cpi-offers.com Open in urlscan Pro
18.185.186.177 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://gurmob.g2afse.com/click?pid=249&offer_id=1684
Effective URL:
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&nam...
Submission: On April 06 via manual (April 6th 2021, 4:21:58 pm UTC) from US

Summary HTTP 37 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 6 countries across 25 domains to perform 37 HTTP transactions. The main IP is 18.185.186.177, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is cpi-offers.com.
TLS certificate: Issued by Amazon on November 25th 2020. Valid for: a year.

This is the only time cpi-offers.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	213.227.134.198 213.227.134.198	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 2	18.185.186.177 18.185.186.177	16509 (AMAZON-02) (AMAZON-02)
1 1	213.227.135.235 213.227.135.235	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	213.227.156.13 213.227.156.13	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
3 3	213.227.135.229 213.227.135.229	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	136.243.10.27 136.243.10.27	24940 (HETZNER-AS) (HETZNER-AS)
4	168.119.91.184 168.119.91.184	24940 (HETZNER-AS) (HETZNER-AS)
1 1	3.228.216.108 3.228.216.108	14618 (AMAZON-AES) (AMAZON-AES)
1	52.16.53.124 52.16.53.124	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:303... 2606:4700:3039::6815:c009	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	13.251.242.229 13.251.242.229	16509 (AMAZON-02) (AMAZON-02)
1 1	213.227.135.231 213.227.135.231	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	95.168.187.2 95.168.187.2	205544 (LEASEWEB-...) (LEASEWEB-UK-LON-11)
1 1	35.244.190.228 35.244.190.228	15169 (GOOGLE) (GOOGLE)
1 1	213.227.134.238 213.227.134.238	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	2606:4700:303... 2606:4700:3030::ac43:b3ef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.64.205.22 172.64.205.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	213.227.134.196 213.227.134.196	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	198.134.116.30 198.134.116.30	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	2606:4700:303... 2606:4700:3035::6815:cbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	148.251.132.216 148.251.132.216	24940 (HETZNER-AS) (HETZNER-AS)
37	8

1 213.227.134.198 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

gurmob.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.186.177 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-186-177.eu-central-1.compute.amazonaws.com

cpi-offers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.135.235 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

digitalfuture.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.227.156.13 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

biggerpicture.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.227.135.229 (Netherlands) 3 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

appmedia.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
click2comm.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 136.243.10.27 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.27.10.243.136.clients.your-server.de

track.hexcan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 168.119.91.184 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.184.91.119.168.clients.your-server.de

aptrt.trckswrm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.mynewrotationlink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.228.216.108 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

track.g4s6.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.53.124 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

trk.interceptd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3039::6815:c009 (United States)

ASN13335 (CLOUDFLARENET, US)

pandamobi.gotrackier.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.251.242.229 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02, US)

track.paddlewaver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.135.231 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

marlinads.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.168.187.2 (London, United Kingdom) 1 redirects

ASN205544 (LEASEWEB-UK-LON-11, GB)

tracking.appxigo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.190.228 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

click.appmultiple.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.134.238 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

go.xtraperfnow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:b3ef (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

monktraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.205.22 (United States)

ASN13335 (CLOUDFLARENET, US)

trk143.nedo.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.227.134.196 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

amazus.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.134.116.30 (Grapevine, United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

go.coralreefs.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:cbc (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

maryaravyne.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 148.251.132.216 (Germany)

ASN24940 (HETZNER-AS, DE)

apts.trckswrm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	g2afse.com 8 redirects gurmob.g2afse.com digitalfuture.g2afse.com biggerpicture.g2afse.com appmedia.g2afse.com apptastic.g2afse.com Failed ad-experience.g2afse.com Failed marlinads.g2afse.com amazus.g2afse.com apply.g2afse.com Failed bondika.g2afse.com Failed zorkamarket.g2afse.com Failed	2 KB
5	trckswrm.com aptrt.trckswrm.com apts.trckswrm.com	375 B
2	nedo.xyz trk143.nedo.xyz
2	mynewrotationlink.com www.mynewrotationlink.com	150 B
2	paddlewaver.com 2 redirects track.paddlewaver.com	1 KB
2	hexcan.com track.hexcan.com
2	cpi-offers.com 1 redirects cpi-offers.com	2 KB
1	maryaravyne.com 1 redirects maryaravyne.com	656 B
1	coralreefs.xyz 1 redirects go.coralreefs.xyz	213 B
1	monktraff.com 1 redirects monktraff.com	688 B
1	xtraperfnow.com 1 redirects go.xtraperfnow.com	146 B
1	appmultiple.net 1 redirects click.appmultiple.net	218 B
1	appxigo.com 1 redirects tracking.appxigo.com	358 B
1	gotrackier.com pandamobi.gotrackier.com	863 B
1	interceptd.com trk.interceptd.com
1	g4s6.com 1 redirects track.g4s6.com	1 KB
1	go2affise.com 1 redirects click2comm.go2affise.com lambadapp.go2affise.com Failed cellonltd.go2affise.com Failed	84 B
0	mnmnck.com Failed click.mnmnck.com Failed
0	tare.pro Failed tare.pro Failed
0	armorads.com Failed tracking.armorads.com Failed
0	trackuhub.com Failed t2.trackuhub.com Failed
0	lucazepa.com Failed lucazepa.com Failed
0	themedia.site Failed track.themedia.site Failed
0	zappiering.com Failed zappiering.com Failed
0	trackuamedia.com Failed t2.trackuamedia.com Failed
37	25

	Domain	Requested by
3	apts.trckswrm.com	cpi-offers.com
2	trk143.nedo.xyz	cpi-offers.com
2	www.mynewrotationlink.com	cpi-offers.com
2	track.paddlewaver.com	2 redirects
2	aptrt.trckswrm.com	cpi-offers.com
2	track.hexcan.com	cpi-offers.com
2	appmedia.g2afse.com	2 redirects
2	biggerpicture.g2afse.com	2 redirects cpi-offers.com
2	cpi-offers.com	1 redirects
1	maryaravyne.com	1 redirects
1	go.coralreefs.xyz	1 redirects
1	amazus.g2afse.com	1 redirects
1	monktraff.com	1 redirects
1	go.xtraperfnow.com	1 redirects
1	click.appmultiple.net	1 redirects
1	tracking.appxigo.com	1 redirects
1	marlinads.g2afse.com	1 redirects
1	pandamobi.gotrackier.com	cpi-offers.com
1	trk.interceptd.com	cpi-offers.com
1	track.g4s6.com	1 redirects
1	click2comm.go2affise.com	1 redirects
1	digitalfuture.g2afse.com	1 redirects
1	gurmob.g2afse.com	1 redirects
0	zorkamarket.g2afse.com Failed	cpi-offers.com
0	click.mnmnck.com Failed	cpi-offers.com
0	tare.pro Failed	cpi-offers.com
0	tracking.armorads.com Failed	cpi-offers.com
0	t2.trackuhub.com Failed	cpi-offers.com
0	lucazepa.com Failed	cpi-offers.com
0	bondika.g2afse.com Failed	cpi-offers.com
0	cellonltd.go2affise.com Failed	cpi-offers.com
0	apply.g2afse.com Failed	cpi-offers.com
0	track.themedia.site Failed	cpi-offers.com
0	lambadapp.go2affise.com Failed	cpi-offers.com
0	ad-experience.g2afse.com Failed	cpi-offers.com
0	zappiering.com Failed	cpi-offers.com
0	apptastic.g2afse.com Failed	cpi-offers.com
0	t2.trackuamedia.com Failed	cpi-offers.com
37	38

This site contains no links.

Subject Issuer	Validity	Valid
cpi-offers.com Amazon	`2020-11-25` - `2021-12-24`	a year	crt.sh
track.hexcan.com R3	`2021-03-15` - `2021-06-13`	3 months	crt.sh
aptrt.trckswrm.com R3	`2021-01-29` - `2021-04-29`	3 months	crt.sh
trk.interceptd.com DigiCert ECC Secure Server CA	`2020-02-18` - `2022-02-22`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-09` - `2021-07-09`	a year	crt.sh
www.mynewrotationlink.com R3	`2021-02-10` - `2021-05-11`	3 months	crt.sh
apts.trckswrm.com R3	`2021-01-13` - `2021-04-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0
Frame ID: 4FD49F773584BC354910AED2E4130173
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://gurmob.g2afse.com/click?pid=249&offer_id=1684 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e00013523... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

37
Requests

38 %
HTTPS

14 %
IPv6

25
Domains

38
Subdomains

8
IPs

6
Countries

3 kB
Transfer

7 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://gurmob.g2afse.com/click?pid=249&offer_id=1684 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://digitalfuture.g2afse.com/click?pid=2&offer_id=1315701&sub1=NCT_iphone_ch_ofid10864567_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat1_sub4_sub5&sub2=889170913_249&sub5=id1423046460 HTTP 302
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=886&cid=&sid=2&udid=&name=&info=ElishaSL&blockTime=0 HTTP 302
https://biggerpicture.g2afse.com/click?pid=52&offer_id=187319&sub5=NCT_iphone_ch_ofid10874432_pid616_sub1_sub22_sub3ElishaSL_nat3_sub4_sub5&sub1=889170616_2&sub3=id730623682 HTTP 302
https://appmedia.g2afse.com/click?pid=239&offer_id=1867827&sub1=606c8a9675ea850001307e09&sub2=52_889170616_2&sub3=id730623682&sub4= HTTP 302
https://track.hexcan.com/?aff_id=390925&offer_id=3629622&aff_sub=606c8a96d80b9200013ea064-239&aff_sub2=239_52_889170616_2&aff_sub3=id730623682&idfa=

Request Chain 2

https://biggerpicture.g2afse.com/click?pid=52&offer_id=187319&sub5=NCT_iphone_ch_ofid10874432_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat3_sub4_sub5&sub1=889170913_249&sub3=id1423046460 HTTP 302
https://appmedia.g2afse.com/click?pid=239&offer_id=1867827&sub1=606c8a96b1e3330001e44a65&sub2=52_889170913_249&sub3=id1423046460&sub4= HTTP 302
https://track.hexcan.com/?aff_id=390925&offer_id=3629622&aff_sub=606c8a964290cd0001b5ad82-239&aff_sub2=239_52_889170913_249&aff_sub3=id1423046460&idfa=

Request Chain 3

https://click2comm.go2affise.com/click?pid=310&offer_id=2937127&sub1=NCT_iphone_ch_ofid10527173_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat4_sub4_sub5&sub2=889170913_249&sub6=id1423046460 HTTP 302
https://track.g4s6.com/tnser/18/12072?c=&sp=310 HTTP 302
https://trk.interceptd.com/click?source_id=TVRVM01nPT18Tm5rNGVIRldkR001Tm5CalRIUnVXUzE1ZVMwdGN6RnFabVIyYmpaRWJHOD18TVdoNGQxaE1NamRNZUZVMWFreHlkUT09&click_id=1758926398C1617726102&sub_id=&device_id=

Request Chain 8

https://biggerpicture.g2afse.com/click?pid=52&offer_id=190492&sub5=NCT_iphone_ch_ofid10950676_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat9_sub4_sub5&sub1=889170913_249&sub3=id1423046460 HTTP 302
https://biggerpicture.g2afse.com/click?pid=1&offer_id=188

Request Chain 9

https://md412.trckswrm.com/click?offer_id=98903&pub_id=10&pub_click_id=NCT_iphone_ch_ofid10839268_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat10_sub4_sub5&pub_sub_id=889170913&pub_sub_sub_id=249&app=id1423046460 HTTP 302
https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AqW656wAAAF4p_1aRwABglcAAAAKAAAAAA

Request Chain 12

https://track.paddlewaver.com/?campaign_id=4821836&publisher_id=1000044&clickid=NCT_iphone_ch_ofid10903656_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat13_sub4_sub5&channel=889170913_249&packagename=id1423046460&appname=id1423046460 HTTP 302
https://marlinads.g2afse.com/click?pid=61&offer_id=43583&sub1=p_869145ee-14d3-4d1d-cd63-0b36f1d04cf21617726102597&sub2=1000044_889170913_249&sub3=&sub4=&sub5=Run%20Race%203D&sub6=en-US&ip=185.156.175.107&uagent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36 HTTP 302
https://tracking.appxigo.com/click/17972/370?ref_id=606c8a97530db70001476564&sub_pub=61&device_id=_&app_name=Run%20Race%203D&creative_id=en-US HTTP 302
https://www.mynewrotationlink.com/click?offer_id=129&pub_id=54&pub_click_id=606c8a9769f253501147a6bd&pub_sub_id=370&pub_sub_sub_id=61&app=Run+Race+3D&app_store_id=Run+Race+3D&idfa=_&gaid=_

Request Chain 14

https://click.appmultiple.net/tracking/click?clickid=NCT_iphone_ch_ofid10968865_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat15_sub4_sub5&trafficsource=1373697408&offerid=433413723782893395&sub_placement=id1423046460&pub_subid=889170913_249 HTTP 302
https://go.xtraperfnow.com/click?pid=302&offer_id=395080&sub1=1617726102000R499&sub2=Ml9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_2622164913350511251016&sub3=&sub5=id1423046460 HTTP 302
https://monktraff.com/l/270040860000774a2e25?source=302_Ml9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_2622164913350511251016 HTTP 302
https://trk143.nedo.xyz/l/270040860000774a2e25.js?source=302_Ml9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_2622164913350511251016

Request Chain 15

https://amazus.g2afse.com/click?pid=4&offer_id=146&sub1=NCT_iphone_ch_ofid10912070_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat16_sub4_sub5&sub2=889170913_249&sub3=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&sub4=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&sub5=id1423046460 HTTP 302
https://go.coralreefs.xyz/redirect?feed=257052&auth=ebuQy0&url=https%3A%2F%2Fnewsverse.top&subid=4_889170913_249&query=https%3A%2F%2Fnewsverse.top&pub_clickid= HTTP 302
https://maryaravyne.com/l/270053360191cdeb14f6?sub=0123456789&source=257052&sub2=ak2 HTTP 302
https://trk143.nedo.xyz/l/270053360191cdeb14f6.js?sub=0123456789&source=257052&sub2=ak2

Request Chain 19

https://cellonltd.g2afse.com/click?pid=43&offer_id=1047712&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460 HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6= HTTP 302
https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6=

Request Chain 22

https://track.paddlewaver.com/?campaign_id=4670251&publisher_id=1000044&clickid=NCT_iphone_ch_ofid10435340_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat23_sub4_sub5&channel=889170913_249&gaid=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&idfa=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&packagename=id1423046460&appname=id1423046460 HTTP 302
https://www.mynewrotationlink.com/click?offer_id=70&pub_id=168&pub_click_id=p_63bb7c05-cee5-452b-c590-cc8c4e6288241617726102603&pub_sub_id=1000044&pub_sub_sub_id=889170913_249&app=Run%20Race%203D&app_store_id={packaganame}&idfa=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&gaid=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&user_ip=185.156.175.107&user_ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&user_language=en-US

Request Chain 25

https://t2.trackuamedia.com/click?pid=141&offer_id=4664&sub2=889170913_249&sub3=NCT_iphone_ch_ofid7842578_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat5_sub4_sub5&sub4=id1423046460 HTTP 0
http://t2.trackuhub.com/sl?id=5fff140d3d250a8e23c15d98&pid=1&sub2=141_889170913_249&sub1=&sub5=&sub3=NCT_iphone_ch_ofid7842578_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat5_sub4_sub5

Request Chain 26

https://apptastic.g2afse.com/click?pid=46&offer_id=4331787&sub1=NCT_iphone_ch_ofid10058628_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat6_sub4_sub5&sub2=889170913_249&sub4=id1423046460 HTTP 0
http://apptastic.g2afse.com/sl?id=5ed0ee1c96f015dc9b166976&pid=192&sub1=CH&sub2=4331787&sub3=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&sub4=185.156.175.107&sub5=46

Request Chain 27

https://biggerpicture.g2afse.com/click?pid=52&offer_id=190492&sub5=NCT_iphone_ch_ofid10950676_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat9_sub4_sub5&sub1=889170913_249&sub3=id1423046460 HTTP 302
https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 0
http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=145&sub1=BP01_&sub2=1&sub3=

Request Chain 28

https://md412.trckswrm.com/click?offer_id=98903&pub_id=10&pub_click_id=NCT_iphone_ch_ofid10839268_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat10_sub4_sub5&pub_sub_id=889170913&pub_sub_sub_id=249&app=id1423046460 HTTP 302
https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AqQVTlUAAAF4p_1doQABglcAAAAKAAAAAA HTTP 0
http://tare.pro/go/216668/575137

Request Chain 29

https://ad-experience.g2afse.com/click?pid=2&offer_id=554855&sub1=NCT_iphone_ch_ofid10825972_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat11_sub4_sub5&sub2=889170913_249&sub5=id1423046460 HTTP 0
http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=554855&sub3=2

Request Chain 30

https://lambadapp.go2affise.com/click?pid=46&offer_id=3844789&sub1=NCT_iphone_ch_ofid10927983_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat12_sub4_sub5&sub2=889170913_249&sub3=id1423046460 HTTP 0
http://click.mnmnck.com/tracking/clicks?clickid=606c8a975aa8470001e36865&trafficsource=1373696237&offerid=433947574796105698&pub_subid=46_889170913_249&sub_placement=id1423046460&idfa=&gaid=

Request Chain 31

https://track.themedia.site/click?pid=5&offer_id=59061&sub1=NCT_iphone_ch_ofid10710822_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat14_sub4_sub5&sub2=889170913_249&sub7=id1423046460&sub8=id1423046460 HTTP 0
http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Request Chain 32

https://apply.g2afse.com/click?pid=3&offer_id=122183&sub1=NCT_iphone_ch_ofid10974358_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat17_sub4_sub5&sub4=id1423046460&sub2=889170913_249 HTTP 0
http://apply.g2afse.com/sl?id=5f77265a1a6e4b1879225258&pid=14

Request Chain 33

https://track.themedia.site/click?pid=5&offer_id=66462&sub1=NCT_iphone_ch_ofid10935521_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat19_sub4_sub5&sub2=889170913_249&sub7=id1423046460&sub8=id1423046460 HTTP 0
http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Request Chain 34

https://bondika.g2afse.com/click?pid=2&offer_id=23307&sub1=889170913&sub2=249&sub3=NCT_iphone_ch_ofid6543649_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat24_sub4_sub5&sub5=id1423046460 HTTP 0
http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=139&sub1=&sub2=2&sub3=889170913

Request Chain 35

https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D HTTP 0
http://tare.pro/go/216668/575137

37 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request fantastic.html Show response cpi-offers.com/ Redirect Chain http://gurmob.g2afse.com/click?pid=249&offer_id=1684 https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0	6 KB 1 KB	99ms 43ms	Document text/html	18.185.186.177 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.185.186.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-185-186-177.eu-central-1.compute.amazonaws.com Software nginx/1.14.1 / Express Resource Hash `a66c60826c31741c448d59f52821291f29193eff529ab2b2910c90c903d8a8ca` Request headers :method GET :authority cpi-offers.com :scheme https :path /fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Apr 2021 16:21:41 GMT content-type text/html; charset=utf-8 server nginx/1.14.1 x-powered-by Express access-control-allow-origin * etag W/"19ef-zN1G7quWO3Eef4kZ1W+b+7AdIZ0" content-encoding gzip Redirect headers Server nginx Date Tue, 06 Apr 2021 16:21:41 GMT Content-Length 0 Connection keep-alive Location https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Set-Cookie afclick=606c8a954fa45e0001352372; expires=Wed, 06 Apr 2022 16:21:41 GMT; secure; SameSite=None
GET H/1.1	200 OK	/ track.hexcan.com/ Redirect Chain https://digitalfuture.g2afse.com/click?pid=2&offer_id=1315701&sub1=NCT_iphone_ch_ofid10864567_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat1_sub4_sub5&sub2=889170913_249&sub5=id14230... https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=886&cid=&sid=2&udid=&name=&info=ElishaSL&blockTime=0 https://biggerpicture.g2afse.com/click?pid=52&offer_id=187319&sub5=NCT_iphone_ch_ofid10874432_pid616_sub1_sub22_sub3ElishaSL_nat3_sub4_sub5&sub1=889170616_2&sub3=id730623682 https://appmedia.g2afse.com/click?pid=239&offer_id=1867827&sub1=606c8a9675ea850001307e09&sub2=52_889170616_2&sub3=id730623682&sub4= https://track.hexcan.com/?aff_id=390925&offer_id=3629622&aff_sub=606c8a96d80b9200013ea064-239&aff_sub2=239_52_889170616_2&aff_sub3=id730623682&idfa=	0 0	126ms 46ms	Stylesheet text/html	136.243.10.27 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://track.hexcan.com/?aff_id=390925&offer_id=3629622&aff_sub=606c8a96d80b9200013ea064-239&aff_sub2=239_52_889170616_2&aff_sub3=id730623682&idfa= Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 136.243.10.27 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.27.10.243.136.clients.your-server.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Redirect headers location https://track.hexcan.com/?aff_id=390925&offer_id=3629622&aff_sub=606c8a96d80b9200013ea064-239&aff_sub2=239_52_889170616_2&aff_sub3=id730623682&idfa= date Tue, 06 Apr 2021 16:21:42 GMT server nginx content-length 0
GET H/1.1	200 OK	click aptrt.trckswrm.com/	0 75 B	127ms 46ms	Stylesheet text/plain	168.119.91.184 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://aptrt.trckswrm.com/click?offer_id=423&pub_id=44&pub_click_id=NCT_iphone_ch_ofid10449139_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat2_sub4_sub5&pub_sub_id=889170913&pub_sub_sub_id=249&app=id1423046460 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 168.119.91.184 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.184.91.119.168.clients.your-server.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Apr 2021 16:21:42 GMT content-length 0
GET H/1.1	200 OK	/ track.hexcan.com/ Redirect Chain https://biggerpicture.g2afse.com/click?pid=52&offer_id=187319&sub5=NCT_iphone_ch_ofid10874432_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat3_sub4_sub5&sub1=889170913_249&sub3=id14230... https://appmedia.g2afse.com/click?pid=239&offer_id=1867827&sub1=606c8a96b1e3330001e44a65&sub2=52_889170913_249&sub3=id1423046460&sub4= https://track.hexcan.com/?aff_id=390925&offer_id=3629622&aff_sub=606c8a964290cd0001b5ad82-239&aff_sub2=239_52_889170913_249&aff_sub3=id1423046460&idfa=	0 0	126ms 46ms	Stylesheet text/html	136.243.10.27 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://track.hexcan.com/?aff_id=390925&offer_id=3629622&aff_sub=606c8a964290cd0001b5ad82-239&aff_sub2=239_52_889170913_249&aff_sub3=id1423046460&idfa= Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 136.243.10.27 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.27.10.243.136.clients.your-server.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Redirect headers location https://track.hexcan.com/?aff_id=390925&offer_id=3629622&aff_sub=606c8a964290cd0001b5ad82-239&aff_sub2=239_52_889170913_249&aff_sub3=id1423046460&idfa= date Tue, 06 Apr 2021 16:21:42 GMT server nginx content-length 0
GET H2	200	click trk.interceptd.com/ Redirect Chain https://click2comm.go2affise.com/click?pid=310&offer_id=2937127&sub1=NCT_iphone_ch_ofid10527173_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat4_sub4_sub5&sub2=889170913_249&sub6=id142... https://track.g4s6.com/tnser/18/12072?c=&sp=310 https://trk.interceptd.com/click?source_id=TVRVM01nPT18Tm5rNGVIRldkR001Tm5CalRIUnVXUzE1ZVMwdGN6RnFabVIyYmpaRWJHOD18TVdoNGQxaE1NamRNZUZVMWFreHlkUT09&click_id=1758926398C1617726102&sub_id=&device_id=	0 0	134ms 42ms	Stylesheet application/json	52.16.53.124 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://trk.interceptd.com/click?source_id=TVRVM01nPT18Tm5rNGVIRldkR001Tm5CalRIUnVXUzE1ZVMwdGN6RnFabVIyYmpaRWJHOD18TVdoNGQxaE1NamRNZUZVMWFreHlkUT09&click_id=1758926398C1617726102&sub_id=&device_id= Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 52.16.53.124 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Redirect headers Date Tue, 06 Apr 2021 16:21:42 GMT Via track.g4s6.com Server click2commission.com Access-Control-Allow-Origin * Access-Control-Max-Age 3600 Access-Control-Allow-Methods GET, POST Content-Language en Location https://trk.interceptd.com/click?source_id=TVRVM01nPT18Tm5rNGVIRldkR001Tm5CalRIUnVXUzE1ZVMwdGN6RnFabVIyYmpaRWJHOD18TVdoNGQxaE1NamRNZUZVMWFreHlkUT09&click_id=1758926398C1617726102&sub_id=&device_id= Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Access-Control-Allow-Headers X-Requested-With Content-Length 0 Hacker Welcome!!!
GET		click t2.trackuamedia.com/	0 0

GET		click apptastic.g2afse.com/	0 0

GET H2	200	click pandamobi.gotrackier.com/	22 B 863 B	84ms 46ms	Stylesheet text/plain	2606:4700:3039::6815:c009 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pandamobi.gotrackier.com/click?campaign_id=1485&pub_id=35&p1=NCT_iphone_ch_ofid8944462_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat7_sub4_sub5&source=889170913_249&p3=id1423046460 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3039::6815:c009 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1c439fcd21bab032475e5d1570615485417e6cfb202f774f9f16d77f0448d0d6` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-err CSS_REQUEST via 1.1 google cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare date Tue, 06 Apr 2021 16:21:42 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TNtFtLxniWdm5cpSCcpTNZmJkt7cfcxBXLPAu8ZEELGm028%2B4TJIqgCAJ8T73XZqVnUBeXKYwS3XQwZKP5xheIkHR%2FjKifnWDTZ4uAQims%2B6VsD9SN5Pw9q9ZbZJLBll6YufV7Y%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=utf-8 cf-request-id 094996720200000610b48f8000000001 cf-ray 63bc59c99b440610-FRA content-length 22 x-rt 1
GET H/1.1	200 OK	click aptrt.trckswrm.com/	0 75 B	122ms 37ms	Stylesheet text/plain	168.119.91.184 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://aptrt.trckswrm.com/click?offer_id=15364&pub_id=44&pub_click_id=NCT_iphone_ch_ofid10924505_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat8_sub4_sub5&pub_sub_id=889170913&pub_sub_sub_id=249&app=id1423046460 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 168.119.91.184 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.184.91.119.168.clients.your-server.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Apr 2021 16:21:42 GMT content-length 0
GET		click biggerpicture.g2afse.com/ Redirect Chain https://biggerpicture.g2afse.com/click?pid=52&offer_id=190492&sub5=NCT_iphone_ch_ofid10950676_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat9_sub4_sub5&sub1=889170913_249&sub3=id14230... https://biggerpicture.g2afse.com/click?pid=1&offer_id=188	0 0

GET		hurried zappiering.com/noid/ Redirect Chain https://md412.trckswrm.com/click?offer_id=98903&pub_id=10&pub_click_id=NCT_iphone_ch_ofid10839268_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat10_sub4_sub5&pub_sub_id=889170913&pub_s... https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AqW656wAAAF4p_1aRwABglcAAAAKAAAAAA	0 0

GET		click ad-experience.g2afse.com/	0 0

GET		click lambadapp.go2affise.com/	0 0

GET H/1.1	200 OK	click www.mynewrotationlink.com/ Redirect Chain https://track.paddlewaver.com/?campaign_id=4821836&publisher_id=1000044&clickid=NCT_iphone_ch_ofid10903656_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat13_sub4_sub5&channel=889170913... https://marlinads.g2afse.com/click?pid=61&offer_id=43583&sub1=p_869145ee-14d3-4d1d-cd63-0b36f1d04cf21617726102597&sub2=1000044_889170913_249&sub3=&sub4=&sub5=Run%20Race%203D&sub6=en-US&ip=185.156.1... https://tracking.appxigo.com/click/17972/370?ref_id=606c8a97530db70001476564&sub_pub=61&device_id=_&app_name=Run%20Race%203D&creative_id=en-US https://www.mynewrotationlink.com/click?offer_id=129&pub_id=54&pub_click_id=606c8a9769f253501147a6bd&pub_sub_id=370&pub_sub_sub_id=61&app=Run+Race+3D&app_store_id=Run+Race+3D&idfa=_&gaid=_	0 75 B	34ms 34ms	Stylesheet text/plain	168.119.91.184 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.mynewrotationlink.com/click?offer_id=129&pub_id=54&pub_click_id=606c8a9769f253501147a6bd&pub_sub_id=370&pub_sub_sub_id=61&app=Run+Race+3D&app_store_id=Run+Race+3D&idfa=_&gaid=_ Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 168.119.91.184 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.184.91.119.168.clients.your-server.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Apr 2021 16:21:43 GMT content-length 0 Redirect headers Location https://www.mynewrotationlink.com/click?offer_id=129&pub_id=54&pub_click_id=606c8a9769f253501147a6bd&pub_sub_id=370&pub_sub_sub_id=61&app=Run+Race+3D&app_store_id=Run+Race+3D&idfa=_&gaid=_ Date Tue, 06 Apr 2021 16:21:43 GMT Server nginx/1.14.0 (Ubuntu) Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET		click track.themedia.site/	0 0

GET H2	200	270040860000774a2e25.js trk143.nedo.xyz/l/ Redirect Chain https://click.appmultiple.net/tracking/click?clickid=NCT_iphone_ch_ofid10968865_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat15_sub4_sub5&trafficsource=1373697408&offerid=43341372378... https://go.xtraperfnow.com/click?pid=302&offer_id=395080&sub1=1617726102000R499&sub2=Ml9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_2622164913350511251016&sub3=&sub5=id1423046460 https://monktraff.com/l/270040860000774a2e25?source=302_Ml9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_2622164913350511251016 https://trk143.nedo.xyz/l/270040860000774a2e25.js?source=302_Ml9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_2622164913350511251016	0 0	155ms 63ms	Stylesheet text/html	172.64.205.22 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk143.nedo.xyz/l/270040860000774a2e25.js?source=302_Ml9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_2622164913350511251016 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.205.22 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Redirect headers date Tue, 06 Apr 2021 16:21:42 GMT nel {"max_age":604800,"report_to":"cf-nel"} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CKMIBHivOWjvsGhkivRzH2G04BM0Mi1GkrgeTSK1BKRoa%2Fz%2BfSn%2FwtrDosXNd6E0Dgva4RI2yhrb7N7lw4QJsJsmfGlp6kw%2FunklUOAo6LOl8AYoW%2FN4OfSp"}],"group":"cf-nel"} location https://trk143.nedo.xyz/l/270040860000774a2e25.js?source=302_Ml9hMzRkYWE0ODQwYTgyODk1ZDlmMmQ3OGI1NmIxMzFhMQ==_2622164913350511251016 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 63bc59cada8c4e8b-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09499672cb00004e8b15383000000001 expires Thu, 01 Jan 1970 00:00:01 GMT
GET H2	200	270053360191cdeb14f6.js trk143.nedo.xyz/l/ Redirect Chain https://amazus.g2afse.com/click?pid=4&offer_id=146&sub1=NCT_iphone_ch_ofid10912070_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat16_sub4_sub5&sub2=889170913_249&sub3=2643CDC4-48AD-461... https://go.coralreefs.xyz/redirect?feed=257052&auth=ebuQy0&url=https%3A%2F%2Fnewsverse.top&subid=4_889170913_249&query=https%3A%2F%2Fnewsverse.top&pub_clickid= https://maryaravyne.com/l/270053360191cdeb14f6?sub=0123456789&source=257052&sub2=ak2 https://trk143.nedo.xyz/l/270053360191cdeb14f6.js?sub=0123456789&source=257052&sub2=ak2	0 0	56ms 56ms	Stylesheet text/html	172.64.205.22 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk143.nedo.xyz/l/270053360191cdeb14f6.js?sub=0123456789&source=257052&sub2=ak2 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.205.22 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Redirect headers date Tue, 06 Apr 2021 16:21:42 GMT nel {"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yPO%2FTOiFuewglIZ2M6KcqtYII4e%2B0RB2ttwQtyRbRUwelNHGFEGkBwb1GhMu2seZHulUV5Y%2FlLlhy1z1vQVArmmWd4IwqkWYb18hcuX1N5gdGxjuxxpX%2Bn2dPQc%3D"}],"group":"cf-nel"} location https://trk143.nedo.xyz/l/270053360191cdeb14f6.js?sub=0123456789&source=257052&sub2=ak2 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 63bc59cc7a134e14-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 09499673cf00004e142913b000000001 expires Thu, 01 Jan 1970 00:00:01 GMT
GET		click apply.g2afse.com/	0 0

GET H/1.1	200 OK	click apts.trckswrm.com/	0 75 B	125ms 36ms	Stylesheet text/plain	148.251.132.216 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://apts.trckswrm.com/click?offer_id=138565&pub_id=10&pub_click_id=NCT_iphone_ch_ofid10974829_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat18_sub4_sub5&pub_sub_id=889170913&pub_sub_sub_id=249&app=id1423046460 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.251.132.216 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Apr 2021 16:21:42 GMT content-length 0
GET		click track.themedia.site/	0 0

GET		sl cellonltd.go2affise.com/ Redirect Chain https://cellonltd.g2afse.com/click?pid=43&offer_id=1047712&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460 https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub... https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub... https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub... https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub... https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub... https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub... https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub... https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub... https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub... https://cellonltd.g2afse.com/click?pid=55&offer_id=808294&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id14230464... https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub...	0 0

GET H/1.1	200 OK	click apts.trckswrm.com/	0 75 B	125ms 37ms	Stylesheet text/plain	148.251.132.216 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://apts.trckswrm.com/click?offer_id=144653&pub_id=10&pub_click_id=NCT_iphone_ch_ofid10975897_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat21_sub4_sub5&pub_sub_id=889170913&pub_sub_sub_id=249&app=id1423046460 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.251.132.216 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Apr 2021 16:21:42 GMT content-length 0
GET H/1.1	200 OK	click apts.trckswrm.com/	0 75 B	126ms 36ms	Stylesheet text/plain	148.251.132.216 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://apts.trckswrm.com/click?offer_id=44380&pub_id=10&pub_click_id=NCT_iphone_ch_ofid10131657_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat22_sub4_sub5&pub_sub_id=889170913&pub_sub_sub_id=249&app=id1423046460 Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.251.132.216 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Apr 2021 16:21:42 GMT content-length 0
GET H/1.1	200 OK	click www.mynewrotationlink.com/ Redirect Chain https://track.paddlewaver.com/?campaign_id=4670251&publisher_id=1000044&clickid=NCT_iphone_ch_ofid10435340_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat23_sub4_sub5&channel=889170913... https://www.mynewrotationlink.com/click?offer_id=70&pub_id=168&pub_click_id=p_63bb7c05-cee5-452b-c590-cc8c4e6288241617726102603&pub_sub_id=1000044&pub_sub_sub_id=889170913_249&app=Run%20Race%203D&a...	0 75 B	106ms 36ms	Stylesheet text/plain	168.119.91.184 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.mynewrotationlink.com/click?offer_id=70&pub_id=168&pub_click_id=p_63bb7c05-cee5-452b-c590-cc8c4e6288241617726102603&pub_sub_id=1000044&pub_sub_sub_id=889170913_249&app=Run%20Race%203D&app_store_id={packaganame}&idfa=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&gaid=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&user_ip=185.156.175.107&user_ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&user_language=en-US Requested by Host: cpi-offers.com URL: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=913&cid=606c8a954fa45e0001352372&sid=249&udid=&name=&info=GurMobSL&blockTime=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 168.119.91.184 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.184.91.119.168.clients.your-server.de Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 06 Apr 2021 16:21:42 GMT content-length 0 Redirect headers Location https://www.mynewrotationlink.com/click?offer_id=70&pub_id=168&pub_click_id=p_63bb7c05-cee5-452b-c590-cc8c4e6288241617726102603&pub_sub_id=1000044&pub_sub_sub_id=889170913_249&app=Run Race 3D&app_store_id={packaganame}&idfa=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&gaid=2643CDC4-48AD-4619-9B67-1DCFF8F74FAB&user_ip=185.156.175.107&user_ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&user_language=en-US Date Tue, 06 Apr 2021 16:21:42 GMT Server nginx/1.16.1 Connection keep-alive Content-Length 154 Content-Type text/html
GET		click bondika.g2afse.com/	0 0

GET		married lucazepa.com/sage/	0 0

GET		sl t2.trackuhub.com/ Redirect Chain https://t2.trackuamedia.com/click?pid=141&offer_id=4664&sub2=889170913_249&sub3=NCT_iphone_ch_ofid7842578_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat5_sub4_sub5&sub4=id1423046460 http://t2.trackuhub.com/sl?id=5fff140d3d250a8e23c15d98&pid=1&sub2=141_889170913_249&sub1=&sub5=&sub3=NCT_iphone_ch_ofid7842578_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat5_sub4_sub5	0 0

GET		sl apptastic.g2afse.com/ Redirect Chain https://apptastic.g2afse.com/click?pid=46&offer_id=4331787&sub1=NCT_iphone_ch_ofid10058628_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat6_sub4_sub5&sub2=889170913_249&sub4=id1423046460 http://apptastic.g2afse.com/sl?id=5ed0ee1c96f015dc9b166976&pid=192&sub1=CH&sub2=4331787&sub3=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrom...	0 0

GET		sl tracking.armorads.com/ Redirect Chain https://biggerpicture.g2afse.com/click?pid=52&offer_id=190492&sub5=NCT_iphone_ch_ofid10950676_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat9_sub4_sub5&sub1=889170913_249&sub3=id14230... https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=145&sub1=BP01_&sub2=1&sub3=	0 0

GET		575137 tare.pro/go/216668/ Redirect Chain https://md412.trckswrm.com/click?offer_id=98903&pub_id=10&pub_click_id=NCT_iphone_ch_ofid10839268_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat10_sub4_sub5&pub_sub_id=889170913&pub_s... https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AqQVTlUAAAF4p_1doQABglcAAAAKAAAAAA http://tare.pro/go/216668/575137	0 0

GET		sl ad-experience.g2afse.com/ Redirect Chain https://ad-experience.g2afse.com/click?pid=2&offer_id=554855&sub1=NCT_iphone_ch_ofid10825972_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat11_sub4_sub5&sub2=889170913_249&sub5=id14230... http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=554855&sub3=2	0 0

GET		clicks click.mnmnck.com/tracking/ Redirect Chain https://lambadapp.go2affise.com/click?pid=46&offer_id=3844789&sub1=NCT_iphone_ch_ofid10927983_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat12_sub4_sub5&sub2=889170913_249&sub3=id1423... http://click.mnmnck.com/tracking/clicks?clickid=606c8a975aa8470001e36865&trafficsource=1373696237&offerid=433947574796105698&pub_subid=46_889170913_249&sub_placement=id1423046460&idfa=&gaid=	0 0

GET		sl zorkamarket.g2afse.com/ Redirect Chain https://track.themedia.site/click?pid=5&offer_id=59061&sub1=NCT_iphone_ch_ofid10710822_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat14_sub4_sub5&sub2=889170913_249&sub7=id1423046460&... http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215	0 0

GET		sl apply.g2afse.com/ Redirect Chain https://apply.g2afse.com/click?pid=3&offer_id=122183&sub1=NCT_iphone_ch_ofid10974358_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat17_sub4_sub5&sub4=id1423046460&sub2=889170913_249 http://apply.g2afse.com/sl?id=5f77265a1a6e4b1879225258&pid=14	0 0

GET		sl zorkamarket.g2afse.com/ Redirect Chain https://track.themedia.site/click?pid=5&offer_id=66462&sub1=NCT_iphone_ch_ofid10935521_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat19_sub4_sub5&sub2=889170913_249&sub7=id1423046460&... http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215	0 0

GET		sl tracking.armorads.com/ Redirect Chain https://bondika.g2afse.com/click?pid=2&offer_id=23307&sub1=889170913&sub2=249&sub3=NCT_iphone_ch_ofid6543649_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat24_sub4_sub5&sub5=id1423046460 http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=139&sub1=&sub2=2&sub3=889170913	0 0

GET		575137 tare.pro/go/216668/ Redirect Chain https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D http://tare.pro/go/216668/575137	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: t2.trackuamedia.com
URL: https://t2.trackuamedia.com/click?pid=141&offer_id=4664&sub2=889170913_249&sub3=NCT_iphone_ch_ofid7842578_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat5_sub4_sub5&sub4=id1423046460

Domain: apptastic.g2afse.com
URL: https://apptastic.g2afse.com/click?pid=46&offer_id=4331787&sub1=NCT_iphone_ch_ofid10058628_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat6_sub4_sub5&sub2=889170913_249&sub4=id1423046460

Domain: biggerpicture.g2afse.com
URL: https://biggerpicture.g2afse.com/click?pid=1&offer_id=188

Domain: zappiering.com
URL: https://zappiering.com/noid/hurried?wiry=yUTfM5ug980FMq10Mn96ng%3D%3D&pid=20&clk=AqW656wAAAF4p_1aRwABglcAAAAKAAAAAA

Domain: ad-experience.g2afse.com
URL: https://ad-experience.g2afse.com/click?pid=2&offer_id=554855&sub1=NCT_iphone_ch_ofid10825972_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat11_sub4_sub5&sub2=889170913_249&sub5=id1423046460

Domain: lambadapp.go2affise.com
URL: https://lambadapp.go2affise.com/click?pid=46&offer_id=3844789&sub1=NCT_iphone_ch_ofid10927983_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat12_sub4_sub5&sub2=889170913_249&sub3=id1423046460

Domain: track.themedia.site
URL: https://track.themedia.site/click?pid=5&offer_id=59061&sub1=NCT_iphone_ch_ofid10710822_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat14_sub4_sub5&sub2=889170913_249&sub7=id1423046460&sub8=id1423046460

Domain: apply.g2afse.com
URL: https://apply.g2afse.com/click?pid=3&offer_id=122183&sub1=NCT_iphone_ch_ofid10974358_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat17_sub4_sub5&sub4=id1423046460&sub2=889170913_249

Domain: track.themedia.site
URL: https://track.themedia.site/click?pid=5&offer_id=66462&sub1=NCT_iphone_ch_ofid10935521_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat19_sub4_sub5&sub2=889170913_249&sub7=id1423046460&sub8=id1423046460

Domain: cellonltd.go2affise.com
URL: https://cellonltd.go2affise.com/sl?id=606c85ff7faa83f529278ed1&pid=55&sub1=NCT_iphone_ch_ofid10854491_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat20_sub4_sub5&sub2=889170913_249&sub3=id1423046460&sub4=&sub5=&sub6=

Domain: bondika.g2afse.com
URL: https://bondika.g2afse.com/click?pid=2&offer_id=23307&sub1=889170913&sub2=249&sub3=NCT_iphone_ch_ofid6543649_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat24_sub4_sub5&sub5=id1423046460

Domain: lucazepa.com
URL: https://lucazepa.com/sage/married?mean=4Cq0yFf%2FZw4ygYl5agJv1KU9Jm8%2F7gYOw3GGpqkDJhI%3D

Domain: t2.trackuhub.com
URL: http://t2.trackuhub.com/sl?id=5fff140d3d250a8e23c15d98&pid=1&sub2=141_889170913_249&sub1=&sub5=&sub3=NCT_iphone_ch_ofid7842578_pid913_sub1606c8a954fa45e0001352372_sub2249_sub3GurMobSL_nat5_sub4_sub5

Domain: apptastic.g2afse.com
URL: http://apptastic.g2afse.com/sl?id=5ed0ee1c96f015dc9b166976&pid=192&sub1=CH&sub2=4331787&sub3=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&sub4=185.156.175.107&sub5=46

Domain: tracking.armorads.com
URL: http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=145&sub1=BP01_&sub2=1&sub3=

Domain: tare.pro
URL: http://tare.pro/go/216668/575137

Domain: ad-experience.g2afse.com
URL: http://ad-experience.g2afse.com/sl?id=5c9cb536d0348f004454f1b2&pid=1&sub2=554855&sub3=2

Domain: click.mnmnck.com
URL: http://click.mnmnck.com/tracking/clicks?clickid=606c8a975aa8470001e36865&trafficsource=1373696237&offerid=433947574796105698&pub_subid=46_889170913_249&sub_placement=id1423046460&idfa=&gaid=

Domain: zorkamarket.g2afse.com
URL: http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Domain: apply.g2afse.com
URL: http://apply.g2afse.com/sl?id=5f77265a1a6e4b1879225258&pid=14

Domain: zorkamarket.g2afse.com
URL: http://zorkamarket.g2afse.com/sl?id=5f20049cd1fc3bbe7f2be6e6&pid=1215

Domain: tracking.armorads.com
URL: http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=139&sub1=&sub2=2&sub3=889170913

Domain: tare.pro
URL: http://tare.pro/go/216668/575137

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-experience.g2afse.com
amazus.g2afse.com
apply.g2afse.com
appmedia.g2afse.com
apptastic.g2afse.com
aptrt.trckswrm.com
apts.trckswrm.com
biggerpicture.g2afse.com
bondika.g2afse.com
cellonltd.go2affise.com
click.appmultiple.net
click.mnmnck.com
click2comm.go2affise.com
cpi-offers.com
digitalfuture.g2afse.com
go.coralreefs.xyz
go.xtraperfnow.com
gurmob.g2afse.com
lambadapp.go2affise.com
lucazepa.com
marlinads.g2afse.com
maryaravyne.com
monktraff.com
pandamobi.gotrackier.com
t2.trackuamedia.com
t2.trackuhub.com
tare.pro
track.g4s6.com
track.hexcan.com
track.paddlewaver.com
track.themedia.site
tracking.appxigo.com
tracking.armorads.com
trk.interceptd.com
trk143.nedo.xyz
www.mynewrotationlink.com
zappiering.com
zorkamarket.g2afse.com
ad-experience.g2afse.com
apply.g2afse.com
apptastic.g2afse.com
biggerpicture.g2afse.com
bondika.g2afse.com
cellonltd.go2affise.com
click.mnmnck.com
lambadapp.go2affise.com
lucazepa.com
t2.trackuamedia.com
t2.trackuhub.com
tare.pro
track.themedia.site
tracking.armorads.com
zappiering.com
zorkamarket.g2afse.com
13.251.242.229
136.243.10.27
148.251.132.216
168.119.91.184
172.64.205.22
18.185.186.177
198.134.116.30
213.227.134.196
213.227.134.198
213.227.134.238
213.227.135.229
213.227.135.231
213.227.135.235
213.227.156.13
2606:4700:3030::ac43:b3ef
2606:4700:3035::6815:cbc
2606:4700:3039::6815:c009
3.228.216.108
35.244.190.228
52.16.53.124
95.168.187.2
1c439fcd21bab032475e5d1570615485417e6cfb202f774f9f16d77f0448d0d6
a66c60826c31741c448d59f52821291f29193eff529ab2b2910c90c903d8a8ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

cpi-offers.com Open in urlscan Pro 18.185.186.177 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

38 %HTTPS

14 %IPv6

25 Domains

38 Subdomains

8 IPs

6 Countries

3 kBTransfer

7 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

Indicators

cpi-offers.com Open in urlscan Pro
18.185.186.177 Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

38 %
HTTPS

14 %
IPv6

25
Domains

38
Subdomains

8
IPs

6
Countries

3 kB
Transfer

7 kB
Size

0
Cookies

37 HTTP transactions
0 data transactions