cpi-offers.com Open in urlscan Pro
3.121.26.234 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.rtbdem.com/redirect.php?aff=335644&incent=0&gaid={aaid}&aff_sub=M_04eRBajXsG1PEOd35dTDiS09Q_M&idfa=1008&gai...
Effective URL:
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeS...
Submission: On March 19 via api (March 19th 2021, 6:05:11 pm UTC) from US

Summary HTTP 40 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 22 domains to perform 40 HTTP transactions. The main IP is 3.121.26.234, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is cpi-offers.com.
TLS certificate: Issued by Amazon on November 25th 2020. Valid for: a year.

This is the only time cpi-offers.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.250.217.240 13.250.217.240	16509 (AMAZON-02) (AMAZON-02)
1	35.186.220.166 35.186.220.166	15169 (GOOGLE) (GOOGLE)
1 2	3.121.26.234 3.121.26.234	16509 (AMAZON-02) (AMAZON-02)
3	168.119.91.228 168.119.91.228	24940 (HETZNER-AS) (HETZNER-AS)
3	209.99.40.222 209.99.40.222	40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC)
2 2	136.243.5.28 136.243.5.28	24940 (HETZNER-AS) (HETZNER-AS)
2	198.134.116.30 198.134.116.30	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2	3.226.163.49 3.226.163.49	14618 (AMAZON-AES) (AMAZON-AES)
1 1	213.227.134.236 213.227.134.236	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 3	2a02:26f0:64:... 2a02:26f0:64:58f::2a1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	213.227.135.211 213.227.135.211	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	13.226.134.232 13.226.134.232	16509 (AMAZON-02) (AMAZON-02)
3	34.120.248.84 34.120.248.84	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:c03	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	213.227.134.196 213.227.134.196	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	34.200.173.192 34.200.173.192	14618 (AMAZON-AES) (AMAZON-AES)
1	52.209.87.198 52.209.87.198	16509 (AMAZON-02) (AMAZON-02)
1 1	13.251.242.229 13.251.242.229	16509 (AMAZON-02) (AMAZON-02)
1 1	213.227.156.11 213.227.156.11	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	2606:4700:303... 2606:4700:3031::6815:1fc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.205.22 172.64.205.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::681a:d03	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.190.77.108 35.190.77.108	15169 (GOOGLE) (GOOGLE)
1 1	213.227.135.209 213.227.135.209	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
40	14

1 13.250.217.240 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-250-217-240.ap-southeast-1.compute.amazonaws.com

www.rtbdem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.220.166 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 166.220.186.35.bc.googleusercontent.com

clk.trk144.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.26.234 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-26-234.eu-central-1.compute.amazonaws.com

cpi-offers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 168.119.91.228 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.228.91.119.168.clients.your-server.de

apts.trckswrm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aptrt.trckswrm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 209.99.40.222 (United States)

ASN40034 (CONFLUENCE-NETWORK-INC, VG)
PTR: 209-99-40-222.fwd.datafoundry.com

track.themedia.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 136.243.5.28 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)

adcrt.trckswrm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.134.116.30 (Grapevine, United States)

ASN27257 (WEBAIR-INTERNET, US)

mob.palmparadise.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.226.163.49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-163-49.compute-1.amazonaws.com

trk.games-to-run123.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.134.236 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

leaddaway.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:64:58f::2a1 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

apps.apple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.135.211 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

lambadapp.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.134.232 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-226-134-232.dus51.r.cloudfront.net

app.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.120.248.84 (Kansas City, United States)

ASN15169 (GOOGLE, US)

click.mnmnck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:c03 (United States)

ASN13335 (CLOUDFLARENET, US)

techido.gotrackier.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.134.196 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

click2comm.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.200.173.192 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

track.g4s6.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.209.87.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

trk.interceptd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.251.242.229 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02, US)

track.paddlewaver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.156.11 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

tappx.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::6815:1fc9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

monktraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.205.22 (United States)

ASN13335 (CLOUDFLARENET, US)

trk35.nedo.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:d03 (United States)

ASN13335 (CLOUDFLARENET, US)

pandamobi.gotrackier.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.77.108 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 108.77.190.35.bc.googleusercontent.com

clicks.rtad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.135.209 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

appalgo.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	trckswrm.com 2 redirects apts.trckswrm.com adcrt.trckswrm.com aptrt.trckswrm.com	749 B
3	mnmnck.com click.mnmnck.com	292 B
3	apple.com 1 redirects apps.apple.com	1 KB
3	g2afse.com ad-experience.g2afse.com Failed leaddaway.g2afse.com spykemedia.g2afse.com Failed valuadle.g2afse.com Failed tappx.g2afse.com apptrust.g2afse.com Failed mobee.g2afse.com Failed appscogent.g2afse.com Failed appalgo.g2afse.com	385 B
3	themedia.site track.themedia.site
2	rtad.io clicks.rtad.io	187 B
2	gotrackier.com techido.gotrackier.com pandamobi.gotrackier.com	2 KB
2	go2affise.com 2 redirects lambadapp.go2affise.com click2comm.go2affise.com	544 B
2	games-to-run123.com trk.games-to-run123.com
2	palmparadise.info mob.palmparadise.info
2	cpi-offers.com 1 redirects cpi-offers.com	2 KB
1	nedo.xyz trk35.nedo.xyz
1	monktraff.com 1 redirects monktraff.com	642 B
1	paddlewaver.com 1 redirects track.paddlewaver.com	336 B
1	interceptd.com trk.interceptd.com
1	g4s6.com 1 redirects track.g4s6.com	1 KB
1	appsflyer.com 1 redirects app.appsflyer.com	309 B
1	trk144.com clk.trk144.com	475 B
1	rtbdem.com 1 redirects www.rtbdem.com	550 B
0	blueparrot.media Failed xml.blueparrot.media Failed
0	poqueras.com Failed poqueras.com Failed
0	tare.pro Failed tare.pro Failed
40	22

	Domain	Requested by
3	click.mnmnck.com	cpi-offers.com
3	apps.apple.com	1 redirects cpi-offers.com
3	track.themedia.site	cpi-offers.com
2	clicks.rtad.io	cpi-offers.com
2	aptrt.trckswrm.com	cpi-offers.com
2	trk.games-to-run123.com	cpi-offers.com
2	mob.palmparadise.info	cpi-offers.com
2	adcrt.trckswrm.com	2 redirects
2	cpi-offers.com	1 redirects
1	appalgo.g2afse.com	1 redirects
1	pandamobi.gotrackier.com	cpi-offers.com
1	trk35.nedo.xyz	cpi-offers.com
1	monktraff.com	1 redirects
1	tappx.g2afse.com	1 redirects
1	track.paddlewaver.com	1 redirects
1	trk.interceptd.com	cpi-offers.com
1	track.g4s6.com	1 redirects
1	click2comm.go2affise.com	1 redirects
1	techido.gotrackier.com	cpi-offers.com
1	app.appsflyer.com	1 redirects
1	lambadapp.go2affise.com	1 redirects
1	leaddaway.g2afse.com	1 redirects
1	apts.trckswrm.com	cpi-offers.com
1	clk.trk144.com
1	www.rtbdem.com	1 redirects
0	xml.blueparrot.media Failed	cpi-offers.com
0	appscogent.g2afse.com Failed	cpi-offers.com
0	mobee.g2afse.com Failed	cpi-offers.com
0	apptrust.g2afse.com Failed	cpi-offers.com
0	poqueras.com Failed	cpi-offers.com
0	valuadle.g2afse.com Failed	cpi-offers.com
0	spykemedia.g2afse.com Failed	cpi-offers.com
0	ad-experience.g2afse.com Failed	cpi-offers.com
0	tare.pro Failed	cpi-offers.com
40	34

This site contains no links.

Subject Issuer	Validity	Valid
adk2.com R3	`2021-03-02` - `2021-05-31`	3 months	crt.sh
cpi-offers.com Amazon	`2020-11-25` - `2021-12-24`	a year	crt.sh
apts.trckswrm.com R3	`2021-01-13` - `2021-04-13`	3 months	crt.sh
testexp testexp	`2020-06-02` - `2030-05-31`	10 years	crt.sh
mob.palmparadise.info Sectigo RSA Domain Validation Secure Server CA	`2021-01-25` - `2022-01-31`	a year	crt.sh
trk.games-to-run123.com Amazon	`2020-11-06` - `2021-12-05`	a year	crt.sh
itunes.apple.com DigiCert SHA2 Extended Validation Server CA-3	`2020-08-13` - `2021-08-14`	a year	crt.sh
click.mnmnck.com GTS CA 1D2	`2021-02-03` - `2021-05-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-09` - `2021-07-09`	a year	crt.sh
trk.interceptd.com DigiCert ECC Secure Server CA	`2020-02-18` - `2022-02-22`	2 years	crt.sh
aptrt.trckswrm.com R3	`2021-01-29` - `2021-04-29`	3 months	crt.sh
*.rtad.io R3	`2021-01-29` - `2021-04-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0
Frame ID: 285BFBF0616CBB0D25F4C0D373E52091
Requests: 40 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.rtbdem.com/redirect.php?aff=335644&incent=0&gaid={aaid}&aff_sub=M_04eRBajXsG1PEOd35dTDi... HTTP 302
https://clk.trk144.com/click?o=86985673&a=86970651&sub_id=M_04eRBajXsG1PEOd35dTDiS09Q_M_rtbs1{sourc... Page URL
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&ud... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Cloud (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /^1\.1 google$/i

Page Statistics

40
Requests

50 %
HTTPS

17 %
IPv6

22
Domains

34
Subdomains

14
IPs

5
Countries

4 kB
Transfer

7 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.rtbdem.com/redirect.php?aff=335644&incent=0&gaid={aaid}&aff_sub=M_04eRBajXsG1PEOd35dTDiS09Q_M&idfa=1008&gaidrequired=1&id=27473526&type=CPI&adult=0&aff_sub2=4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&demand=129&s1={sourceapp} HTTP 302
https://clk.trk144.com/click?o=86985673&a=86970651&sub_id=M_04eRBajXsG1PEOd35dTDiS09Q_M_rtbs1{sourceapp}_rtbs2_rtbs30ORIGIN27473526end_rtbaff335644_rtboffer27473526_rtbsub4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id3=1008&sub_id2=335644_4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id5=&sub_id4={sourceapp} Page URL
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.rtbdem.com/redirect.php?aff=335644&incent=0&gaid={aaid}&aff_sub=M_04eRBajXsG1PEOd35dTDiS09Q_M&idfa=1008&gaidrequired=1&id=27473526&type=CPI&adult=0&aff_sub2=4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&demand=129&s1={sourceapp} HTTP 302
https://clk.trk144.com/click?o=86985673&a=86970651&sub_id=M_04eRBajXsG1PEOd35dTDiS09Q_M_rtbs1{sourceapp}_rtbs2_rtbs30ORIGIN27473526end_rtbaff335644_rtboffer27473526_rtbsub4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id3=1008&sub_id2=335644_4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id5=&sub_id4={sourceapp}

Request Chain 1

https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D HTTP 302
https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7&sid= HTTP 302
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 0
http://tare.pro/go/216668/575137

Request Chain 4

https://adcrt.trckswrm.com/click?offer_id=116033&pub_id=9&pub_click_id=NCT_iphone_dk_ofid10772629_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat4_sub4_sub5&pub_sub_id=471450915&pub_sub_sub_id=915&app=id500963785 HTTP 302
https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid}

Request Chain 7

https://leaddaway.g2afse.com/click?pid=339&offer_id=2069608&sub1=NCT_iphone_dk_ofid8626597_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat7_sub4_sub5&sub2=471450915_915&sub5=id500963785 HTTP 302
https://apps.apple.com/us/app/ashley-madison-life-is-short/id359478823?uo=4&at=10l9yE HTTP 301
https://apps.apple.com/us/app/ashley-madison-life-is-short/id359478823?ign-mpt=uo%3D4

Request Chain 10

https://lambadapp.go2affise.com/click?pid=46&offer_id=722189&sub1=NCT_iphone_dk_ofid9674862_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat10_sub4_sub5&sub2=471450915_915&sub3=id500963785 HTTP 302
https://app.appsflyer.com/id994146068?af_siteid=46_471450915_915&af_c_id=722189&pid=lambadapp_int&af_click_lookback=7d&clickid=6054e7cdb69f42000186d497&af_sub1=26776&af_sub2=471450915_915&af_sub3=4342&af_installpostback=false&af_ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&af_lang=en-US&af_ip=82.102.20.235 HTTP 302
https://apps.apple.com/GB/app/id994146068?mt=8

Request Chain 17

https://click2comm.go2affise.com/click?pid=310&offer_id=2998635&sub1=NCT_iphone_dk_ofid10731276_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat17_sub4_sub5&sub2=471450915_915&sub6=id500963785 HTTP 302
https://track.g4s6.com/tnser/18/12072?c=&sp=310 HTTP 302
https://trk.interceptd.com/click?source_id=TVRVM01nPT18Tm5rNGVIRldkR001Tm5CalRIUnVXUzE1ZVMwdGN6RnFabVIyYmpaRWJHOD18TVdoNGQxaE1NamRNZUZVMWFreHlkUT09&click_id=1444246197C1616177102&sub_id=&device_id=

Request Chain 18

https://track.paddlewaver.com/?campaign_id=4716118&publisher_id=1000044&clickid=NCT_iphone_dk_ofid10582658_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat18_sub4_sub5&channel=471450915_915&packagename=id500963785&appname=id500963785 HTTP 302
https://tappx.g2afse.com/click?pid=511&offer_id=360294&sub1=p_1f1c807f-0f5a-47c4-c766-b5011998c2f51616177102811&sub2=1000044_471450915_915&sub4=&sub5=Run%20Race%203D HTTP 302
https://monktraff.com/l/270040860000774a2e25?source=511_1000044_471450915_915 HTTP 302
https://trk35.nedo.xyz/l/270040860000774a2e25.js?source=511_1000044_471450915_915

Request Chain 21

https://appalgo.g2afse.com/click?pid=76&offer_id=76878&sub1=NCT_iphone_dk_ofid8972908_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat21_sub4_sub5&sub2=471450915_915&sub5=id500963785 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=807&cid=&sid=76&udid=&name=&info=appalgorem&blockTime=0 HTTP 302
https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D HTTP 302
https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7&sid= HTTP 302
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D

Request Chain 24

https://click.appmultiple.net/tracking/click?clickid=NCT_iphone_dk_ofid8954322_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat24_sub4_sub5&trafficsource=1373697408&offerid=431021463505358918&sub_placement=id500963785&pub_subid=471450915_915 HTTP 302
https://apptrust.g2afse.com/click?pid=109&offer_id=408832&sub1=1616177102000V22&sub2=NV9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_26221649133505112193616&sub3=&sub4=id500963785

Request Chain 25

https://lambadapp.go2affise.com/click?pid=46&offer_id=3818039&sub1=NCT_iphone_dk_ofid10773680_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat25_sub4_sub5&sub2=471450915_915&sub3=id500963785 HTTP 302
https://mobee.g2afse.com/click?pid=4&offer_id=876454 HTTP 302
https://mobee.g2afse.com/click?pid=27&offer_id=1910753

Request Chain 27

https://adcrt.trckswrm.com/click?offer_id=116033&pub_id=9&pub_click_id=NCT_iphone_dk_ofid10772629_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat4_sub4_sub5&pub_sub_id=471450915&pub_sub_sub_id=915&app=id500963785 HTTP 302
https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid}

Request Chain 29

https://ad-experience.g2afse.com/click?pid=2&offer_id=490787&sub1=NCT_iphone_dk_ofid10700941_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat6_sub4_sub5&sub2=471450915_915&sub5=id500963785 HTTP 0
http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=490787&sub3=2

Request Chain 30

https://spykemedia.g2afse.com/click?pid=606&offer_id=1146589&sub1=NCT_iphone_dk_ofid10542515_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat8_sub4_sub5&sub2=471450915_915&sub4=471450915_915&sub3=%E7%94%9F%E7%90%86%E3%82%AB%E3%83%AC%E3%83%B3%E3%83%80%20Lite%20%28Period%20Tracker%29 HTTP 0
http://spykemedia.g2afse.com/disabled.html

Request Chain 31

https://valuadle.g2afse.com/click?pid=11&offer_id=302112&sub1=NCT_iphone_dk_ofid10711966_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat9_sub4_sub5&sub2=471450915_915&sub3=id500963785 HTTP 0
http://valuadle.g2afse.com/disabled.html

Request Chain 32

https://ad-experience.g2afse.com/click?pid=2&offer_id=307517&sub1=NCT_iphone_dk_ofid10663636_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat11_sub4_sub5&sub2=471450915_915&sub5=id500963785 HTTP 0
http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=307517&sub3=2

Request Chain 34

https://appalgo.g2afse.com/click?pid=76&offer_id=76878&sub1=NCT_iphone_dk_ofid8972908_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat21_sub4_sub5&sub2=471450915_915&sub5=id500963785 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=807&cid=&sid=76&udid=&name=&info=appalgorem&blockTime=0 HTTP 302
https://clicks.rtad.io/tracking/click?clickid=NCT_iphone_dk_ofid10795495_pid616_sub1_sub276_sub3appalgorem_nat11_sub4_sub5&trafficsource=1373692397&offerid=433832960909447310&pub_subid=471450616_76&sub_placement=id587366035

Request Chain 35

https://click.appmultiple.net/tracking/click?clickid=NCT_iphone_dk_ofid8954322_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat24_sub4_sub5&trafficsource=1373697408&offerid=431021463505358918&sub_placement=id500963785&pub_subid=471450915_915 HTTP 302
https://apptrust.g2afse.com/click?pid=109&offer_id=408832&sub1=1616177105000R4754&sub2=NV9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_262216491335051123816&sub3=&sub4=id500963785 HTTP 0
http://apptrust.g2afse.com/disabled.html

Request Chain 36

https://lambadapp.go2affise.com/click?pid=46&offer_id=3818039&sub1=NCT_iphone_dk_ofid10773680_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat25_sub4_sub5&sub2=471450915_915&sub3=id500963785 HTTP 302
https://mobee.g2afse.com/click?pid=4&offer_id=876454 HTTP 302
https://mobee.g2afse.com/click?pid=27&offer_id=1910753 HTTP 0
http://xml.blueparrot.media/redirect?feed=223869&auth=9tpPZk&url=http://www.google.com&subid=27_

Request Chain 37

https://appscogent.g2afse.com/click?pid=27&offer_id=345889&sub1=NCT_iphone_dk_ofid10683446_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat26_sub4_sub5&sub2=471450915_915&sub5=id500963785 HTTP 0
http://appscogent.g2afse.com/disabled.html

Request Chain 38

https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D HTTP 302
https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7&sid= HTTP 302
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D HTTP 0
http://tare.pro/go/216668/575137

40 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	click Show response clk.trk144.com/ Redirect Chain http://www.rtbdem.com/redirect.php?aff=335644&incent=0&gaid={aaid}&aff_sub=M_04eRBajXsG1PEOd35dTDiS09Q_M&idfa=1008&gaidrequired=1&id=27473526&type=CPI&adult=0&aff_sub2=4FhFz1_5TzyEHgpFQfAVGA_61_304... https://clk.trk144.com/click?o=86985673&a=86970651&sub_id=M_04eRBajXsG1PEOd35dTDiS09Q_M_rtbs1{sourceapp}_rtbs2_rtbs30ORIGIN27473526end_rtbaff335644_rtboffer27473526_rtbsub4FhFz1_5TzyEHgpFQfAVGA_61_...	335 B 475 B	225ms 162ms	Document text/html	35.186.220.166 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://clk.trk144.com/click?o=86985673&a=86970651&sub_id=M_04eRBajXsG1PEOd35dTDiS09Q_M_rtbs1{sourceapp}_rtbs2_rtbs30ORIGIN27473526end_rtbaff335644_rtboffer27473526_rtbsub4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id3=1008&sub_id2=335644_4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id5=&sub_id4={sourceapp} Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.186.220.166 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 166.220.186.35.bc.googleusercontent.com Software nginx / Resource Hash `784163954fa7cbc9f2694dd5cc5bafb3296a11f6d911217deda9c1621b9b9ef6` Request headers :method GET :authority clk.trk144.com :scheme https :path /click?o=86985673&a=86970651&sub_id=M_04eRBajXsG1PEOd35dTDiS09Q_M_rtbs1{sourceapp}_rtbs2_rtbs30ORIGIN27473526end_rtbaff335644_rtboffer27473526_rtbsub4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id3=1008&sub_id2=335644_4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id5=&sub_id4={sourceapp} pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers server nginx date Fri, 19 Mar 2021 18:04:56 GMT content-type text/html; charset=utf-8 content-length 335 x-context COPJzvkLEOcBGJuivCkgyZe9KQ via 1.1 google alt-svc clear Redirect headers Content-Type text/html; charset=UTF-8 Date Fri, 19 Mar 2021 18:04:55 GMT Location https://clk.trk144.com/click?o=86985673&a=86970651&sub_id=M_04eRBajXsG1PEOd35dTDiS09Q_M_rtbs1{sourceapp}_rtbs2_rtbs30ORIGIN27473526end_rtbaff335644_rtboffer27473526_rtbsub4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id3=1008&sub_id2=335644_4FhFz1_5TzyEHgpFQfAVGA_61_304_3062_069d1673155d1eeff8f6&sub_id5=&sub_id4={sourceapp} Server Apache/2.2.15 (CentOS) X-Powered-By PHP/5.3.3 Content-Length 2 Connection keep-alive
GET H2	200	Primary Request fantastic.html Show response cpi-offers.com/	7 KB 2 KB	218ms 70ms	Document text/html	3.121.26.234 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.121.26.234 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-121-26-234.eu-central-1.compute.amazonaws.com Software nginx/1.14.1 / Express Resource Hash `13b112486150e2862cdb599163a2f1a71c0054353420a4f8995b40da61537f44` Request headers :method GET :authority cpi-offers.com :scheme https :path /fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document referer https://clk.trk144.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://clk.trk144.com/ Response headers date Fri, 19 Mar 2021 18:05:01 GMT content-type text/html; charset=utf-8 server nginx/1.14.1 x-powered-by Express access-control-allow-origin * etag W/"1a72-5y32CiQb2NzSNSWbzGKBH/kDKgs" content-encoding gzip
GET		575137 tare.pro/go/216668/ Redirect Chain https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7&sid= https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D http://tare.pro/go/216668/575137	0 0

GET H/1.1	200 OK	click apts.trckswrm.com/	0 75 B	221ms 72ms	Stylesheet text/plain	168.119.91.228 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://apts.trckswrm.com/click?offer_id=42445&pub_id=10&pub_click_id=NCT_iphone_dk_ofid10132404_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat2_sub4_sub5&pub_sub_id=471450915&pub_sub_sub_id=915&gaid=0AC88080-356D-4DD1-BA40-FC8C5998225B&idfa=0AC88080-356D-4DD1-BA40-FC8C5998225B&app=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 168.119.91.228 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.228.91.119.168.clients.your-server.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 19 Mar 2021 18:05:01 GMT content-length 0
GET H/1.1	502 Bad Gateway	click track.themedia.site/	0 0	1185ms 205ms	Stylesheet text/html	209.99.40.222 CONFLUENCE-NETWOR...
General Check archive.org Show headers Download Go to Full URL https://track.themedia.site/click?pid=5&offer_id=50604&sub1=NCT_iphone_dk_ofid10443995_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat3_sub4_sub5&sub2=471450915_915&sub7=id500963785&sub8=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 209.99.40.222 , United States, ASN40034 (CONFLUENCE-NETWORK-INC, VG), Reverse DNS 209-99-40-222.fwd.datafoundry.com Software / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H/1.1	400 Bad Request	redirect mob.palmparadise.info/ Redirect Chain https://adcrt.trckswrm.com/click?offer_id=116033&pub_id=9&pub_click_id=NCT_iphone_dk_ofid10772629_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat4_sub4_sub5&pub_sub_id=471450915&pub_sub_sub_id=915&app=... https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid}	0 0	424ms 124ms	Stylesheet text/plain	198.134.116.30 WEBAIR-INTERNET
General Check archive.org Show headers Download Go to Full URL https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid} Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.134.116.30 Grapevine, United States, ASN27257 (WEBAIR-INTERNET, US), Reverse DNS Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Fri, 19 Mar 2021 18:05:02 GMT Cache-Control no-store Server nginx Connection keep-alive Age 0 Content-Length 38 Redirect headers location https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid} date Fri, 19 Mar 2021 18:05:01 GMT content-length 0
GET H2	404	click trk.games-to-run123.com/	0 0	450ms 144ms	Stylesheet application/json	3.226.163.49 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trk.games-to-run123.com/click?affid=47&cmpid=b1d726c4b8ee34a6&clickid=NCT_iphone_dk_ofid10334646_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat5_sub4_sub5&siteid=471450915_915 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.226.163.49 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-226-163-49.compute-1.amazonaws.com Software / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET		click ad-experience.g2afse.com/	0 0

GET H2	200	id359478823 apps.apple.com/us/app/ashley-madison-life-is-short/ Redirect Chain https://leaddaway.g2afse.com/click?pid=339&offer_id=2069608&sub1=NCT_iphone_dk_ofid8626597_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat7_sub4_sub5&sub2=471450915_915&sub5=id500963785 https://apps.apple.com/us/app/ashley-madison-life-is-short/id359478823?uo=4&at=10l9yE https://apps.apple.com/us/app/ashley-madison-life-is-short/id359478823?ign-mpt=uo%3D4	0 0	205ms 204ms	Stylesheet text/html	2a02:26f0:64:58f::2a1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://apps.apple.com/us/app/ashley-madison-life-is-short/id359478823?ign-mpt=uo%3D4 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:64:58f::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin * Redirect headers x-apple-application-site ST11 x-b3-traceid 7d9c181fe94dacea22a19f51a56489ca b3 7d9c181fe94dacea22a19f51a56489ca-52eb3abcecf06048 x-apple-aka-ttl Generated Fri Mar 19 11:05:02 PDT 2021, Expires Fri Mar 19 11:05:02 PDT 2021, TTL 0s, cache-maxage=0s pragma no-cache apple-tk false x-cache-remote TCP_MISS from a2-18-215-37.deploy.akamaitechnologies.com (AkamaiGHost/10.3.3-32878080) (-) apple-seq 0.0 x-frame-options SAMEORIGIN x-apple-partner origin.0 apple-originating-system MZStore vary X-Apple-Store-Front, Cookie, X-Apple-Store-Front, Cookie content-type text/html; charset=UTF-8 location https://apps.apple.com/us/app/ashley-madison-life-is-short/id359478823?ign-mpt=uo%3D4 cache-control max-age=0, no-cache, no-store expires Fri, 19 Mar 2021 18:05:02 GMT x-apple-jingle-correlation-key PWOBQH7JJWWOUIVBT5I2KZEJZI date Fri, 19 Mar 2021 18:05:02 GMT x-responding-instance MZStore:2179703::: x-apple-application-instance 2179703 x-daiquiri-instance daiquiri:47117001:st44p00it-hyhk16104701:7987:21RELEASE40 content-length 0 x-apple-translated-wo-url /WebObjects/MZStore.woa/wa/viewSoftware?uo=4&at=10l9yE&id=359478823&cc=us&urlDesc=/ashley-madison-life-is-short x-cache TCP_MISS from a2-20-132-31.deploy.akamaitechnologies.com (AkamaiGHost/10.3.3-32878080) (-) apple-timing-app 2 ms x-true-cache-key /L/apps.apple.com/us/app/ashley-madison-life-is-short/id359478823?at=10l9yE&uo=4Browser vcd=2897 x-apple-lokamai-no-cache true, true last-modified Fri, 19 Mar 2021 18:05:02 GMT server daiquiri/3.0.0 strict-transport-security max-age=31536000; includeSubDomains x-apple-request-uuid 7d9c181f-e94d-acea-22a1-9f51a56489ca x-b3-spanid 52eb3abcecf06048 x-apple-orig-url https://apps.apple.com/us/app/ashley-madison-life-is-short/id359478823?uo=4&at=10l9yE x-webobjects-loadaverage 0
GET		click spykemedia.g2afse.com/	0 0

GET		click valuadle.g2afse.com/	0 0

GET H2	200	id994146068 apps.apple.com/GB/app/ Redirect Chain https://lambadapp.go2affise.com/click?pid=46&offer_id=722189&sub1=NCT_iphone_dk_ofid9674862_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat10_sub4_sub5&sub2=471450915_915&sub3=id500963785 https://app.appsflyer.com/id994146068?af_siteid=46_471450915_915&af_c_id=722189&pid=lambadapp_int&af_click_lookback=7d&clickid=6054e7cdb69f42000186d497&af_sub1=26776&af_sub2=471450915_915&af_sub3=4... https://apps.apple.com/GB/app/id994146068?mt=8	0 0	1914ms 1914ms	Stylesheet text/html	2a02:26f0:64:58f::2a1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://apps.apple.com/GB/app/id994146068?mt=8 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:64:58f::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin * Redirect headers date Fri, 19 Mar 2021 18:05:02 GMT via 1.1 3e9b9356decf1aa720af0bc92acc0586.cloudfront.net (CloudFront) server http-kit x-amz-cf-pop DUS51-C1 strict-transport-security max-age=31536000; includeSubDomains x-cache Miss from cloudfront content-type application/octet-stream location https://apps.apple.com/GB/app/id994146068?mt=8 content-length 0 x-amz-cf-id tq0lVptngqeFn-XQ7_WeH0s-SjpeR5ZDWmSa0AbvQ2HevzLRoRH_Tw==
GET		click ad-experience.g2afse.com/	0 0

GET H2	200	clicks click.mnmnck.com/tracking/	14 B 146 B	241ms 102ms	Stylesheet text/html	34.120.248.84 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://click.mnmnck.com/tracking/clicks?clickid=NCT_iphone_dk_ofid10797659_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat12_sub4_sub5&trafficsource=1373671014&offerid=433832960909447313&pub_subid=471450915_915&sub_placement=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.248.84 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS Software / Express Resource Hash `32bc65c82b3dde0447bb4f5a47c6b391dc15f4dc47d17837c050c221d2e90126` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 19 Mar 2021 18:05:01 GMT via 1.1 google alt-svc clear x-powered-by Express etag W/"e-23ba03e4" content-length 14 content-type text/html; charset=utf-8
GET H2	200	clicks click.mnmnck.com/tracking/	14 B 73 B	243ms 104ms	Stylesheet text/html	34.120.248.84 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://click.mnmnck.com/tracking/clicks?clickid=NCT_iphone_dk_ofid10797656_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat13_sub4_sub5&trafficsource=1373671014&offerid=433832960909447312&pub_subid=471450915_915&sub_placement=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.248.84 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS Software / Express Resource Hash `32bc65c82b3dde0447bb4f5a47c6b391dc15f4dc47d17837c050c221d2e90126` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 19 Mar 2021 18:05:01 GMT via 1.1 google alt-svc clear x-powered-by Express etag W/"e-23ba03e4" content-length 14 content-type text/html; charset=utf-8
GET H2	200	click techido.gotrackier.com/	22 B 858 B	52ms 21ms	Stylesheet text/plain	2606:4700:20::681a:c03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://techido.gotrackier.com/click?campaign_id=21996&pub_id=44&p1=NCT_iphone_dk_ofid10457253_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat14_sub4_sub5&source=471450915_915&sub3=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:c03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1c439fcd21bab032475e5d1570615485417e6cfb202f774f9f16d77f0448d0d6` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-err CSS_REQUEST via 1.1 google cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare date Fri, 19 Mar 2021 18:05:01 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oIBS2OiJ9RcK7LppUob08pmoTev%2BdSMy%2FJq01TumKQHtJYYQD0%2F1nAngP8M%2F4bVMnjFY57VGpmI7ZLrCbkTPDUBUL1jI6q2q3OtyWv7FRx7Nc6oGBcUO8gjFsB%2FgZJYu7E%2Bo"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=utf-8 cf-request-id 08ed4293eb00002b29f28b7000000001 cf-ray 6328a0664e632b29-FRA content-length 22 x-rt 0
GET H/1.1	502 Bad Gateway	click track.themedia.site/	0 0	1193ms 209ms	Stylesheet text/html	209.99.40.222 CONFLUENCE-NETWOR...
General Check archive.org Show headers Download Go to Full URL https://track.themedia.site/click?pid=5&offer_id=54613&sub1=NCT_iphone_dk_ofid10561530_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat15_sub4_sub5&sub2=471450915_915&sub7=id500963785&sub8=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 209.99.40.222 , United States, ASN40034 (CONFLUENCE-NETWORK-INC, VG), Reverse DNS 209-99-40-222.fwd.datafoundry.com Software / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	clicks click.mnmnck.com/tracking/	14 B 73 B	241ms 103ms	Stylesheet text/html	34.120.248.84 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://click.mnmnck.com/tracking/clicks?clickid=NCT_iphone_dk_ofid10797647_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat16_sub4_sub5&trafficsource=1373671014&offerid=433832960641011853&pub_subid=471450915_915&sub_placement=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.248.84 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS Software / Express Resource Hash `32bc65c82b3dde0447bb4f5a47c6b391dc15f4dc47d17837c050c221d2e90126` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 19 Mar 2021 18:05:01 GMT via 1.1 google alt-svc clear x-powered-by Express etag W/"e-23ba03e4" content-length 14 content-type text/html; charset=utf-8
GET H2	200	click trk.interceptd.com/ Redirect Chain https://click2comm.go2affise.com/click?pid=310&offer_id=2998635&sub1=NCT_iphone_dk_ofid10731276_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat17_sub4_sub5&sub2=471450915_915&sub6=id500963785 https://track.g4s6.com/tnser/18/12072?c=&sp=310 https://trk.interceptd.com/click?source_id=TVRVM01nPT18Tm5rNGVIRldkR001Tm5CalRIUnVXUzE1ZVMwdGN6RnFabVIyYmpaRWJHOD18TVdoNGQxaE1NamRNZUZVMWFreHlkUT09&click_id=1444246197C1616177102&sub_id=&device_id=	0 0	185ms 57ms	Stylesheet application/json	52.209.87.198 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://trk.interceptd.com/click?source_id=TVRVM01nPT18Tm5rNGVIRldkR001Tm5CalRIUnVXUzE1ZVMwdGN6RnFabVIyYmpaRWJHOD18TVdoNGQxaE1NamRNZUZVMWFreHlkUT09&click_id=1444246197C1616177102&sub_id=&device_id= Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 52.209.87.198 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Redirect headers Date Fri, 19 Mar 2021 18:05:02 GMT Via track.g4s6.com Server click2commission.com Access-Control-Allow-Origin * Access-Control-Max-Age 3600 Access-Control-Allow-Methods GET, POST Content-Language en Location https://trk.interceptd.com/click?source_id=TVRVM01nPT18Tm5rNGVIRldkR001Tm5CalRIUnVXUzE1ZVMwdGN6RnFabVIyYmpaRWJHOD18TVdoNGQxaE1NamRNZUZVMWFreHlkUT09&click_id=1444246197C1616177102&sub_id=&device_id= Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Access-Control-Allow-Headers X-Requested-With Content-Length 0 Hacker Welcome!!!
GET H2	200	270040860000774a2e25.js trk35.nedo.xyz/l/ Redirect Chain https://track.paddlewaver.com/?campaign_id=4716118&publisher_id=1000044&clickid=NCT_iphone_dk_ofid10582658_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat18_sub4_sub5&channel=471450915_915&packagename=... https://tappx.g2afse.com/click?pid=511&offer_id=360294&sub1=p_1f1c807f-0f5a-47c4-c766-b5011998c2f51616177102811&sub2=1000044_471450915_915&sub4=&sub5=Run%20Race%203D https://monktraff.com/l/270040860000774a2e25?source=511_1000044_471450915_915 https://trk35.nedo.xyz/l/270040860000774a2e25.js?source=511_1000044_471450915_915	0 0	115ms 46ms	Stylesheet text/html	172.64.205.22 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk35.nedo.xyz/l/270040860000774a2e25.js?source=511_1000044_471450915_915 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.205.22 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Redirect headers date Fri, 19 Mar 2021 18:05:03 GMT nel {"max_age":604800,"report_to":"cf-nel"} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aZwbFDT8MjHa8sui1QxhJ1dRIUmSfpHuWmMeKxkGE3y%2FNlJOmYBthuDRw6HCnnE8nsqxhdimDBPWqhAkHDI9OFmxsQw5CDC9MMp9Py5JPYsomBlzCcXQs31p"}],"max_age":604800,"group":"cf-nel"} location https://trk35.nedo.xyz/l/270040860000774a2e25.js?source=511_1000044_471450915_915 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 6328a06ddf834e9e-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 08ed4298a400004e9eaa895000000001 expires Thu, 01 Jan 1970 00:00:01 GMT
GET H2	200	click pandamobi.gotrackier.com/	22 B 860 B	65ms 37ms	Stylesheet text/plain	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pandamobi.gotrackier.com/click?campaign_id=61396&pub_id=35&p1=NCT_iphone_dk_ofid10530918_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat19_sub4_sub5&source=471450915_915&p3=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1c439fcd21bab032475e5d1570615485417e6cfb202f774f9f16d77f0448d0d6` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-err CSS_REQUEST via 1.1 google cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare date Fri, 19 Mar 2021 18:05:01 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=umoRiaLfMdQA1GKDtyUJjRrOmjf24CW44jLC7pBVjae%2BP%2BKNKtaQPfieFabxzUzfZGJW2rpK6akDY71Epg3ji%2FYhHNEt%2BQjFZh2lRb0vgrZs0KaultufiBJNK%2BmmggVWl5y0b4Y%3D"}]} content-type text/plain; charset=utf-8 cf-request-id 08ed4293e900000eb77d990000000001 cf-ray 6328a06648320eb7-FRA content-length 22 x-rt 0
GET H/1.1	200 OK	click aptrt.trckswrm.com/	0 75 B	225ms 73ms	Stylesheet text/plain	168.119.91.228 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://aptrt.trckswrm.com/click?offer_id=857&pub_id=29&pub_id=29&pub_click_id=NCT_iphone_dk_ofid9524982_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat20_sub4_sub5&pub_sub_id=471450915&pub_sub_sub_id=915&app=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 168.119.91.228 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.228.91.119.168.clients.your-server.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 19 Mar 2021 18:05:01 GMT content-length 0
GET		slope poqueras.com/noid/ Redirect Chain https://appalgo.g2afse.com/click?pid=76&offer_id=76878&sub1=NCT_iphone_dk_ofid8972908_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat21_sub4_sub5&sub2=471450915_915&sub5=id500963785 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=807&cid=&sid=76&udid=&name=&info=appalgorem&blockTime=0 https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7&sid= https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D	0 0

GET H2	200	click clicks.rtad.io/tracking/	14 B 146 B	249ms 105ms	Stylesheet text/html	35.190.77.108 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://clicks.rtad.io/tracking/click?clickid=NCT_iphone_dk_ofid10797872_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat22_sub4_sub5&trafficsource=1373692397&offerid=433321365611444387&pub_subid=471450915_915&sub_placement=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.77.108 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 108.77.190.35.bc.googleusercontent.com Software / Express Resource Hash `32bc65c82b3dde0447bb4f5a47c6b391dc15f4dc47d17837c050c221d2e90126` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 19 Mar 2021 18:05:01 GMT via 1.1 google alt-svc clear x-powered-by Express etag W/"e-23ba03e4" content-length 14 content-type text/html; charset=utf-8
GET H/1.1	200 OK	click aptrt.trckswrm.com/	0 75 B	225ms 73ms	Stylesheet text/plain	168.119.91.228 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://aptrt.trckswrm.com/click?offer_id=8626&pub_id=44&pub_click_id=NCT_iphone_dk_ofid10443962_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat23_sub4_sub5&pub_sub_id=471450915&pub_sub_sub_id=915&gaid=0AC88080-356D-4DD1-BA40-FC8C5998225B&idfa=0AC88080-356D-4DD1-BA40-FC8C5998225B&app=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 168.119.91.228 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.228.91.119.168.clients.your-server.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 19 Mar 2021 18:05:01 GMT content-length 0
GET		click apptrust.g2afse.com/ Redirect Chain https://click.appmultiple.net/tracking/click?clickid=NCT_iphone_dk_ofid8954322_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat24_sub4_sub5&trafficsource=1373697408&offerid=431021463505358918&sub_placem... https://apptrust.g2afse.com/click?pid=109&offer_id=408832&sub1=1616177102000V22&sub2=NV9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_26221649133505112193616&sub3=&sub4=id500963785	0 0

GET		click mobee.g2afse.com/ Redirect Chain https://lambadapp.go2affise.com/click?pid=46&offer_id=3818039&sub1=NCT_iphone_dk_ofid10773680_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat25_sub4_sub5&sub2=471450915_915&sub3=id500963785 https://mobee.g2afse.com/click?pid=4&offer_id=876454 https://mobee.g2afse.com/click?pid=27&offer_id=1910753	0 0

GET		click appscogent.g2afse.com/	0 0

GET H/1.1	400 Bad Request	redirect mob.palmparadise.info/ Redirect Chain https://adcrt.trckswrm.com/click?offer_id=116033&pub_id=9&pub_click_id=NCT_iphone_dk_ofid10772629_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat4_sub4_sub5&pub_sub_id=471450915&pub_sub_sub_id=915&app=... https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid}	0 0	115ms 114ms	Stylesheet text/plain	198.134.116.30 WEBAIR-INTERNET
General Check archive.org Show headers Download Go to Full URL https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid} Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.134.116.30 Grapevine, United States, ASN27257 (WEBAIR-INTERNET, US), Reverse DNS Software nginx / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Fri, 19 Mar 2021 18:05:03 GMT Cache-Control no-store Server nginx Connection keep-alive Age 0 Content-Length 38 Redirect headers location https://mob.palmparadise.info/redirect?feed=216775&auth=ebuQy0&url=https%3A%2F%2Fmobilenews.top&subid={sub1}_{sub2}&query=https%3A%2F%2Fmobilenews.top&pub_clickid={clickid} date Fri, 19 Mar 2021 18:05:02 GMT content-length 0
GET H2	404	click trk.games-to-run123.com/	0 0	110ms 109ms	Stylesheet application/json	3.226.163.49 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://trk.games-to-run123.com/click?affid=47&cmpid=b1d726c4b8ee34a6&clickid=NCT_iphone_dk_ofid10334646_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat5_sub4_sub5&siteid=471450915_915 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.226.163.49 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-226-163-49.compute-1.amazonaws.com Software / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET		sl ad-experience.g2afse.com/ Redirect Chain https://ad-experience.g2afse.com/click?pid=2&offer_id=490787&sub1=NCT_iphone_dk_ofid10700941_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat6_sub4_sub5&sub2=471450915_915&sub5=id500963785 http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=490787&sub3=2	0 0

GET		disabled.html spykemedia.g2afse.com/ Redirect Chain https://spykemedia.g2afse.com/click?pid=606&offer_id=1146589&sub1=NCT_iphone_dk_ofid10542515_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat8_sub4_sub5&sub2=471450915_915&sub4=471450915_915&sub3=%E7%94... http://spykemedia.g2afse.com/disabled.html	0 0

GET		disabled.html valuadle.g2afse.com/ Redirect Chain https://valuadle.g2afse.com/click?pid=11&offer_id=302112&sub1=NCT_iphone_dk_ofid10711966_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat9_sub4_sub5&sub2=471450915_915&sub3=id500963785 http://valuadle.g2afse.com/disabled.html	0 0

GET		sl ad-experience.g2afse.com/ Redirect Chain https://ad-experience.g2afse.com/click?pid=2&offer_id=307517&sub1=NCT_iphone_dk_ofid10663636_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat11_sub4_sub5&sub2=471450915_915&sub5=id500963785 http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=307517&sub3=2	0 0

GET H/1.1	502 Bad Gateway	click track.themedia.site/	0 0	1358ms 209ms	Stylesheet text/html	209.99.40.222 CONFLUENCE-NETWOR...
General Check archive.org Show headers Download Go to Full URL https://track.themedia.site/click?pid=5&offer_id=54613&sub1=NCT_iphone_dk_ofid10561530_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat15_sub4_sub5&sub2=471450915_915&sub7=id500963785&sub8=id500963785 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 209.99.40.222 , United States, ASN40034 (CONFLUENCE-NETWORK-INC, VG), Reverse DNS 209-99-40-222.fwd.datafoundry.com Software / Resource Hash Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	click clicks.rtad.io/tracking/ Redirect Chain https://appalgo.g2afse.com/click?pid=76&offer_id=76878&sub1=NCT_iphone_dk_ofid8972908_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat21_sub4_sub5&sub2=471450915_915&sub5=id500963785 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=807&cid=&sid=76&udid=&name=&info=appalgorem&blockTime=0 https://clicks.rtad.io/tracking/click?clickid=NCT_iphone_dk_ofid10795495_pid616_sub1_sub276_sub3appalgorem_nat11_sub4_sub5&trafficsource=1373692397&offerid=433832960909447310&pub_subid=471450616_76...	0 41 B	90ms 90ms	Stylesheet text/plain	35.190.77.108 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://clicks.rtad.io/tracking/click?clickid=NCT_iphone_dk_ofid10795495_pid616_sub1_sub276_sub3appalgorem_nat11_sub4_sub5&trafficsource=1373692397&offerid=433832960909447310&pub_subid=471450616_76&sub_placement=id587366035 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=915&cid={clickid}&sid={pid}&udid=&name=&info=EdgeSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.77.108 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 108.77.190.35.bc.googleusercontent.com Software / Express Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 19 Mar 2021 18:05:05 GMT via 1.1 google x-powered-by Express alt-svc clear content-length 0 Redirect headers date Fri, 19 Mar 2021 18:05:05 GMT server nginx/1.14.1 location https://clicks.rtad.io/tracking/click?clickid=NCT_iphone_dk_ofid10795495_pid616_sub1_sub276_sub3appalgorem_nat11_sub4_sub5&trafficsource=1373692397&offerid=433832960909447310&pub_subid=471450616_76&sub_placement=id587366035 x-powered-by Express vary Accept content-type text/plain; charset=utf-8 access-control-allow-origin * content-length 245
GET		disabled.html apptrust.g2afse.com/ Redirect Chain https://click.appmultiple.net/tracking/click?clickid=NCT_iphone_dk_ofid8954322_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat24_sub4_sub5&trafficsource=1373697408&offerid=431021463505358918&sub_placem... https://apptrust.g2afse.com/click?pid=109&offer_id=408832&sub1=1616177105000R4754&sub2=NV9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_262216491335051123816&sub3=&sub4=id500963785 http://apptrust.g2afse.com/disabled.html	0 0

GET		redirect xml.blueparrot.media/ Redirect Chain https://lambadapp.go2affise.com/click?pid=46&offer_id=3818039&sub1=NCT_iphone_dk_ofid10773680_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat25_sub4_sub5&sub2=471450915_915&sub3=id500963785 https://mobee.g2afse.com/click?pid=4&offer_id=876454 https://mobee.g2afse.com/click?pid=27&offer_id=1910753 http://xml.blueparrot.media/redirect?feed=223869&auth=9tpPZk&url=http://www.google.com&subid=27_	0 0

GET		disabled.html appscogent.g2afse.com/ Redirect Chain https://appscogent.g2afse.com/click?pid=27&offer_id=345889&sub1=NCT_iphone_dk_ofid10683446_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat26_sub4_sub5&sub2=471450915_915&sub5=id500963785 http://appscogent.g2afse.com/disabled.html	0 0

GET		575137 tare.pro/go/216668/ Redirect Chain https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D https://bercioles.com/redirect?id=17&auth=abe0e77e653da047d2457a45516d1c9ea12ae3b7&sid= https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D http://tare.pro/go/216668/575137	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tare.pro
URL: http://tare.pro/go/216668/575137

Domain: ad-experience.g2afse.com
URL: https://ad-experience.g2afse.com/click?pid=2&offer_id=490787&sub1=NCT_iphone_dk_ofid10700941_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat6_sub4_sub5&sub2=471450915_915&sub5=id500963785

Domain: spykemedia.g2afse.com
URL: https://spykemedia.g2afse.com/click?pid=606&offer_id=1146589&sub1=NCT_iphone_dk_ofid10542515_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat8_sub4_sub5&sub2=471450915_915&sub4=471450915_915&sub3=%E7%94%9F%E7%90%86%E3%82%AB%E3%83%AC%E3%83%B3%E3%83%80%20Lite%20%28Period%20Tracker%29

Domain: valuadle.g2afse.com
URL: https://valuadle.g2afse.com/click?pid=11&offer_id=302112&sub1=NCT_iphone_dk_ofid10711966_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat9_sub4_sub5&sub2=471450915_915&sub3=id500963785

Domain: ad-experience.g2afse.com
URL: https://ad-experience.g2afse.com/click?pid=2&offer_id=307517&sub1=NCT_iphone_dk_ofid10663636_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat11_sub4_sub5&sub2=471450915_915&sub5=id500963785

Domain: poqueras.com
URL: https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D

Domain: apptrust.g2afse.com
URL: https://apptrust.g2afse.com/click?pid=109&offer_id=408832&sub1=1616177102000V22&sub2=NV9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_26221649133505112193616&sub3=&sub4=id500963785

Domain: mobee.g2afse.com
URL: https://mobee.g2afse.com/click?pid=27&offer_id=1910753

Domain: appscogent.g2afse.com
URL: https://appscogent.g2afse.com/click?pid=27&offer_id=345889&sub1=NCT_iphone_dk_ofid10683446_pid915_sub1{clickid}_sub2915_sub3EdgeSL_nat26_sub4_sub5&sub2=471450915_915&sub5=id500963785

Domain: ad-experience.g2afse.com
URL: http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=490787&sub3=2

Domain: spykemedia.g2afse.com
URL: http://spykemedia.g2afse.com/disabled.html

Domain: valuadle.g2afse.com
URL: http://valuadle.g2afse.com/disabled.html

Domain: ad-experience.g2afse.com
URL: http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=307517&sub3=2

Domain: apptrust.g2afse.com
URL: http://apptrust.g2afse.com/disabled.html

Domain: xml.blueparrot.media
URL: http://xml.blueparrot.media/redirect?feed=223869&auth=9tpPZk&url=http://www.google.com&subid=27_

Domain: appscogent.g2afse.com
URL: http://appscogent.g2afse.com/disabled.html

Domain: tare.pro
URL: http://tare.pro/go/216668/575137

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-experience.g2afse.com
adcrt.trckswrm.com
app.appsflyer.com
appalgo.g2afse.com
apps.apple.com
appscogent.g2afse.com
apptrust.g2afse.com
aptrt.trckswrm.com
apts.trckswrm.com
click.mnmnck.com
click2comm.go2affise.com
clicks.rtad.io
clk.trk144.com
cpi-offers.com
lambadapp.go2affise.com
leaddaway.g2afse.com
mob.palmparadise.info
mobee.g2afse.com
monktraff.com
pandamobi.gotrackier.com
poqueras.com
spykemedia.g2afse.com
tappx.g2afse.com
tare.pro
techido.gotrackier.com
track.g4s6.com
track.paddlewaver.com
track.themedia.site
trk.games-to-run123.com
trk.interceptd.com
trk35.nedo.xyz
valuadle.g2afse.com
www.rtbdem.com
xml.blueparrot.media
ad-experience.g2afse.com
appscogent.g2afse.com
apptrust.g2afse.com
mobee.g2afse.com
poqueras.com
spykemedia.g2afse.com
tare.pro
valuadle.g2afse.com
xml.blueparrot.media
13.226.134.232
13.250.217.240
13.251.242.229
136.243.5.28
168.119.91.228
172.64.205.22
198.134.116.30
209.99.40.222
213.227.134.196
213.227.134.236
213.227.135.209
213.227.135.211
213.227.156.11
2606:4700:20::681a:c03
2606:4700:20::681a:d03
2606:4700:3031::6815:1fc9
2a02:26f0:64:58f::2a1
3.121.26.234
3.226.163.49
34.120.248.84
34.200.173.192
35.186.220.166
35.190.77.108
52.209.87.198
13b112486150e2862cdb599163a2f1a71c0054353420a4f8995b40da61537f44
1c439fcd21bab032475e5d1570615485417e6cfb202f774f9f16d77f0448d0d6
32bc65c82b3dde0447bb4f5a47c6b391dc15f4dc47d17837c050c221d2e90126
784163954fa7cbc9f2694dd5cc5bafb3296a11f6d911217deda9c1621b9b9ef6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

cpi-offers.com Open in urlscan Pro 3.121.26.234 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

40 Requests

50 %HTTPS

17 %IPv6

22 Domains

34 Subdomains

14 IPs

5 Countries

4 kBTransfer

7 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

cpi-offers.com Open in urlscan Pro
3.121.26.234 Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

50 %
HTTPS

17 %
IPv6

22
Domains

34
Subdomains

14
IPs

5
Countries

4 kB
Transfer

7 kB
Size

0
Cookies

40 HTTP transactions
0 data transactions