https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr
server: nginx

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/ 190 KB
29 KB 129ms
48ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/bootstrap.min.css

Requested by

Host: watchadsfree.com
URL: https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed959b654022f7bae48ab9380dc129e065833e45a944c70d684c971ac3578cb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://watchadsfree.com/
Origin: https://watchadsfree.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 00:17:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7115314
x-jsd-version: 5.2.0
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19140-FRA, cache-itm18848-ITM
x-jsd-version-type: version
server: cloudflare
etag: W/"2f88b-Yz6bIW1g1A6raHMXUTTpNbVU+JE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mocFOtmzzYd%2BADwoSHgDNyFyVSoUOfFHaHtFJrf5olS7MfG3xAumz4%2BYzwRt5dN5QlgajOoDujJCJrd2tYnN5hoq%2FCPhcZUBV6WUEVdBhva0q0E3yvvMYDjkyzaLY5QWMBLYz801inN4mj20n4s%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 757b2c8568d491de-FRA

GET empty.jpg
joiopgnnkakffgifginnblnegdbgigal/redirects/ 0
0

GET
H2 200 a.php Show response
bestexp1.com/ Frame F23A 96 B
1 KB 207ms
105ms Document
text/html 2606:4700:3033::6815:c84
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bestexp1.com/a.php?id=0058&e=VPGCNBK0FG&c=bjprD05t6e&r=pr&cid=6343649f8e81b30001d1df2f&z=4_1041905-329088980-0&v=13&dr=&inw=1600&inh=1200
Requested by: Host: watchadsfree.com
URL: https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:c84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d5f7d977f9b96d4f7abe30653ea52b3406938d5175ebb743bf839beab7f59f6

Request headers

Referer: https://watchadsfree.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 757b2c866ddc9a06-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 10 Oct 2022 00:17:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=doU85zmr3s73%2FvMGnz3qBoNbzVzSy1%2FbW3z0cUbVPAAXJdm6ERVKNR74nwqxl4L8Gk9J9F3UzqzIgUqu5AFbjSwVwwfD%2BAcFSTh1Uot8VqJIG6dpx2u%2FK84VZnEjpX92f3K%2B9yoCFzBgqYs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 d.php Show response
watchadsfree.com/ Frame 3F62 0
565 B 107ms
57ms Document
text/html 2606:4700:3030::6815:3438
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://watchadsfree.com/d.php
Requested by: Host: watchadsfree.com
URL: https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:3438 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 757b2c8618879bf4-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 10 Oct 2022 00:17:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7t6D03nXe0UU5TH6Km2pHg2B6k8pPE90%2F59BA1rFiQ0IKTYWH4j%2BViLRskoWQx8tTO5f4dKaG%2FuLpN0X1Q%2FnQazqMDnf4Cvhisqc6bQNU4Wwq8KIWgfS7bhnkDbX77ahL751mgA6klWwt0n3Hew"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: joiopgnnkakffgifginnblnegdbgigal
URL: chrome-extension://joiopgnnkakffgifginnblnegdbgigal/redirects/empty.jpg

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hostforserverline.com/	1970-01-20 07:19:13	Name: uid15295 Value: 1292590255-20221009201730-4c9cc3db825d7c8d522116ec82b2b455-
lynku.jukminung.com/	1970-01-20 06:46:05	Name: AWSALB Value: fdp6Eh4/DBKUJSIOHTOqeF7WTWFLEMOFEvPAt3KdjkzpEscvaozRskqghqzOguD30brF2p2kpvYN1MgueW/nyNRduyqQp46z3rT0EjuemYsW+Y40KIehAdFL5WFl
.jukminung.com/	1970-01-20 06:36:02	Name: __cf_bm Value: BehiEA2aSd4RipRWekXEg8cs_8Zo2X21uJbyYkifPHs-1665361051-0-AULL/9XixX/U1Qhy/nKzlDvsQTzT1HgFUGspY8vXBw1ink9N9t62lpbStVkeJ4u1NrBeWpgaDhEF3Zb2TnJsUpK/5RBfepNCUiRlLdKVwPTvKD3d/i4FJTS3IdU4z0cA6g==
otto.sherlowcke.com/	1970-01-20 15:21:37	Name: u Value: 1e1171ecbb5f89acd3b6acc9b7fc8c50
admoustache.go2affise.com/	1970-01-20 15:21:37	Name: afclick Value: 6343649c8002f1000100a683
myofferplus.com/	1970-01-20 06:46:05	Name: AWSALB Value: WS+BZ/87RzJiSwo42L0+9wtM/HKR7eYOAxzLDjEH5DCQcBYS8LCCqqryZLUv6NNVlISy5wHIZFi58EYQ0iYjfW9OfeXLV/Y/7M65nlHDA2fBh41Gc20asNhzPHkS
track.gositego.live/	1970-01-20 15:21:37	Name: afclick Value: 6343649d88d6b30001dcb530
tracking.prtrackings.com/	1970-01-20 15:21:37	Name: afclick Value: 6343649f8e81b30001d1df2f
tracking.prtrackings.com/	1970-01-20 15:21:37	Name: afoffers Value: {"2880":1665361055}
.bestexp1.com/	1970-01-20 16:12:01	Name: c0058 Value: bjprD05t6e
.bestexp1.com/	1970-01-20 16:12:01	Name: r0058 Value: pr
.bestexp1.com/	1970-01-20 16:12:01	Name: cid0058 Value: 6343649f8e81b30001d1df2f
.bestexp1.com/	1970-01-20 16:12:01	Name: z0058 Value: 4_1041905-329088980-0
.bestexp1.com/	1970-01-20 16:12:01	Name: v0058bjprD05t6e Value: %7B%2213%22%3A1%7D
.bestexp1.com/	1970-01-20 16:12:01	Name: e0058 Value: VPGCNBK0FG
.bestexp1.com/	1970-01-20 15:21:37	Name: _asd Value: 16653610557465882

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://watchadsfree.com/add.php?dt=bjprD05t6e&ea=4_1041905-329088980-0&dw=6343649f8e81b30001d1df2f&dv=pr(Line 46) Message: Access to XMLHttpRequest at 'chrome-extension://joiopgnnkakffgifginnblnegdbgigal/redirects/empty.jpg' from origin 'https://watchadsfree.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https, chrome-untrusted.
network	error	URL: chrome-extension://joiopgnnkakffgifginnblnegdbgigal/redirects/empty.jpg Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admoustache.go2affise.com
bestexp1.com
cdn.addlnk.com
cdn.jsdelivr.net
hostforserverline.com
joiopgnnkakffgifginnblnegdbgigal
lynku.jukminung.com
myofferplus.com
otto.sherlowcke.com
popmyads.com
ron.trffclb.com
t3.blowingwnd.com
tghfghffnfhhggg.s3.amazonaws.com
track.gositego.live
tracking.prtrackings.com
watchadsfree.com
whos.amung.us
widgets.amung.us
www.linkonclick.com
www.wewillserv.com
joiopgnnkakffgifginnblnegdbgigal
146.255.85.150
2606:4700:10::6816:4aab
2606:4700:3030::6815:3438
2606:4700:3032::6815:1cae
2606:4700:3033::6815:1446
2606:4700:3033::6815:c84
2606:4700::6810:5714
2a06:98c1:3121::3
34.147.1.177
34.147.21.42
34.91.234.242
35.186.193.41
51.161.115.163
51.68.82.147
51.83.143.92
54.231.164.185
65.60.58.179
67.209.114.82
0c085d5319a7db5e7c8ee7384760f68113a953a1ca14ddf7a7c21d1e9e2a4043
168e6793e7165d84a52f143084b82427323394cce6b835a5091d4c36fd10c256
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
8d5f7d977f9b96d4f7abe30653ea52b3406938d5175ebb743bf839beab7f59f6
ce6a0571a0198972431192009f85365f371e34529c32ad2713f1bea0f3f89d29
e17fd1d722139b476aefb642005dd92d393d5ca99fc30933f1ac5aa74b401883
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed959b654022f7bae48ab9380dc129e065833e45a944c70d684c971ac3578cb8
fa539cf863f151965352baf1d5205f96a140b015063f3415ac8274f5350b3d13

watchadsfree.com Open in urlscan Pro 2606:4700:3030::6815:3438 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

86 %HTTPS

39 %IPv6

19 Domains

20 Subdomains

14 IPs

5 Countries

81 kBTransfer

298 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

16 Cookies

2 Console Messages

Indicators

watchadsfree.com Open in urlscan Pro
2606:4700:3030::6815:3438 Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

86 %
HTTPS

39 %
IPv6

19
Domains

20
Subdomains

14
IPs

5
Countries

81 kB
Transfer

298 kB
Size

16
Cookies

22 HTTP transactions
0 data transactions