Submitted URL: https://rdifferenco.club/?tid=737329&noocp=1&hop=6&geo=IL&sub=4usio
Effective URL: https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=...
Submission: On May 13 via manual from RO

Summary

This website contacted 5 IPs in 4 countries across 8 domains to perform 9 HTTP transactions. The main IP is 213.227.145.147, located in Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is click-to-continue.network.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on November 3rd 2020. Valid for: a year.
This is the only time click-to-continue.network was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 143.204.98.70 ()
1 1 2001:41d0:203... 16276 (OVH)
1 35.201.127.73 15169 (GOOGLE)
2 2 35.201.117.228 15169 (GOOGLE)
1 1 2a03:b0c0:3:d... 14061 (DIGITALOC...)
1 213.227.149.216 60781 (LEASEWEB-...)
4 213.227.145.147 60781 (LEASEWEB-...)
2 67.27.157.122 3356 (LEVEL3)
1 213.227.145.141 60781 (LEASEWEB-...)
9 5
Domain Requested by
3 free-coupons.network click-to-continue.network
2 cdn.special-offers.online click-to-continue.network
2 dexchangeinc.com 2 redirects
1 wbidder.online free-coupons.network
1 click-to-continue.network special-offers.online
1 special-offers.online www.trafyield.com
1 track.free-coupons.network 1 redirects
1 www.trafyield.com
1 tm-offers.gamingadult.com 1 redirects
1 rdifferenco.club 1 redirects
9 10

This site contains no links.

Subject Issuer Validity Valid
*.special-offers.online
AlphaSSL CA - SHA256 - G2
2020-07-06 -
2021-08-30
a year crt.sh
*.click-to-continue.network
AlphaSSL CA - SHA256 - G2
2020-11-03 -
2021-12-05
a year crt.sh
*.free-coupons.network
AlphaSSL CA - SHA256 - G2
2021-03-08 -
2022-04-09
a year crt.sh
*.wbidder.online
AlphaSSL CA - SHA256 - G2
2021-03-06 -
2022-04-07
a year crt.sh

This page contains 1 frames:

Primary Page: https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Frame ID: 89BE4E4EE60437C8CAED0A3EFECA0020
Requests: 9 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://rdifferenco.club/?tid=737329&noocp=1&hop=6&geo=IL&sub=4usio HTTP 302
    https://tm-offers.gamingadult.com/?offer=461&uid=1b428417-5a71-4589-b1e9-809f2b9dbee1&subid=518112085444847515... HTTP 302
    http://www.trafyield.com/jump/next.php?r=2266483&pub_clickid=${UNIQUE_ID}&sub1=${CHANNEL_ID} Page URL
  2. http://dexchangeinc.com/jump/next.php?stamat=m%7C%2C4ojNqNhJqB1dAN0dEdHP3xP.803%2C7H0PozvLiGV-YkDx82... HTTP 302
    http://dexchangeinc.com/script/i.php?stamat=m%7C%2C%2CQhfrd2frtGU3Bf9GH0dEdHP3xP.ea8%2C0DEanjlk6-sxm... HTTP 302
    https://track.free-coupons.network/15GlN9?subid=2266483-2658448306-0&country={country}&affid=999762&cost={payou... HTTP 302
    https://special-offers.online/lp/common/arb/?url=/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-26584... Page URL
  3. https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers via /^1\.1 google$/i

Page Statistics

9
Requests

89 %
HTTPS

22 %
IPv6

8
Domains

10
Subdomains

5
IPs

4
Countries

504 kB
Transfer

510 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://rdifferenco.club/?tid=737329&noocp=1&hop=6&geo=IL&sub=4usio HTTP 302
    https://tm-offers.gamingadult.com/?offer=461&uid=1b428417-5a71-4589-b1e9-809f2b9dbee1&subid=5181120854448475154&subid2=737329 HTTP 302
    http://www.trafyield.com/jump/next.php?r=2266483&pub_clickid=${UNIQUE_ID}&sub1=${CHANNEL_ID} Page URL
  2. http://dexchangeinc.com/jump/next.php?stamat=m%7C%2C4ojNqNhJqB1dAN0dEdHP3xP.803%2C7H0PozvLiGV-YkDx825CHjXHsSctWIGDQyh13bePJRpTXHmP4fPJqZw3misuQaTrYiQZ_O80jDaW0Nc5Qo-FKvvrAUwtubi-6hYNcaJ4DcM%2C&cbrandom=0.8671571375525682&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
    http://dexchangeinc.com/script/i.php?stamat=m%7C%2C%2CQhfrd2frtGU3Bf9GH0dEdHP3xP.ea8%2C0DEanjlk6-sxm4I4MfTK7Dj8FGg-dRX5mYtQ2l6rM7MGguoWuOYqZ10bG0k5eq71c2Hi3FL44lgdS8dBIKR8-x7yoypJBLNLfq6t4bqXV7VRZAou4J_tn8lo9panzgcn9yNKhts3EL-O-Ni18yVlY9ln8FaVIlUzLf87oJ_vx7jUOakotXBrmPJZ50Fl2CrWhqtbIoZRj0IEekMRi5OYNQU9GMg9qdxCBPOqOfAEzbOoSZzXMSwBhnt4_hqNZxd3OgRoWm1iTT7JIuIB8GRGKxtQauHLfK1mXvqMh7JrkJYYXX_NAs1QVDvQQ54fjVY85fdl82LAAFlYKd-NRhbJ0zGFiTwYhywofOOoV3DMcFSwVImkQFynG3-2N8J4t2D5qDjEmNp4xN4IgARddjkuudbVy-AyNqr7pCLF4O6CPn0PVjp7kuwa8AhIl58erXyE HTTP 302
    https://track.free-coupons.network/15GlN9?subid=2266483-2658448306-0&country={country}&affid=999762&cost={payout}&external_id=16208664593287471459183754093139744 HTTP 302
    https://special-offers.online/lp/common/arb/?url=/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc Page URL
  3. https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://rdifferenco.club/?tid=737329&noocp=1&hop=6&geo=IL&sub=4usio HTTP 302
  • https://tm-offers.gamingadult.com/?offer=461&uid=1b428417-5a71-4589-b1e9-809f2b9dbee1&subid=5181120854448475154&subid2=737329 HTTP 302
  • http://www.trafyield.com/jump/next.php?r=2266483&pub_clickid=${UNIQUE_ID}&sub1=${CHANNEL_ID}
Request Chain 1
  • http://dexchangeinc.com/jump/next.php?stamat=m%7C%2C4ojNqNhJqB1dAN0dEdHP3xP.803%2C7H0PozvLiGV-YkDx825CHjXHsSctWIGDQyh13bePJRpTXHmP4fPJqZw3misuQaTrYiQZ_O80jDaW0Nc5Qo-FKvvrAUwtubi-6hYNcaJ4DcM%2C&cbrandom=0.8671571375525682&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
  • http://dexchangeinc.com/script/i.php?stamat=m%7C%2C%2CQhfrd2frtGU3Bf9GH0dEdHP3xP.ea8%2C0DEanjlk6-sxm4I4MfTK7Dj8FGg-dRX5mYtQ2l6rM7MGguoWuOYqZ10bG0k5eq71c2Hi3FL44lgdS8dBIKR8-x7yoypJBLNLfq6t4bqXV7VRZAou4J_tn8lo9panzgcn9yNKhts3EL-O-Ni18yVlY9ln8FaVIlUzLf87oJ_vx7jUOakotXBrmPJZ50Fl2CrWhqtbIoZRj0IEekMRi5OYNQU9GMg9qdxCBPOqOfAEzbOoSZzXMSwBhnt4_hqNZxd3OgRoWm1iTT7JIuIB8GRGKxtQauHLfK1mXvqMh7JrkJYYXX_NAs1QVDvQQ54fjVY85fdl82LAAFlYKd-NRhbJ0zGFiTwYhywofOOoV3DMcFSwVImkQFynG3-2N8J4t2D5qDjEmNp4xN4IgARddjkuudbVy-AyNqr7pCLF4O6CPn0PVjp7kuwa8AhIl58erXyE HTTP 302
  • https://track.free-coupons.network/15GlN9?subid=2266483-2658448306-0&country={country}&affid=999762&cost={payout}&external_id=16208664593287471459183754093139744 HTTP 302
  • https://special-offers.online/lp/common/arb/?url=/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
next.php
www.trafyield.com/jump/
Redirect Chain
  • https://rdifferenco.club/?tid=737329&noocp=1&hop=6&geo=IL&sub=4usio
  • https://tm-offers.gamingadult.com/?offer=461&uid=1b428417-5a71-4589-b1e9-809f2b9dbee1&subid=5181120854448475154&subid2=737329
  • http://www.trafyield.com/jump/next.php?r=2266483&pub_clickid=${UNIQUE_ID}&sub1=${CHANNEL_ID}
7 KB
3 KB
Document
General
Full URL
http://www.trafyield.com/jump/next.php?r=2266483&pub_clickid=${UNIQUE_ID}&sub1=${CHANNEL_ID}
Protocol
HTTP/1.1
Server
35.201.127.73 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
73.127.201.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
e1dc080590e3e7408ae747da5e0f0fc3d7c1bb3207be2e6d35f877518b9a4cf6

Request headers

Host
www.trafyield.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Response headers

Server
openresty
Date
Thu, 13 May 2021 00:40:57 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 google

Redirect headers

server
nginx
date
Thu, 13 May 2021 00:40:57 GMT
content-type
text/html; charset=UTF-8
location
http://www.trafyield.com/jump/next.php?r=2266483&pub_clickid=${UNIQUE_ID}&sub1=${CHANNEL_ID}
/
special-offers.online/lp/common/arb/
Redirect Chain
  • http://dexchangeinc.com/jump/next.php?stamat=m%7C%2C4ojNqNhJqB1dAN0dEdHP3xP.803%2C7H0PozvLiGV-YkDx825CHjXHsSctWIGDQyh13bePJRpTXHmP4fPJqZw3misuQaTrYiQZ_O80jDaW0Nc5Qo-FKvvrAUwtubi-6hYNcaJ4DcM%2C&cbra...
  • http://dexchangeinc.com/script/i.php?stamat=m%7C%2C%2CQhfrd2frtGU3Bf9GH0dEdHP3xP.ea8%2C0DEanjlk6-sxm4I4MfTK7Dj8FGg-dRX5mYtQ2l6rM7MGguoWuOYqZ10bG0k5eq71c2Hi3FL44lgdS8dBIKR8-x7yoypJBLNLfq6t4bqXV7VRZA...
  • https://track.free-coupons.network/15GlN9?subid=2266483-2658448306-0&country={country}&affid=999762&cost={payout}&external_id=16208664593287471459183754093139744
  • https://special-offers.online/lp/common/arb/?url=/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=D...
479 B
572 B
Document
General
Full URL
https://special-offers.online/lp/common/arb/?url=/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Requested by
Host: www.trafyield.com
URL: http://www.trafyield.com/jump/next.php?r=2266483&pub_clickid=${UNIQUE_ID}&sub1=${CHANNEL_ID}
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.149.216 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
special-offers.online
:scheme
https
:path
/lp/common/arb/?url=/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Referer
http://www.trafyield.com/jump/next.php?r=2266483&pub_clickid=${UNIQUE_ID}&sub1=${CHANNEL_ID}

Response headers

server
nginx
date
Thu, 13 May 2021 00:40:59 GMT
content-type
text/html; charset=UTF-8
x-frame-options
SAMEORIGIN

Redirect headers

Server
nginx/1.19.5
Date
Thu, 13 May 2021 00:40:59 GMT
Content-Type
text/html; charset=utf-8
Content-Length
980
Connection
keep-alive
X-Powered-By
Express
Set-Cookie
15GlN9o=20210513001620866753096; domain=.track.free-coupons.network; path=/;expires=Fri, 14 May 2021 00:40:59 GMT; httpOnly=true;SameSite=None; Secure; _pc_lc_id=15GlN9; domain=.track.free-coupons.network; path=/;expires=Fri, 14 May 2021 00:40:59 GMT; httpOnly=true;SameSite=None; Secure; peerclickcid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513; domain=.track.free-coupons.network; path=/;expires=Fri, 14 May 2021 00:40:59 GMT; httpOnly=true;SameSite=None; Secure; _norg=1; domain=.track.free-coupons.network; path=/;expires=Fri, 14 May 2021 00:40:59 GMT; httpOnly=true;SameSite=None; Secure;
Location
https://special-offers.online/lp/common/arb/?url=/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Vary
Accept
Primary Request /
click-to-continue.network/gif-lp/3/
728 B
873 B
Document
General
Full URL
https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Requested by
Host: special-offers.online
URL: https://special-offers.online/lp/common/arb/?url=/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
9e7c9574e75be184057aea30be04c143861d825c5e8029894862d6199c85934b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
click-to-continue.network
:scheme
https
:path
/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://special-offers.online/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Referer
https://special-offers.online/

Response headers

server
nginx
date
Thu, 13 May 2021 00:40:59 GMT
content-type
text/html
content-length
728
last-modified
Wed, 19 Aug 2020 15:42:16 GMT
etag
"5f3d4858-2d8"
x-frame-options
SAMEORIGIN
accept-ranges
bytes
style-new.css
cdn.special-offers.online/lp/plugin/css/
38 KB
38 KB
Stylesheet
General
Full URL
https://cdn.special-offers.online/lp/plugin/css/style-new.css
Requested by
Host: click-to-continue.network
URL: https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.27.157.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
SE-1.15.12 /
Resource Hash
16ce0f7d9635fcb57c2ce46a649d17c9cc7e32819161179f41eea29caf5d5223

Request headers

Referer
https://click-to-continue.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Response headers

date
Thu, 13 May 2021 00:40:59 GMT
last-modified
Fri, 28 Sep 2018 15:56:11 GMT
server
SE-1.15.12
age
1611619
etag
"5bae4f1b-9694"
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-cachetier-status
EXPIRED
x-cdn
Level3
accept-ranges
bytes
content-length
38548
x-edgecache-status
MISS
expires
Mon, 24 May 2021 09:00:40 GMT
bg.webp
cdn.special-offers.online/lp/gif-lp/3/
355 KB
356 KB
Image
General
Full URL
https://cdn.special-offers.online/lp/gif-lp/3/bg.webp
Requested by
Host: click-to-continue.network
URL: https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.27.157.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
SE-1.15.8 /
Resource Hash
6695d270650865abfa1944df5d3bc0deae2b6e67f08a271a63aadfb2698e4faf

Request headers

Referer
https://click-to-continue.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Response headers

date
Thu, 13 May 2021 00:40:59 GMT
last-modified
Wed, 19 Aug 2020 15:05:15 GMT
server
SE-1.15.8
age
21999501
etag
"5f3d3fab-58c82"
content-type
image/webp
access-control-allow-origin
*
x-cachetier-status
MISS
x-cdn
Level3
accept-ranges
bytes
content-length
363650
x-edgecache-status
MISS
IndexedDb.js
free-coupons.network/lp/plugin/js/
4 KB
4 KB
Script
General
Full URL
https://free-coupons.network/lp/plugin/js/IndexedDb.js
Requested by
Host: click-to-continue.network
URL: https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
2ae833f4464565f0a42688dc6e386f1e2fdfd63ccafe93151404b4c27fa9f8f7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://click-to-continue.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Response headers

date
Thu, 13 May 2021 00:40:59 GMT
last-modified
Fri, 03 Jul 2020 09:20:38 GMT
server
nginx
etag
"5efef866-1012"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
4114
expires
Sat, 12 Jun 2021 00:40:59 GMT
log.js
free-coupons.network/lp/plugin/js/
1 KB
2 KB
Script
General
Full URL
https://free-coupons.network/lp/plugin/js/log.js
Requested by
Host: click-to-continue.network
URL: https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
b126582a2dc15643553ecc896192ffe2b58858c39571411ef548013a0be9d258
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://click-to-continue.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Response headers

date
Thu, 13 May 2021 00:40:59 GMT
last-modified
Fri, 03 Jul 2020 09:20:39 GMT
server
nginx
etag
"5efef867-5c3"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
1475
expires
Sat, 12 Jun 2021 00:40:59 GMT
client.js
free-coupons.network/lp/plugin/js/
99 KB
99 KB
Script
General
Full URL
https://free-coupons.network/lp/plugin/js/client.js
Requested by
Host: click-to-continue.network
URL: https://click-to-continue.network/gif-lp/3/?tag=999762&tag1=musicplayer&tag2=2266483-2658448306-0&tag3=999762&tag4=dating&clickid=b029c2c68390bb7a7e9a0ffb5645bfc9-4888-0513&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=999762&subid=2266483-2658448306-0&ln=en&cid=%7Bcountry%7D&useragent=%7Bvar:useragent%7D&ip=2a01:04f8:0192:5414:0000:0000:0000:0002&bv=Chrome%2055&as=pc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
e68a5fa473afa396b513a8a02c197417123b13dc4b0109af33de25d49da9e862
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://click-to-continue.network/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Response headers

date
Thu, 13 May 2021 00:40:59 GMT
last-modified
Fri, 03 Jul 2020 09:20:39 GMT
server
nginx
etag
"5efef867-18c61"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
101473
expires
Sat, 12 Jun 2021 00:40:59 GMT
client
wbidder.online/offer/
4 KB
1 KB
Fetch
General
Full URL
https://wbidder.online/offer/client?affid=onw_999762&subid=2266483-2658448306-0&days=8&count=3
Requested by
Host: free-coupons.network
URL: https://free-coupons.network/lp/plugin/js/client.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.141 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
3868ed768d0436228e19a06304f5c053a567b1c1d212db12aa77132d32b95e45

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 13 May 2021 00:41:00 GMT
content-encoding
gzip
vary
Origin, Accept-Encoding
keep-alive
timeout=5
transfer-encoding
chunked
content-type
application/json; charset=utf-8

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| _createClass function| _classCallCheck function| IndexedDb function| Log object| _0x30cd function| _0x5046 function| _slicedToArray string| API_URL object| publicKeys string| domain object| log object| bidderBlockAffids object| bidderAffids2 object| bidder100Affids object| affidNoTimeoutRedirect function| Client function| Modal function| Dom object| body object| head object| qsObj string| kId function| getDomain function| getRandomArrItem

0 Cookies