promo.libertex.org Open in urlscan Pro
2606:4700::6811:5a0e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.pittsburgh.cbslocal.co/
Effective URL:
https://promo.libertex.org/?aff_id=43496&cxd=43496_505283_|afp0:6b7bdfd39d594d6bc09b55215bd0a08f|afp1:43137
Submission: On March 10 via api (March 10th 2022, 5:45:25 pm UTC) from US — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 9 domains to perform 8 HTTP transactions. The main IP is 2606:4700::6811:5a0e, located in United States and belongs to CLOUDFLARENET, US. The main domain is promo.libertex.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 29th 2021. Valid for: a year.

This is the only time promo.libertex.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	103.224.182.252 103.224.182.252	133618 (TRELLIAN-...) (TRELLIAN-AS-AP Trellian Pty. Limited)
1 5	103.224.182.206 103.224.182.206	133618 (TRELLIAN-...) (TRELLIAN-AS-AP Trellian Pty. Limited)
1 1	78.46.197.88 78.46.197.88	24940 (HETZNER-AS) (HETZNER-AS)
2	157.90.169.168 157.90.169.168	24940 (HETZNER-AS) (HETZNER-AS)
1 1	104.248.96.70 104.248.96.70	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	185.26.99.247 185.26.99.247	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	2606:4700:20:... 2606:4700:20::ac43:4691	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.234.86.61 35.234.86.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6811:5a0e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	4

2 103.224.182.252 (Australia) 2 redirects

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-182-252.above.com

www.pittsburgh.cbslocal.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 103.224.182.206 (Australia) 1 redirects

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: bidr.trellian.com

1redirc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.46.197.88 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.88.197.46.78.clients.your-server.de

clever-redirect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.90.169.168 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.168.169.90.157.clients.your-server.de

lookandfind.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.248.96.70 (Singapore, Singapore) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

ir3.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.26.99.247 (Frankfurt am Main, Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
PTR: dsde430-2.fornex.org

ad.admitad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4691 (United States)

ASN13335 (CLOUDFLARENET, US)

libertex-affiliates.ck-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.234.86.61 (Frankfurt am Main, Germany) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.86.234.35.bc.googleusercontent.com

go.libertex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:5a0e (United States)

ASN13335 (CLOUDFLARENET, US)

promo.libertex.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	1redirc.com 1 redirects 1redirc.com — Cisco Umbrella Rank: 313936	8 KB
2	lookandfind.me lookandfind.me	811 B
2	cbslocal.co 2 redirects www.pittsburgh.cbslocal.co	1 KB
1	libertex.org promo.libertex.org	770 B
1	libertex.com 1 redirects go.libertex.com	664 B
1	ck-cdn.com libertex-affiliates.ck-cdn.com	708 B
1	admitad.com 1 redirects ad.admitad.com — Cisco Umbrella Rank: 36269	544 B
1	ir3.xyz 1 redirects ir3.xyz — Cisco Umbrella Rank: 115354	873 B
1	clever-redirect.com 1 redirects clever-redirect.com	436 B
8	9

	Domain	Requested by
5	1redirc.com	1 redirects 1redirc.com
2	lookandfind.me	1redirc.com
2	www.pittsburgh.cbslocal.co	2 redirects
1	promo.libertex.org
1	go.libertex.com	1 redirects
1	libertex-affiliates.ck-cdn.com	lookandfind.me
1	ad.admitad.com	1 redirects
1	ir3.xyz	1 redirects
1	clever-redirect.com	1 redirects
8	9

This site contains no links.

Subject Issuer	Validity	Valid
lookandfind.me R3	`2022-03-03` - `2022-06-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-15` - `2022-06-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://promo.libertex.org/?aff_id=43496&cxd=43496_505283_|afp0:6b7bdfd39d594d6bc09b55215bd0a08f|afp1:43137
Frame ID: AEFDA349F383D9FE88AEB5AC20ADABC7
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404 Not Found

Page URL History Show full URLs

http://www.pittsburgh.cbslocal.co/ HTTP 302
https://www.pittsburgh.cbslocal.co/ HTTP 302
http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHO... Page URL
http://1redirc.com/r.php?u=https%3A%2F%2Fclever-redirect.com%2Fs%2Fr6%3Fs%3D721614%26s3%3D13955... HTTP 302
https://clever-redirect.com/s/r6?s=721614&s3=1395577282&sid=20220311044520bb9b10a151b24fa195 HTTP 302
https://lookandfind.me/s/a?t=6&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=libertex-secure.com&s1=7216... Page URL
https://lookandfind.me/s/r?u=https%3A%2F%2Fir3.xyz%2F61d8316883085%3Fp1%3Db305f1be6d6b405c362d36d54... Page URL
https://ir3.xyz/61d8316883085?p1=b305f1be6d6b405c362d36d54185ee1a&p2=DE HTTP 302
https://ad.admitad.com/g/m3g0t4srg7d1eb74253d4009ce43fc/?subid=8d01e34c-bc1e-4b78-8955-492cc84fa0d3... HTTP 302
https://libertex-affiliates.ck-cdn.com/tn/serve/geoGroup/?rgid=9&bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp... Page URL
https://go.libertex.com/visit/?bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp1=43137&nci=10363&o... HTTP 302
https://promo.libertex.org/?aff_id=43496&cxd=43496_505283_|afp0:6b7bdfd39d594d6bc09b55215bd0a08f|afp1:4... Page URL

Detected technologies

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

Page Statistics

8
Requests

50 %
HTTPS

22 %
IPv6

9
Domains

9
Subdomains

4
IPs

4
Countries

10 kB
Transfer

16 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.pittsburgh.cbslocal.co/ HTTP 302
https://www.pittsburgh.cbslocal.co/ HTTP 302
http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJjoIeJbezv7P0uRYhwuGVEzXWNdheV4tKWLGfxW8XX8m8SmUVtNPxzzECSgqod1rln5%2Fy0puPyKhofHlOTdpQQSp%2FYUg4radyW0sxNWauzjHcwpYosmMpfcIzRusUx8m3kxV3uwq40osH5W2vDGzU7XkEDVdN5TxOqQ90LYfK%2BlZeqEVaUkC3qpv0jBM1CWIcNLP0Ie2Fenj9ipzxgv88yNQX6rvWuShI8jUaoVPnBj8fgSK3EIdZm2t5m2%2Bvca0HLUbPE05SKg0SgBdVrjVstY1eCnwgb%2BNVI%2FbNmZjWIwAtxH9A9fOC%2B9rG5n4iClpUAQwWQbiql2ZFKusY%2FJj5qwuGtiUzIMe1rJR6mNIvXf3JPxBKFebjG1NLDjl9cfLj9CuiIU%2BOyleGtv1iM1fsM%2BRAK6tACLmM9YdhF%2Bz43Peg8uiDkdsyqJkG99fIhned2w1waqqkrMr%2B2X8jEBHd%2FgxCwTgmyIpDA1eb2kRwyO%2BNBSQOriiIZmTpyyzvnFnOJsOVuh8H5njZOVDS1aL5o2Nrl8I3uQRRAkWy%2Ffx99gptqzOvGIJlGetkNHNiDDi67CMTFnz6D6BMEN%2BmdqIsbNgB%2FDEdmoJi4P1qa4MQmtX2pjN6ng2XUuh%2BkOG%2BHjOA%3D%3D Page URL
http://1redirc.com/r.php?u=https%3A%2F%2Fclever-redirect.com%2Fs%2Fr6%3Fs%3D721614%26s3%3D1395577282%26sid%3D20220311044520bb9b10a151b24fa195&s=j&enc=MlF1a3V2TEtPNE5KS25hTmlyeGZWMzQ5ZmpWSmFYZGhRMmMxWm1KNFptOVVNMHRPYmxOWU1ta3pibVZuVVVFeGFFcFJkV2szTTFOeU4wNDJOR0kyWTFWblowVlhlVmw1TVdkc09WaFlNVXBVWTBkSVoyeGxlVTltVkZVelQzcExZMVkzV0dReVJFbG9WMVF2T0RGeU9GWmllRlZKTmlzemJIVktaalZYY0ROaVprUm5ibUpQU1V3dkwzVjBSWHBDV2xaSVRrcGxRMUpOV0VSS2FVbExXR2RLU1hrMGJscGxWRTkyU1hOT2JURlZVSEJuY1dScVZXY3JkVkpsZEM5VVZFdHRVRU0yUldrMU9VVTVPR3BGVm1GWU0zTlFiM2RvVUdoa1RHRkVWMVZ1SzJWV1JFTXZjRGRwVlZKSmRUTlVjbmg0VjBwelNubE1TR3AxUmk5clZVOTBabGRzVUV0R2NuRmlZMFZ5ZW1KaFdEZ3piVzF4UXpOSFdIVXdlblV3YWt4a05tNXlPR3gzTm5oRWRuQlVSWEpqVmxwR1VGTjJRMWRrTkd0NWQwVklRVlZEUVVGdVFrdGhjV3hCVTJkVlQxZFRSbU5NVEZkQlFrTkNTalpNYURabk9WbEdVMFZzYWxwSlQweElkbGxpV2l0c05tSmtMM0JyVjNoRmFHZFhSa2xZV1cweWFsWjJjR1YzU3pWR2RTdENTQzlPUlRSRlJ6bFdkSE12VDJGQ2RrMVJRa2h4T1c5dlNuVTRTSEkwS3pBMEszQkNkVm8wU3pCUlkyTXpkV1JNUVZSV2RtTm5PVTFEV0RBMmVWQlNRWFZpY2tSUlZXTTRVM0o2U0hOVGFIWTNZV2xJUXpRNWRsQXJTRzFYYVZKVlVYWjRXblpGU0Uxd2FXTnFlR1pIYlRJemEzSmlORVE0TjNOT1RtTTFhMUZMTVdwRFFXWXlaRFI0YlRkWFJIcGpPWEk0TWtwRlFYSkJZekJ4VUZkRlkxbDRkWEpFUW1rd1MyWnJSalY1YkZsa1ZqSk9LMDlXZUVadk16RjFMMUZYTTBWRFFVWlJabk00VG5wbksydFllR0Y1TTNKMUszSkNaV0owUzNGdkt6VnJSVzEwZEdadFFVUjFNMHR2TldjdmNtSjJNVU5oYlc5WWFYUnJiMVZwZFRaRFlsTklSV2hSTTAxcWVHSktia1JXVlVkUU9XRnJVamsyZUVkNVdWTmtkVU5DVURaclNUWnVkMmszYlhkVVVVOXRieXR3V2tORVNHSllhM1pPTVVGbFMyWk1hRFJSZDNsYWJqVnJUM2hEUmsxdWNscEphMWhyVGtwTUwyRkpiRGt2V201R1MxRXJSRTl2TjJvME1ucEtTM0pJY0hCM2NWZDRZMDlrUVROQldVWnhSVUphZVV4NlRGcDBkSFJTTDBGRWIwbG9kVTgwVXpoMlpVaDVjMUVyZEV0VGIwcG9iWE5RWTFKdGFFMWxjazFNU20xWGJuVTBkV1Z3ZEZSblJUSlBhaXRETDJWVGFYQnhiV0Z4ZDBOaGNEZEVXbE5SUWxkeldXRnVNVlpoV0ZsVWNVMUJialo2YUVwblBRPT0%3D&vs=1600:1200&ds=1600:1200&sl=0:0&os=f&nos=f&swfV=0.0.0&if=f&sc=f&gpu=Intel%20Inc.%20-%20Intel%20Iris%20OpenGL%20Engine HTTP 302
https://clever-redirect.com/s/r6?s=721614&s3=1395577282&sid=20220311044520bb9b10a151b24fa195 HTTP 302
https://lookandfind.me/s/a?t=6&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=libertex-secure.com&s1=721614&s2=&s3=1395577282&s5=woc Page URL
https://lookandfind.me/s/r?u=https%3A%2F%2Fir3.xyz%2F61d8316883085%3Fp1%3Db305f1be6d6b405c362d36d54185ee1a%26p2%3DDE&h=2104af9fbb3206283b10f2fac0575a34 Page URL
https://ir3.xyz/61d8316883085?p1=b305f1be6d6b405c362d36d54185ee1a&p2=DE HTTP 302
https://ad.admitad.com/g/m3g0t4srg7d1eb74253d4009ce43fc/?subid=8d01e34c-bc1e-4b78-8955-492cc84fa0d3&subid1=60910da1d915b81f2932b7a1 HTTP 302
https://libertex-affiliates.ck-cdn.com/tn/serve/geoGroup/?rgid=9&bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp1=43137 Page URL
https://go.libertex.com/visit/?bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp1=43137&nci=10363&oref=https%3A%2F%2Flookandfind.me%2F HTTP 302
https://promo.libertex.org/?aff_id=43496&cxd=43496_505283_|afp0:6b7bdfd39d594d6bc09b55215bd0a08f|afp1:43137 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.pittsburgh.cbslocal.co/ HTTP 302
https://www.pittsburgh.cbslocal.co/ HTTP 302
http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJjoIeJbezv7P0uRYhwuGVEzXWNdheV4tKWLGfxW8XX8m8SmUVtNPxzzECSgqod1rln5%2Fy0puPyKhofHlOTdpQQSp%2FYUg4radyW0sxNWauzjHcwpYosmMpfcIzRusUx8m3kxV3uwq40osH5W2vDGzU7XkEDVdN5TxOqQ90LYfK%2BlZeqEVaUkC3qpv0jBM1CWIcNLP0Ie2Fenj9ipzxgv88yNQX6rvWuShI8jUaoVPnBj8fgSK3EIdZm2t5m2%2Bvca0HLUbPE05SKg0SgBdVrjVstY1eCnwgb%2BNVI%2FbNmZjWIwAtxH9A9fOC%2B9rG5n4iClpUAQwWQbiql2ZFKusY%2FJj5qwuGtiUzIMe1rJR6mNIvXf3JPxBKFebjG1NLDjl9cfLj9CuiIU%2BOyleGtv1iM1fsM%2BRAK6tACLmM9YdhF%2Bz43Peg8uiDkdsyqJkG99fIhned2w1waqqkrMr%2B2X8jEBHd%2FgxCwTgmyIpDA1eb2kRwyO%2BNBSQOriiIZmTpyyzvnFnOJsOVuh8H5njZOVDS1aL5o2Nrl8I3uQRRAkWy%2Ffx99gptqzOvGIJlGetkNHNiDDi67CMTFnz6D6BMEN%2BmdqIsbNgB%2FDEdmoJi4P1qa4MQmtX2pjN6ng2XUuh%2BkOG%2BHjOA%3D%3D

Request Chain 4

http://1redirc.com/r.php?u=https%3A%2F%2Fclever-redirect.com%2Fs%2Fr6%3Fs%3D721614%26s3%3D1395577282%26sid%3D20220311044520bb9b10a151b24fa195&s=j&enc=MlF1a3V2TEtPNE5KS25hTmlyeGZWMzQ5ZmpWSmFYZGhRMmMxWm1KNFptOVVNMHRPYmxOWU1ta3pibVZuVVVFeGFFcFJkV2szTTFOeU4wNDJOR0kyWTFWblowVlhlVmw1TVdkc09WaFlNVXBVWTBkSVoyeGxlVTltVkZVelQzcExZMVkzV0dReVJFbG9WMVF2T0RGeU9GWmllRlZKTmlzemJIVktaalZYY0ROaVprUm5ibUpQU1V3dkwzVjBSWHBDV2xaSVRrcGxRMUpOV0VSS2FVbExXR2RLU1hrMGJscGxWRTkyU1hOT2JURlZVSEJuY1dScVZXY3JkVkpsZEM5VVZFdHRVRU0yUldrMU9VVTVPR3BGVm1GWU0zTlFiM2RvVUdoa1RHRkVWMVZ1SzJWV1JFTXZjRGRwVlZKSmRUTlVjbmg0VjBwelNubE1TR3AxUmk5clZVOTBabGRzVUV0R2NuRmlZMFZ5ZW1KaFdEZ3piVzF4UXpOSFdIVXdlblV3YWt4a05tNXlPR3gzTm5oRWRuQlVSWEpqVmxwR1VGTjJRMWRrTkd0NWQwVklRVlZEUVVGdVFrdGhjV3hCVTJkVlQxZFRSbU5NVEZkQlFrTkNTalpNYURabk9WbEdVMFZzYWxwSlQweElkbGxpV2l0c05tSmtMM0JyVjNoRmFHZFhSa2xZV1cweWFsWjJjR1YzU3pWR2RTdENTQzlPUlRSRlJ6bFdkSE12VDJGQ2RrMVJRa2h4T1c5dlNuVTRTSEkwS3pBMEszQkNkVm8wU3pCUlkyTXpkV1JNUVZSV2RtTm5PVTFEV0RBMmVWQlNRWFZpY2tSUlZXTTRVM0o2U0hOVGFIWTNZV2xJUXpRNWRsQXJTRzFYYVZKVlVYWjRXblpGU0Uxd2FXTnFlR1pIYlRJemEzSmlORVE0TjNOT1RtTTFhMUZMTVdwRFFXWXlaRFI0YlRkWFJIcGpPWEk0TWtwRlFYSkJZekJ4VUZkRlkxbDRkWEpFUW1rd1MyWnJSalY1YkZsa1ZqSk9LMDlXZUVadk16RjFMMUZYTTBWRFFVWlJabk00VG5wbksydFllR0Y1TTNKMUszSkNaV0owUzNGdkt6VnJSVzEwZEdadFFVUjFNMHR2TldjdmNtSjJNVU5oYlc5WWFYUnJiMVZwZFRaRFlsTklSV2hSTTAxcWVHSktia1JXVlVkUU9XRnJVamsyZUVkNVdWTmtkVU5DVURaclNUWnVkMmszYlhkVVVVOXRieXR3V2tORVNHSllhM1pPTVVGbFMyWk1hRFJSZDNsYWJqVnJUM2hEUmsxdWNscEphMWhyVGtwTUwyRkpiRGt2V201R1MxRXJSRTl2TjJvME1ucEtTM0pJY0hCM2NWZDRZMDlrUVROQldVWnhSVUphZVV4NlRGcDBkSFJTTDBGRWIwbG9kVTgwVXpoMlpVaDVjMUVyZEV0VGIwcG9iWE5RWTFKdGFFMWxjazFNU20xWGJuVTBkV1Z3ZEZSblJUSlBhaXRETDJWVGFYQnhiV0Z4ZDBOaGNEZEVXbE5SUWxkeldXRnVNVlpoV0ZsVWNVMUJialo2YUVwblBRPT0%3D&vs=1600:1200&ds=1600:1200&sl=0:0&os=f&nos=f&swfV=0.0.0&if=f&sc=f&gpu=Intel%20Inc.%20-%20Intel%20Iris%20OpenGL%20Engine HTTP 302
https://clever-redirect.com/s/r6?s=721614&s3=1395577282&sid=20220311044520bb9b10a151b24fa195 HTTP 302
https://lookandfind.me/s/a?t=6&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=libertex-secure.com&s1=721614&s2=&s3=1395577282&s5=woc

Request Chain 6

https://ir3.xyz/61d8316883085?p1=b305f1be6d6b405c362d36d54185ee1a&p2=DE HTTP 302
https://ad.admitad.com/g/m3g0t4srg7d1eb74253d4009ce43fc/?subid=8d01e34c-bc1e-4b78-8955-492cc84fa0d3&subid1=60910da1d915b81f2932b7a1 HTTP 302
https://libertex-affiliates.ck-cdn.com/tn/serve/geoGroup/?rgid=9&bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp1=43137

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	r2.php Show response 1redirc.com/ Redirect Chain http://www.pittsburgh.cbslocal.co/ https://www.pittsburgh.cbslocal.co/ http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJj...	4 KB 3 KB	325ms 166ms	Document text/html	103.224.182.206 TRELLIAN-AS-AP Tr...
General Check archive.org Show headers Download Go to Full URL http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJjoIeJbezv7P0uRYhwuGVEzXWNdheV4tKWLGfxW8XX8m8SmUVtNPxzzECSgqod1rln5%2Fy0puPyKhofHlOTdpQQSp%2FYUg4radyW0sxNWauzjHcwpYosmMpfcIzRusUx8m3kxV3uwq40osH5W2vDGzU7XkEDVdN5TxOqQ90LYfK%2BlZeqEVaUkC3qpv0jBM1CWIcNLP0Ie2Fenj9ipzxgv88yNQX6rvWuShI8jUaoVPnBj8fgSK3EIdZm2t5m2%2Bvca0HLUbPE05SKg0SgBdVrjVstY1eCnwgb%2BNVI%2FbNmZjWIwAtxH9A9fOC%2B9rG5n4iClpUAQwWQbiql2ZFKusY%2FJj5qwuGtiUzIMe1rJR6mNIvXf3JPxBKFebjG1NLDjl9cfLj9CuiIU%2BOyleGtv1iM1fsM%2BRAK6tACLmM9YdhF%2Bz43Peg8uiDkdsyqJkG99fIhned2w1waqqkrMr%2B2X8jEBHd%2FgxCwTgmyIpDA1eb2kRwyO%2BNBSQOriiIZmTpyyzvnFnOJsOVuh8H5njZOVDS1aL5o2Nrl8I3uQRRAkWy%2Ffx99gptqzOvGIJlGetkNHNiDDi67CMTFnz6D6BMEN%2BmdqIsbNgB%2FDEdmoJi4P1qa4MQmtX2pjN6ng2XUuh%2BkOG%2BHjOA%3D%3D Protocol HTTP/1.1 Server 103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU), Reverse DNS bidr.trellian.com Software Apache/2.4.25 (Debian) / Resource Hash `5e38390eb3c65b51746e9c76993d5946e8073b8bbb5f00c95db318a07008f8ed` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Thu, 10 Mar 2022 17:45:21 GMT Server Apache/2.4.25 (Debian) Vary Accept-Encoding Content-Encoding gzip Content-Length 2323 Connection close Content-Type text/html; charset=UTF-8 Redirect headers Date Thu, 10 Mar 2022 17:45:20 GMT Server Apache/2.4.25 (Debian) Location http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJjoIeJbezv7P0uRYhwuGVEzXWNdheV4tKWLGfxW8XX8m8SmUVtNPxzzECSgqod1rln5%2Fy0puPyKhofHlOTdpQQSp%2FYUg4radyW0sxNWauzjHcwpYosmMpfcIzRusUx8m3kxV3uwq40osH5W2vDGzU7XkEDVdN5TxOqQ90LYfK%2BlZeqEVaUkC3qpv0jBM1CWIcNLP0Ie2Fenj9ipzxgv88yNQX6rvWuShI8jUaoVPnBj8fgSK3EIdZm2t5m2%2Bvca0HLUbPE05SKg0SgBdVrjVstY1eCnwgb%2BNVI%2FbNmZjWIwAtxH9A9fOC%2B9rG5n4iClpUAQwWQbiql2ZFKusY%2FJj5qwuGtiUzIMe1rJR6mNIvXf3JPxBKFebjG1NLDjl9cfLj9CuiIU%2BOyleGtv1iM1fsM%2BRAK6tACLmM9YdhF%2Bz43Peg8uiDkdsyqJkG99fIhned2w1waqqkrMr%2B2X8jEBHd%2FgxCwTgmyIpDA1eb2kRwyO%2BNBSQOriiIZmTpyyzvnFnOJsOVuh8H5njZOVDS1aL5o2Nrl8I3uQRRAkWy%2Ffx99gptqzOvGIJlGetkNHNiDDi67CMTFnz6D6BMEN%2BmdqIsbNgB%2FDEdmoJi4P1qa4MQmtX2pjN6ng2XUuh%2BkOG%2BHjOA%3D%3D Content-Length 0 Connection close Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	jscheck.js Show response 1redirc.com/javascript/	899 B 718 B	310ms 156ms	Script application/javascript	103.224.182.206 TRELLIAN-AS-AP Tr...
General Check archive.org Show headers Download Go to Full URL http://1redirc.com/javascript/jscheck.js Requested by Host: 1redirc.com URL: http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJjoIeJbezv7P0uRYhwuGVEzXWNdheV4tKWLGfxW8XX8m8SmUVtNPxzzECSgqod1rln5%2Fy0puPyKhofHlOTdpQQSp%2FYUg4radyW0sxNWauzjHcwpYosmMpfcIzRusUx8m3kxV3uwq40osH5W2vDGzU7XkEDVdN5TxOqQ90LYfK%2BlZeqEVaUkC3qpv0jBM1CWIcNLP0Ie2Fenj9ipzxgv88yNQX6rvWuShI8jUaoVPnBj8fgSK3EIdZm2t5m2%2Bvca0HLUbPE05SKg0SgBdVrjVstY1eCnwgb%2BNVI%2FbNmZjWIwAtxH9A9fOC%2B9rG5n4iClpUAQwWQbiql2ZFKusY%2FJj5qwuGtiUzIMe1rJR6mNIvXf3JPxBKFebjG1NLDjl9cfLj9CuiIU%2BOyleGtv1iM1fsM%2BRAK6tACLmM9YdhF%2Bz43Peg8uiDkdsyqJkG99fIhned2w1waqqkrMr%2B2X8jEBHd%2FgxCwTgmyIpDA1eb2kRwyO%2BNBSQOriiIZmTpyyzvnFnOJsOVuh8H5njZOVDS1aL5o2Nrl8I3uQRRAkWy%2Ffx99gptqzOvGIJlGetkNHNiDDi67CMTFnz6D6BMEN%2BmdqIsbNgB%2FDEdmoJi4P1qa4MQmtX2pjN6ng2XUuh%2BkOG%2BHjOA%3D%3D Protocol HTTP/1.1 Server 103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU), Reverse DNS bidr.trellian.com Software Apache/2.4.25 (Debian) / Resource Hash `40daba765e68df81072dba603adecbd49b4c9b0ee836189af681c3a7827bfd9e` Request headers Accept-Language de-DE,de;q=0.9 Referer http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJjoIeJbezv7P0uRYhwuGVEzXWNdheV4tKWLGfxW8XX8m8SmUVtNPxzzECSgqod1rln5%2Fy0puPyKhofHlOTdpQQSp%2FYUg4radyW0sxNWauzjHcwpYosmMpfcIzRusUx8m3kxV3uwq40osH5W2vDGzU7XkEDVdN5TxOqQ90LYfK%2BlZeqEVaUkC3qpv0jBM1CWIcNLP0Ie2Fenj9ipzxgv88yNQX6rvWuShI8jUaoVPnBj8fgSK3EIdZm2t5m2%2Bvca0HLUbPE05SKg0SgBdVrjVstY1eCnwgb%2BNVI%2FbNmZjWIwAtxH9A9fOC%2B9rG5n4iClpUAQwWQbiql2ZFKusY%2FJj5qwuGtiUzIMe1rJR6mNIvXf3JPxBKFebjG1NLDjl9cfLj9CuiIU%2BOyleGtv1iM1fsM%2BRAK6tACLmM9YdhF%2Bz43Peg8uiDkdsyqJkG99fIhned2w1waqqkrMr%2B2X8jEBHd%2FgxCwTgmyIpDA1eb2kRwyO%2BNBSQOriiIZmTpyyzvnFnOJsOVuh8H5njZOVDS1aL5o2Nrl8I3uQRRAkWy%2Ffx99gptqzOvGIJlGetkNHNiDDi67CMTFnz6D6BMEN%2BmdqIsbNgB%2FDEdmoJi4P1qa4MQmtX2pjN6ng2XUuh%2BkOG%2BHjOA%3D%3D User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 10 Mar 2022 17:45:21 GMT Content-Encoding gzip Last-Modified Fri, 14 Jan 2022 13:27:28 GMT Server Apache/2.4.25 (Debian) ETag "383-5d58ac3a31000-gzip" Vary Accept-Encoding Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 405
GET H/1.1	200 OK	swfobject.js Show response 1redirc.com/javascript/	10 KB 4 KB	313ms 157ms	Script application/javascript	103.224.182.206 TRELLIAN-AS-AP Tr...
General Check archive.org Show headers Download Go to Full URL http://1redirc.com/javascript/swfobject.js Requested by Host: 1redirc.com URL: http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJjoIeJbezv7P0uRYhwuGVEzXWNdheV4tKWLGfxW8XX8m8SmUVtNPxzzECSgqod1rln5%2Fy0puPyKhofHlOTdpQQSp%2FYUg4radyW0sxNWauzjHcwpYosmMpfcIzRusUx8m3kxV3uwq40osH5W2vDGzU7XkEDVdN5TxOqQ90LYfK%2BlZeqEVaUkC3qpv0jBM1CWIcNLP0Ie2Fenj9ipzxgv88yNQX6rvWuShI8jUaoVPnBj8fgSK3EIdZm2t5m2%2Bvca0HLUbPE05SKg0SgBdVrjVstY1eCnwgb%2BNVI%2FbNmZjWIwAtxH9A9fOC%2B9rG5n4iClpUAQwWQbiql2ZFKusY%2FJj5qwuGtiUzIMe1rJR6mNIvXf3JPxBKFebjG1NLDjl9cfLj9CuiIU%2BOyleGtv1iM1fsM%2BRAK6tACLmM9YdhF%2Bz43Peg8uiDkdsyqJkG99fIhned2w1waqqkrMr%2B2X8jEBHd%2FgxCwTgmyIpDA1eb2kRwyO%2BNBSQOriiIZmTpyyzvnFnOJsOVuh8H5njZOVDS1aL5o2Nrl8I3uQRRAkWy%2Ffx99gptqzOvGIJlGetkNHNiDDi67CMTFnz6D6BMEN%2BmdqIsbNgB%2FDEdmoJi4P1qa4MQmtX2pjN6ng2XUuh%2BkOG%2BHjOA%3D%3D Protocol HTTP/1.1 Server 103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU), Reverse DNS bidr.trellian.com Software Apache/2.4.25 (Debian) / Resource Hash `a2d68e4530bbf55b595085ad00ef6999cb64574eb58b44b53ef0516fa7fa4aed` Request headers Accept-Language de-DE,de;q=0.9 Referer http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJjoIeJbezv7P0uRYhwuGVEzXWNdheV4tKWLGfxW8XX8m8SmUVtNPxzzECSgqod1rln5%2Fy0puPyKhofHlOTdpQQSp%2FYUg4radyW0sxNWauzjHcwpYosmMpfcIzRusUx8m3kxV3uwq40osH5W2vDGzU7XkEDVdN5TxOqQ90LYfK%2BlZeqEVaUkC3qpv0jBM1CWIcNLP0Ie2Fenj9ipzxgv88yNQX6rvWuShI8jUaoVPnBj8fgSK3EIdZm2t5m2%2Bvca0HLUbPE05SKg0SgBdVrjVstY1eCnwgb%2BNVI%2FbNmZjWIwAtxH9A9fOC%2B9rG5n4iClpUAQwWQbiql2ZFKusY%2FJj5qwuGtiUzIMe1rJR6mNIvXf3JPxBKFebjG1NLDjl9cfLj9CuiIU%2BOyleGtv1iM1fsM%2BRAK6tACLmM9YdhF%2Bz43Peg8uiDkdsyqJkG99fIhned2w1waqqkrMr%2B2X8jEBHd%2FgxCwTgmyIpDA1eb2kRwyO%2BNBSQOriiIZmTpyyzvnFnOJsOVuh8H5njZOVDS1aL5o2Nrl8I3uQRRAkWy%2Ffx99gptqzOvGIJlGetkNHNiDDi67CMTFnz6D6BMEN%2BmdqIsbNgB%2FDEdmoJi4P1qa4MQmtX2pjN6ng2XUuh%2BkOG%2BHjOA%3D%3D User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 10 Mar 2022 17:45:21 GMT Content-Encoding gzip Last-Modified Fri, 14 Jan 2022 13:27:28 GMT Server Apache/2.4.25 (Debian) ETag "27ef-5d58ac3a31000-gzip" Vary Accept-Encoding Content-Type application/javascript Connection close Accept-Ranges bytes Content-Length 3949
GET H/1.1	200 OK	jscheck.php 1redirc.com/	0 166 B	344ms 179ms	XHR text/html	103.224.182.206 TRELLIAN-AS-AP Tr...
General Check archive.org Show headers Download Go to Full URL http://1redirc.com/jscheck.php?enc=MlF1a3V2TEtPNE5KS25hTmlyeGZWMzQ5ZmpWSmFYZGhRMmMxWm1KNFptOVVNMHRPYmxOWU1ta3pibVZuVVVFeGFFcFJkV2szTTFOeU4wNDJOR0kyWTFWblowVlhlVmw1TVdkc09WaFlNVXBVWTBkSVoyeGxlVTltVkZVelQzcExZMVkzV0dReVJFbG9WMVF2T0RGeU9GWmllRlZKTmlzemJIVktaalZYY0ROaVprUm5ibUpQU1V3dkwzVjBSWHBDV2xaSVRrcGxRMUpOV0VSS2FVbExXR2RLU1hrMGJscGxWRTkyU1hOT2JURlZVSEJuY1dScVZXY3JkVkpsZEM5VVZFdHRVRU0yUldrMU9VVTVPR3BGVm1GWU0zTlFiM2RvVUdoa1RHRkVWMVZ1SzJWV1JFTXZjRGRwVlZKSmRUTlVjbmg0VjBwelNubE1TR3AxUmk5clZVOTBabGRzVUV0R2NuRmlZMFZ5ZW1KaFdEZ3piVzF4UXpOSFdIVXdlblV3YWt4a05tNXlPR3gzTm5oRWRuQlVSWEpqVmxwR1VGTjJRMWRrTkd0NWQwVklRVlZEUVVGdVFrdGhjV3hCVTJkVlQxZFRSbU5NVEZkQlFrTkNTalpNYURabk9WbEdVMFZzYWxwSlQweElkbGxpV2l0c05tSmtMM0JyVjNoRmFHZFhSa2xZV1cweWFsWjJjR1YzU3pWR2RTdENTQzlPUlRSRlJ6bFdkSE12VDJGQ2RrMVJRa2h4T1c5dlNuVTRTSEkwS3pBMEszQkNkVm8wU3pCUlkyTXpkV1JNUVZSV2RtTm5PVTFEV0RBMmVWQlNRWFZpY2tSUlZXTTRVM0o2U0hOVGFIWTNZV2xJUXpRNWRsQXJTRzFYYVZKVlVYWjRXblpGU0Uxd2FXTnFlR1pIYlRJemEzSmlORVE0TjNOT1RtTTFhMUZMTVdwRFFXWXlaRFI0YlRkWFJIcGpPWEk0TWtwRlFYSkJZekJ4VUZkRlkxbDRkWEpFUW1rd1MyWnJSalY1YkZsa1ZqSk9LMDlXZUVadk16RjFMMUZYTTBWRFFVWlJabk00VG5wbksydFllR0Y1TTNKMUszSkNaV0owUzNGdkt6VnJSVzEwZEdadFFVUjFNMHR2TldjdmNtSjJNVU5oYlc5WWFYUnJiMVZwZFRaRFlsTklSV2hSTTAxcWVHSktia1JXVlVkUU9XRnJVamsyZUVkNVdWTmtkVU5DVURaclNUWnVkMmszYlhkVVVVOXRieXR3V2tORVNHSllhM1pPTVVGbFMyWk1hRFJSZDNsYWJqVnJUM2hEUmsxdWNscEphMWhyVGtwTUwyRkpiRGt2V201R1MxRXJSRTl2TjJvME1ucEtTM0pJY0hCM2NWZDRZMDlrUVROQldVWnhSVUphZVV4NlRGcDBkSFJTTDBGRWIwbG9kVTgwVXpoMlpVaDVjMUVyZEV0VGIwcG9iWE5RWTFKdGFFMWxjazFNU20xWGJuVTBkV1Z3ZEZSblJUSlBhaXRETDJWVGFYQnhiV0Z4ZDBOaGNEZEVXbE5SUWxkeldXRnVNVlpoV0ZsVWNVMUJialo2YUVwblBRPT0%3D&rand=0.7331874707949375 Requested by Host: 1redirc.com URL: http://1redirc.com/javascript/jscheck.js Protocol HTTP/1.1 Server 103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU), Reverse DNS bidr.trellian.com Software Apache/2.4.25 (Debian) / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer http://1redirc.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yAccQsA%2F44i12a%2FiW1H8eZAkDHASSyOj%2FYMDjkzHOC5p1gwlrAhexdHBnlBB2e2G%2FX4JV1U4wbUCI0wdU%2Be2vukP1RmcfP0R%2FXfgRuw%2F2NcR2%2BX2L9n5LBVyWYKHjm%2FLUJjoIeJbezv7P0uRYhwuGVEzXWNdheV4tKWLGfxW8XX8m8SmUVtNPxzzECSgqod1rln5%2Fy0puPyKhofHlOTdpQQSp%2FYUg4radyW0sxNWauzjHcwpYosmMpfcIzRusUx8m3kxV3uwq40osH5W2vDGzU7XkEDVdN5TxOqQ90LYfK%2BlZeqEVaUkC3qpv0jBM1CWIcNLP0Ie2Fenj9ipzxgv88yNQX6rvWuShI8jUaoVPnBj8fgSK3EIdZm2t5m2%2Bvca0HLUbPE05SKg0SgBdVrjVstY1eCnwgb%2BNVI%2FbNmZjWIwAtxH9A9fOC%2B9rG5n4iClpUAQwWQbiql2ZFKusY%2FJj5qwuGtiUzIMe1rJR6mNIvXf3JPxBKFebjG1NLDjl9cfLj9CuiIU%2BOyleGtv1iM1fsM%2BRAK6tACLmM9YdhF%2Bz43Peg8uiDkdsyqJkG99fIhned2w1waqqkrMr%2B2X8jEBHd%2FgxCwTgmyIpDA1eb2kRwyO%2BNBSQOriiIZmTpyyzvnFnOJsOVuh8H5njZOVDS1aL5o2Nrl8I3uQRRAkWy%2Ffx99gptqzOvGIJlGetkNHNiDDi67CMTFnz6D6BMEN%2BmdqIsbNgB%2FDEdmoJi4P1qa4MQmtX2pjN6ng2XUuh%2BkOG%2BHjOA%3D%3D User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Thu, 10 Mar 2022 17:45:21 GMT Server Apache/2.4.25 (Debian) Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET H2	200	a lookandfind.me/s/ Redirect Chain http://1redirc.com/r.php?u=https%3A%2F%2Fclever-redirect.com%2Fs%2Fr6%3Fs%3D721614%26s3%3D1395577282%26sid%3D20220311044520bb9b10a151b24fa195&s=j&enc=MlF1a3V2TEtPNE5KS25hTmlyeGZWMzQ5ZmpWSmFYZGhRMmM... https://clever-redirect.com/s/r6?s=721614&s3=1395577282&sid=20220311044520bb9b10a151b24fa195 https://lookandfind.me/s/a?t=6&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=libertex-secure.com&s1=721614&s2=&s3=1395577282&s5=woc	338 B 505 B	75ms 24ms	Document text/html	157.90.169.168 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://lookandfind.me/s/a?t=6&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=libertex-secure.com&s1=721614&s2=&s3=1395577282&s5=woc Requested by Host: 1redirc.com URL: http://1redirc.com/javascript/jscheck.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.90.169.168 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.168.169.90.157.clients.your-server.de Software Apache/2.4.49 (codeit) OpenSSL/1.1.1l PHP/7.4.24 / PHP/7.4.24 Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers referrer-policy strict-origin-when-cross-origin x-powered-by PHP/7.4.24 content-length 338 content-type text/html; charset=UTF-8 date Thu, 10 Mar 2022 17:45:22 GMT server Apache/2.4.49 (codeit) OpenSSL/1.1.1l PHP/7.4.24 Redirect headers referrer-policy no-referrer x-powered-by PHP/7.4.27 location https://lookandfind.me/s/a?t=6&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=libertex-secure.com&s1=721614&s2=&s3=1395577282&s5=woc content-length 0 content-type text/html; charset=UTF-8 date Thu, 10 Mar 2022 17:45:22 GMT server Apache/2.4.52 (codeit) OpenSSL/1.1.1m PHP/7.4.27
GET H2	200	r lookandfind.me/s/	276 B 306 B	16ms 16ms	Document text/html	157.90.169.168 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://lookandfind.me/s/r?u=https%3A%2F%2Fir3.xyz%2F61d8316883085%3Fp1%3Db305f1be6d6b405c362d36d54185ee1a%26p2%3DDE&h=2104af9fbb3206283b10f2fac0575a34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.90.169.168 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.168.169.90.157.clients.your-server.de Software Apache/2.4.49 (codeit) OpenSSL/1.1.1l PHP/7.4.24 / PHP/7.4.24 Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://lookandfind.me/s/a?t=6&f=1&u=41ecaa9ae33de01f1e1a4b6551068474&m=libertex-secure.com&s1=721614&s2=&s3=1395577282&s5=woc Response headers referrer-policy strict-origin-when-cross-origin x-powered-by PHP/7.4.24 content-length 276 content-type text/html; charset=UTF-8 date Thu, 10 Mar 2022 17:45:22 GMT server Apache/2.4.49 (codeit) OpenSSL/1.1.1l PHP/7.4.24
GET H2	200	/ Show response libertex-affiliates.ck-cdn.com/tn/serve/geoGroup/ Redirect Chain https://ir3.xyz/61d8316883085?p1=b305f1be6d6b405c362d36d54185ee1a&p2=DE https://ad.admitad.com/g/m3g0t4srg7d1eb74253d4009ce43fc/?subid=8d01e34c-bc1e-4b78-8955-492cc84fa0d3&subid1=60910da1d915b81f2932b7a1 https://libertex-affiliates.ck-cdn.com/tn/serve/geoGroup/?rgid=9&bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp1=43137	214 B 708 B	345ms 287ms	Document text/html	2606:4700:20::ac43:4691 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://libertex-affiliates.ck-cdn.com/tn/serve/geoGroup/?rgid=9&bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp1=43137 Requested by Host: lookandfind.me URL: https://lookandfind.me/s/r?u=https%3A%2F%2Fir3.xyz%2F61d8316883085%3Fp1%3Db305f1be6d6b405c362d36d54185ee1a%26p2%3DDE&h=2104af9fbb3206283b10f2fac0575a34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4691 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f9a2bae436627797bcc0ba2f4b888580cb07c7abf65d98aee3762cd51b0c3beb` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://lookandfind.me/s/r?u=https%3A%2F%2Fir3.xyz%2F61d8316883085%3Fp1%3Db305f1be6d6b405c362d36d54185ee1a%26p2%3DDE&h=2104af9fbb3206283b10f2fac0575a34 Response headers date Thu, 10 Mar 2022 17:45:23 GMT content-type text/html;charset=UTF-8 referer https://lookandfind.me/ http_referer https://lookandfind.me/ expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tEZLyQTSEzeafRZUBfOBOCPlmvRVbMt7gRBHZpcXAuYYiFC4IIHIueCoGa36UTlKKDq47ErE1aCJFz0cOAxEGSLrSRxK0rGIAJVrdUgDAHsP6cO3peAUPxg0O%2FxHYoMe01UEg2CuD5zCxHFofhZ8AzGD7K9t8ObR0qGlPg%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding server cloudflare cf-ray 6e9ddd1f1c3b9113-FRA content-encoding br Redirect headers server nginx date Thu, 10 Mar 2022 17:45:22 GMT content-type text/html; charset=utf-8 content-length 1143 location https://libertex-affiliates.ck-cdn.com/tn/serve/geoGroup/?rgid=9&bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp1=43137 cache-control private, no-cache, no-store, must-revalidate pragma no-cache expires Tue, 01 Jan 1980 1:00:00 GMT p3p CP="NON DSP COR CURa TIA"
GET H2	404	Primary Request / Show response promo.libertex.org/ Redirect Chain https://go.libertex.com/visit/?bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp1=43137&nci=10363&oref=https%3A%2F%2Flookandfind.me%2F https://promo.libertex.org/?aff_id=43496&cxd=43496_505283_\|afp0:6b7bdfd39d594d6bc09b55215bd0a08f\|afp1:43137	200 B 770 B	162ms 124ms	Document text/html	2606:4700::6811:5a0e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://promo.libertex.org/?aff_id=43496&cxd=43496_505283_\|afp0:6b7bdfd39d594d6bc09b55215bd0a08f\|afp1:43137 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1327829c606b152628d0eb6e2881a2216c2e14f3a6e0e2a67fb708ec5a6b544c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://libertex-affiliates.ck-cdn.com/tn/serve/geoGroup/?rgid=9&bta=43496&afp=6b7bdfd39d594d6bc09b55215bd0a08f&afp1=43137 Response headers date Thu, 10 Mar 2022 17:45:23 GMT content-type text/html cf-ray 6e9ddd22e9ab5c3e-FRA last-modified Tue, 25 Jul 2017 15:19:57 GMT cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-amz-error-code NoSuchKey x-amz-error-detail-key index.html x-amz-error-message The specified key does not exist. x-amz-id-2 WQ5ITVrcl3h6Zy08ga7JW0paa8+UqRbrgg1V+6yehlsy3EBp6FkWHkpxLhcUuSz/IACPGXTZvFs= x-amz-request-id TNFZHVV5N5KC2K2W vary Accept-Encoding server cloudflare content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Redirect headers Server rhino-core-shield Date Thu, 10 Mar 2022 17:45:23 GMT Content-Type text/html; Charset=UTF-8 Content-Length 232 Connection keep-alive Cache-Control private,no-cache Pragma no-cache Expires Wed, 09 Mar 2022 17:45:18 GMT Location https://promo.libertex.org/?aff_id=43496&cxd=43496_505283_\|afp0:6b7bdfd39d594d6bc09b55215bd0a08f\|afp1:43137 P3P CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" X-Cache-Status MISS Access-Control-Allow-Origin *

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.pittsburgh.cbslocal.co/	1970-01-23 17:04:54	Name: __tad Value: 1646934319.3028199
.1redirc.com/	1970-01-20 10:14:30	Name: __dsnsid Value: 20220311044520bb9b10a151b24fa195
clever-redirect.com/	1970-01-20 01:30:20	Name: bc43a7dd062809876b30bda330cf83d3 Value: 0ea92603bbb32fb38c20fd7db1a13354f101937863e5a8e6ca18790cd6dfe174a%3A2%3A%7Bi%3A0%3Bs%3A32%3A%22bc43a7dd062809876b30bda330cf83d3%22%3Bi%3A1%3Bs%3A1%3A%221%22%3B%7D
.ir3.xyz/	1970-01-20 02:12:06	Name: 4637 Value: 8d01e34c-bc1e-4b78-8955-492cc84fa0d3
.ad.admitad.com/	1970-01-20 19:00:06	Name: UID Value: v=3\|id=a86966706db31d1e62dccf151ebcfda5\|expr=1710006322\|type=0\|business_expr=1649526322
.ad.admitad.com/	1969-12-31 23:59:59	Name: UID2 Value: v=3\|id=a86966706db31d1e62dccf151ebcfda5\|expr=1710006322\|type=0\|business_expr=1649526322
go.libertex.com/	1970-01-20 02:13:29	Name: libertexrev Value: afp=%7Cafp0%3A6b7bdfd39d594d6bc09b55215bd0a08f%7Cafp1%3A43137&bta=43496&Visitors=q&cid=505283
.libertex.org/	1970-01-20 01:28:56	Name: __cf_bm Value: YUpiqWW8oqu.mRa3Mgjx7hh0mIwIWWq0.L_jkS6wRGw-1646934323-0-ASFr8Mzu7AyGKngpdFyFKRYIGjCWrxuNlifZpJ/v7A32nkh/cnRYEOeuyg7CJPQm2mxx9etzdsYdn3Uwjx6I4QM=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://promo.libertex.org/?aff_id=43496&cxd=43496_505283_\|afp0:6b7bdfd39d594d6bc09b55215bd0a08f\|afp1:43137 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1redirc.com
ad.admitad.com
clever-redirect.com
go.libertex.com
ir3.xyz
libertex-affiliates.ck-cdn.com
lookandfind.me
promo.libertex.org
www.pittsburgh.cbslocal.co
103.224.182.206
103.224.182.252
104.248.96.70
157.90.169.168
185.26.99.247
2606:4700:20::ac43:4691
2606:4700::6811:5a0e
35.234.86.61
78.46.197.88
1327829c606b152628d0eb6e2881a2216c2e14f3a6e0e2a67fb708ec5a6b544c
40daba765e68df81072dba603adecbd49b4c9b0ee836189af681c3a7827bfd9e
5e38390eb3c65b51746e9c76993d5946e8073b8bbb5f00c95db318a07008f8ed
a2d68e4530bbf55b595085ad00ef6999cb64574eb58b44b53ef0516fa7fa4aed
f9a2bae436627797bcc0ba2f4b888580cb07c7abf65d98aee3762cd51b0c3beb

promo.libertex.org Open in urlscan Pro 2606:4700::6811:5a0e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

50 %HTTPS

22 %IPv6

9 Domains

9 Subdomains

4 IPs

4 Countries

10 kBTransfer

16 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

8 Cookies

1 Console Messages

Indicators

promo.libertex.org Open in urlscan Pro
2606:4700::6811:5a0e Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

50 %
HTTPS

22 %
IPv6

9
Domains

9
Subdomains

4
IPs

4
Countries

10 kB
Transfer

16 kB
Size

8
Cookies

8 HTTP transactions
0 data transactions