www.dexchangeinc.com Open in urlscan Pro
35.201.117.228 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://clk.apxadtracking.net/iclk/redirect.php?id=mNGQKWbreOjMIWuXmTeReNjnKRjMIWuXeU4ueUJ-0N&trafficsourceid=31438&dv1=_6n8lm...
Effective URL:
https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576
Submission: On June 05 via manual (June 5th 2018, 10:35:17 pm UTC) from US

Summary HTTP 37 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 32 domains to perform 37 HTTP transactions. The main IP is 35.201.117.228, located in Ann Arbor, United States and belongs to GOOGLE - Google LLC, US. The main domain is www.dexchangeinc.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on March 8th 2018. Valid for: 2 years.

This is the only time www.dexchangeinc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	136.243.47.66 136.243.47.66	24940 (HETZNER-AS) (HETZNER-AS)
1	54.69.114.80 54.69.114.80	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.194.116.224 54.194.116.224	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	31.220.24.95 31.220.24.95	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
3	172.217.16.173 172.217.16.173	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	172.217.22.110 172.217.22.110	15169 (GOOGLE) (GOOGLE - Google LLC)
2	35.201.117.228 35.201.117.228	15169 (GOOGLE) (GOOGLE - Google LLC)
37	6

1 136.243.47.66 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.66.47.243.136.clients.your-server.de

clk.apxadtracking.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.114.80 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-69-114-80.us-west-2.compute.amazonaws.com

c.navhi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.116.224 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-194-116-224.eu-west-1.compute.amazonaws.com

traffic.tc-clicks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.220.24.95 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

xebadu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.173 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f13.1e100.net

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.110 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s18-in-f110.1e100.net

plus.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.117.228 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 228.117.201.35.bc.googleusercontent.com

www.dexchangeinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	google.com 1 redirects accounts.google.com plus.google.com	62 KB
2	dexchangeinc.com www.dexchangeinc.com	2 KB
2	xebadu.com xebadu.com	4 KB
1	tc-clicks.com traffic.tc-clicks.com Failed	1 KB
1	navhi.com c.navhi.com	1 KB
1	apxadtracking.net 1 redirects clk.apxadtracking.net	269 B
0	vk.com Failed vk.com Failed
0	indeed.com Failed secure.indeed.com Failed
0	bitbucket.org Failed bitbucket.org Failed
0	meetup.com Failed secure.meetup.com Failed
0	disqus.com Failed disqus.com Failed
0	airbnb.com Failed www.airbnb.com Failed
0	500px.com Failed 500px.com Failed
0	paypal.com Failed www.paypal.com Failed
0	khanacademy.org Failed www.khanacademy.org Failed
0	slack.com Failed slack.com Failed
0	edx.org Failed courses.edx.org Failed
0	carbonmade.com Failed carbonmade.com Failed
0	medium.com Failed medium.com Failed
0	github.com Failed github.com Failed
0	steampowered.com Failed store.steampowered.com Failed
0	battle.net Failed eu.battle.net Failed
0	foursquare.com Failed de.foursquare.com Failed
0	pinterest.com Failed www.pinterest.com Failed
0	dropbox.com Failed www.dropbox.com Failed
0	expedia.de Failed www.expedia.de Failed
0	tumblr.com Failed www.tumblr.com Failed
0	reddit.com Failed www.reddit.com Failed
0	skype.com Failed login.skype.com Failed
0	facebook.com Failed www.facebook.com Failed
0	twitter.com Failed twitter.com Failed
0	squareup.com Failed squareup.com Failed
37	32

	Domain	Requested by
3	accounts.google.com	xebadu.com
2	www.dexchangeinc.com	xebadu.com www.dexchangeinc.com
2	xebadu.com	xebadu.com
1	plus.google.com	1 redirects
1	traffic.tc-clicks.com	c.navhi.com
1	c.navhi.com
1	clk.apxadtracking.net	1 redirects
0	vk.com Failed	xebadu.com
0	secure.indeed.com Failed	xebadu.com
0	bitbucket.org Failed	xebadu.com
0	secure.meetup.com Failed	xebadu.com
0	disqus.com Failed	xebadu.com
0	www.airbnb.com Failed	xebadu.com
0	500px.com Failed	xebadu.com
0	www.paypal.com Failed	xebadu.com
0	www.khanacademy.org Failed	xebadu.com
0	slack.com Failed	xebadu.com
0	courses.edx.org Failed	xebadu.com
0	carbonmade.com Failed	xebadu.com
0	medium.com Failed	xebadu.com
0	github.com Failed	xebadu.com
0	store.steampowered.com Failed	xebadu.com
0	eu.battle.net Failed	xebadu.com
0	de.foursquare.com Failed	xebadu.com
0	www.pinterest.com Failed	xebadu.com
0	www.dropbox.com Failed	xebadu.com
0	www.expedia.de Failed	xebadu.com
0	www.tumblr.com Failed	xebadu.com
0	www.reddit.com Failed	xebadu.com
0	login.skype.com Failed	xebadu.com
0	www.facebook.com Failed	xebadu.com
0	twitter.com Failed	xebadu.com
0	squareup.com Failed	xebadu.com
37	33

This site contains no links.

Subject Issuer	Validity	Valid
navhi.com Amazon	`2018-05-25` - `2019-06-25`	a year	crt.sh
xebadu.com Let's Encrypt Authority X3	`2018-05-28` - `2018-08-26`	3 months	crt.sh
dexchangeinc.com COMODO RSA Domain Validation Secure Server CA	`2018-03-08` - `2020-03-07`	2 years	crt.sh

This page contains 1 frames:

Frame: https://www.dexchangeinc.com/jump/next.php?stamat=m%7C%2C0NiYrd2MqB1dAN0dEdHP3xP.1b2%2CR3wy2DY29rzkEz-nGvMl6iWSHq0Efw2Font_9QcomZnhwZ0sFGU9UiOs-VHKlAdbiiYcta6lLrHL8y7sJq530UkTWQ2y2P5AJCi-rXDoSsc%2C&cbrandom=0.06622762511347213&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fxebadu.com%2Fafu.php%3Fzoneid%3D1433141%26var%3D1540576
Frame ID: D63C37E9C09C48CF8954F9424452CA2D
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://clk.apxadtracking.net/iclk/redirect.php?id=mNGQKWbreOjMIWuXmTeReNjnKRjMIWuXeU4ueUJ-0N&trafficsourc... HTTP 302
https://c.navhi.com/ck/sl/qMudMqbt?tfc_id=232&sc=26920_31438_603345&pub_click_id=w4ji68xebu9m Page URL
http://traffic.tc-clicks.com/?p=9968&media_type=mainstream&pi=mainstream_popunder&source_type=popunder&cl... Page URL
https://xebadu.com/afu.php?zoneid=1540576&ymid=d8rxixd5fp4wwocgowk0ggwo8,12636908,5,9968&pid=12... Page URL
https://xebadu.com/?zoneid=1540576&r=%2Fmb%2Fhan%2Fdl&nojs=0&x=1600&y=1200&t=0&ix=0&fs=0&timeou... Page URL
https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

37
Requests

14 %
HTTPS

0 %
IPv6

32
Domains

33
Subdomains

6
IPs

4
Countries

71 kB
Transfer

18 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://clk.apxadtracking.net/iclk/redirect.php?id=mNGQKWbreOjMIWuXmTeReNjnKRjMIWuXeU4ueUJ-0N&trafficsourceid=31438&dv1=_6n8lmbedzLSPsB19UJprfno93Bq34OV3vqJIaF7Cf8_&device_id=49F22952-79FA-48B5-87C4-263FF429CE63&nw_sub_aff=603345 HTTP 302
https://c.navhi.com/ck/sl/qMudMqbt?tfc_id=232&sc=26920_31438_603345&pub_click_id=w4ji68xebu9m Page URL
http://traffic.tc-clicks.com/?p=9968&media_type=mainstream&pi=mainstream_popunder&source_type=popunder&click_id=b2c8271f-6910-11e8-a968-024c4b0e6c48&sub_id=68_232_26920_31438_603345 Page URL
https://xebadu.com/afu.php?zoneid=1540576&ymid=d8rxixd5fp4wwocgowk0ggwo8,12636908,5,9968&pid=121&var=9968&ctrack=1528238107.3948611665 Page URL
https://xebadu.com/?zoneid=1540576&r=%2Fmb%2Fhan%2Fdl&nojs=0&x=1600&y=1200&t=0&ix=0&fs=0&timeout=0&var=9968&ymid=d8rxixd5fp4wwocgowk0ggwo8%2C12636908%2C5%2C9968&pb=12d1d58cf085e74bd0463515957cbd071528245307&pid=121&sp= Page URL
https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://clk.apxadtracking.net/iclk/redirect.php?id=mNGQKWbreOjMIWuXmTeReNjnKRjMIWuXeU4ueUJ-0N&trafficsourceid=31438&dv1=_6n8lmbedzLSPsB19UJprfno93Bq34OV3vqJIaF7Cf8_&device_id=49F22952-79FA-48B5-87C4-263FF429CE63&nw_sub_aff=603345 HTTP 302
https://c.navhi.com/ck/sl/qMudMqbt?tfc_id=232&sc=26920_31438_603345&pub_click_id=w4ji68xebu9m

Request Chain 6

https://www.facebook.com/login.php?next=https://www.facebook.com/favicon.ico?_rdr=p HTTP 302
https://www.facebook.com/w/

Request Chain 9

https://plus.google.com/up/accounts/upgrade/?continue=https://plus.google.com/favicon.ico HTTP 302
https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico

37 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

qMudMqbt Show response
c.navhi.com/ck/sl/
Redirect Chain

http://clk.apxadtracking.net/iclk/redirect.php?id=mNGQKWbreOjMIWuXmTeReNjnKRjMIWuXeU4ueUJ-0N&trafficsourceid=31438&dv1=_6n8lmbedzLSPsB19UJprfno93Bq34OV3vqJIaF7Cf8_&device_id=49F22952-79FA-48B5-87C4...
https://c.navhi.com/ck/sl/qMudMqbt?tfc_id=232&sc=26920_31438_603345&pub_click_id=w4ji68xebu9m

3 KB
1 KB

535ms
177ms

Document
text/html

54.69.114.80
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.navhi.com/ck/sl/qMudMqbt?tfc_id=232&sc=26920_31438_603345&pub_click_id=w4ji68xebu9m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.69.114.80 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-69-114-80.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 4d886da2c8f77efd2967b411a5fc9de3caae3fcd3b29aea7b0026cf9c7a398b4

Request headers

:method: GET
:authority: c.navhi.com
:scheme: https
:path: /ck/sl/qMudMqbt?tfc_id=232&sc=26920_31438_603345&pub_click_id=w4ji68xebu9m
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: D63C37E9C09C48CF8954F9424452CA2D

Response headers

status: 200
date: Tue, 05 Jun 2018 22:35:07 GMT
content-type: text/html; charset=UTF-8
server: nginx
vary: Accept-Encoding
cache-control: no-cache
set-cookie: __uid__=b2c8271f-6910-11e8-a968-024c4b0e6c48; Path=/; Domain=c.navhi.com; Max-Age=63072000 __vis=1; Path=/; Domain=c.navhi.com; Max-Age=63072000 __vis_my=1; Path=/; Domain=c.navhi.com; Max-Age=2165092; HttpOnly __vis_wy=1; Path=/; Domain=c.navhi.com; Max-Age=350692; HttpOnly __vis_dy=1; Path=/; Domain=c.navhi.com; Max-Age=5092; HttpOnly __vis_10010=1; Path=/; Domain=c.navhi.com; Max-Age=1209600
content-encoding: gzip

Redirect headers

Server: nginx
Date: Tue, 05 Jun 2018 22:35:07 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 0
Connection: keep-alive
location: https://c.navhi.com/ck/sl/qMudMqbt?tfc_id=232&sc=26920_31438_603345&pub_click_id=w4ji68xebu9m

GET /
traffic.tc-clicks.com/ 0
0

GET
H/1.1 200
OK Cookie set / Show response
traffic.tc-clicks.com/ 985 B
1 KB 72ms
41ms Document
text/html 54.194.116.224
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://traffic.tc-clicks.com/?p=9968&media_type=mainstream&pi=mainstream_popunder&source_type=popunder&click_id=b2c8271f-6910-11e8-a968-024c4b0e6c48&sub_id=68_232_26920_31438_603345
Requested by: Host: c.navhi.com
URL: https://c.navhi.com/ck/sl/qMudMqbt?tfc_id=232&sc=26920_31438_603345&pub_click_id=w4ji68xebu9m
Protocol: HTTP/1.1
Server: 54.194.116.224 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-194-116-224.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 464162f26f9d4dfd86b85f564c303c98c0314d71b3a813ece51d5f2bafd26738

Request headers

Host: traffic.tc-clicks.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: D63C37E9C09C48CF8954F9424452CA2D

Response headers

Date: Tue, 05 Jun 2018 22:35:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Set-Cookie: traffic-back=ok; expires=Tue, 05-Jun-2018 22:35:37 GMT; Max-Age=30; path=/; domain=traffic.tc-clicks.com traffic-visited-offers=28069%7C1528238107%7C28069%7Cpopunder; expires=Wed, 06-Jun-2018 22:35:07 GMT; Max-Age=86400; path=/; domain=traffic.tc-clicks.com rts-trck=1; expires=Tue, 05-Jun-2018 22:45:07 GMT; Max-Age=600; path=/; domain=traffic.tc-clicks.com
Last-Modified: Tue, 5 Jun 2018 22:35:07 GMT
Expires: Tue, 5 Jun 2018 22:35:07 GMT
Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma: no-cache
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip

GET
H/1.1 200
OK afu.php Show response
xebadu.com/ 9 KB
3 KB 55ms
16ms Document
text/html 31.220.24.95
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://xebadu.com/afu.php?zoneid=1540576&ymid=d8rxixd5fp4wwocgowk0ggwo8,12636908,5,9968&pid=121&var=9968&ctrack=1528238107.3948611665

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

31.220.24.95 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

f5bdeab82aff1b26dada365d7212c5368cc077f68038da12dd064e1b3564ee14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Host: xebadu.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://traffic.tc-clicks.com/?p=9968&media_type=mainstream&pi=mainstream_popunder&source_type=popunder&click_id=b2c8271f-6910-11e8-a968-024c4b0e6c48&sub_id=68_232_26920_31438_603345
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: D63C37E9C09C48CF8954F9424452CA2D
Referer: http://traffic.tc-clicks.com/?p=9968&media_type=mainstream&pi=mainstream_popunder&source_type=popunder&click_id=b2c8271f-6910-11e8-a968-024c4b0e6c48&sub_id=68_232_26920_31438_603345

Response headers

Server: nginx
Date: Tue, 05 Jun 2018 22:35:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff

GET login
squareup.com/ 0
0

GET login
twitter.com/ 0
0

GET

/
www.facebook.com/w/
Redirect Chain

https://www.facebook.com/login.php?next=https://www.facebook.com/favicon.ico?_rdr=p
https://www.facebook.com/w/

0
0

GET
S 200 ServiceLogin
accounts.google.com/ 0
19 KB 71ms
47ms Image
text/html 172.217.16.173
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.google.com/favicon.ico&uilel=3&hl=en&service=mail
Requested by: Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Protocol: SPDY
Server: 172.217.16.173 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s11-in-f13.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8

GET
S 200 ServiceLogin
accounts.google.com/ 0
21 KB 82ms
59ms Image
text/html 172.217.16.173
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.youtube.com/favicon.ico&uilel=3&hl=en&service=youtube
Requested by: Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Protocol: SPDY
Server: 172.217.16.173 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s11-in-f13.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8

GET
S

200

ServiceLogin
accounts.google.com/
Redirect Chain

https://plus.google.com/up/accounts/upgrade/?continue=https://plus.google.com/favicon.ico
https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com...

0
21 KB

47ms
46ms

Image
text/html

172.217.16.173
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico
Requested by: Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Protocol: SPDY
Server: 172.217.16.173 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s11-in-f13.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8

Redirect headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: ESF
status: 302
date: Tue, 05 Jun 2018 22:35:07 GMT
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
location: https://accounts.google.com/ServiceLogin?passive=1209600&osid=1&continue=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico&followup=https://plus.google.com/up/accounts/upgrade/?continue%3Dhttps://plus.google.com/favicon.ico
content-security-policy: script-src 'report-sample' 'nonce-L+0b5KQpjULVwsIqK8KA3sDmJJM' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri /_/PlusAppUi/cspreport, script-src 'nonce-L+0b5KQpjULVwsIqK8KA3sDmJJM' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://s.ytimg.com https://www.googleapis.com https://support.google.com https://youtube.com https://youtube.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlusAppUi/cspreport
content-type: application/binary
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 0
x-xss-protection: 1; mode=block

GET login
login.skype.com/ 0
0

GET login
www.reddit.com/ 0
0

GET login
www.tumblr.com/ 0
0

GET login
www.expedia.de/user/ 0
0

GET login
www.dropbox.com/ 0
0

GET /
www.pinterest.com/login/ 0
0

GET login
de.foursquare.com/ 0
0

GET index
eu.battle.net/login/de/ 0
0

GET /
store.steampowered.com/login/ 0
0

GET ServiceLogin
accounts.google.com/ 0
0

GET login
github.com/ 0
0

GET signin
medium.com/m/ 0
0

GET signin
carbonmade.com/ 0
0

GET login
courses.edx.org/ 0
0

GET checkcookie
slack.com/ 0
0

GET login
www.khanacademy.org/ 0
0

GET signin
www.paypal.com/ 0
0

GET login
500px.com/ 0
0

GET login
www.airbnb.com/ 0
0

GET /
disqus.com/profile/login/ 0
0

GET /
secure.meetup.com/login/ 0
0

GET /
bitbucket.org/account/signin/ 0
0

GET login
secure.indeed.com/account/ 0
0

GET login
vk.com/ 0
0

GET
H/1.1 200
OK Cookie set /
xebadu.com/ 709 B
1 KB 13ms
13ms Document
text/html 31.220.24.95
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://xebadu.com/?zoneid=1540576&r=%2Fmb%2Fhan%2Fdl&nojs=0&x=1600&y=1200&t=0&ix=0&fs=0&timeout=0&var=9968&ymid=d8rxixd5fp4wwocgowk0ggwo8%2C12636908%2C5%2C9968&pb=12d1d58cf085e74bd0463515957cbd071528245307&pid=121&sp=

Requested by

Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

31.220.24.95 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Host: xebadu.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: D63C37E9C09C48CF8954F9424452CA2D
Referer: https://xebadu.com/afu.php?zoneid=1433141&var=1540576

Response headers

Server: nginx
Date: Tue, 05 Jun 2018 22:35:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: OACCAP=ABDGMAAAAAAAAAAB; Path=/; Expires=Thu, 05 Jul 2018 22:35:07 GMT OACBLOCK=ABDGMAAAAABbFxAb; Path=/; Expires=Thu, 05 Jul 2018 22:35:07 GMT OXCCLK=ABDGMAAAAAAAAAAB; Path=/; Expires=Wed, 06 Jun 2018 22:35:07 GMT OXPCLK=AAD4BgAAAAAAAAAB; Path=/; Expires=Wed, 06 Jun 2018 22:35:07 GMT ppucnt=0; Path=/; Expires=Wed, 06 Jun 2018 22:35:07 GMT ppucnt=1; Path=/; Expires=Wed, 06 Jun 2018 22:35:07 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff

GET
H2 200 Primary Request next.php Show response
www.dexchangeinc.com/jump/ 5 KB
2 KB 147ms
132ms Document
text/html 35.201.117.228
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576
Requested by: Host: xebadu.com
URL: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.201.117.228 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 228.117.201.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 5b3eb3cd654416904c33a9b2894aa6114cd1e1601c7f3fca68cfe3f28a492967

Request headers

:method: GET
:authority: www.dexchangeinc.com
:scheme: https
:path: /jump/next.php?r=1965419&sub1=1540576
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://xebadu.com/afu.php?zoneid=1433141&var=1540576
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: D63C37E9C09C48CF8954F9424452CA2D
Referer: https://xebadu.com/afu.php?zoneid=1433141&var=1540576

Response headers

status: 200
server: openresty
date: Tue, 05 Jun 2018 22:35:07 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
referrer-policy: no-referrer
link: <//www.dexchangeinc.com>; rel=dns-prefetch,<//www.dexchangeinc.com>; rel=preconnect
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 204 next.php
www.dexchangeinc.com/jump/ 0
0 135ms
134ms Document
text/plain 35.201.117.228
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dexchangeinc.com/jump/next.php?stamat=m%7C%2C0NiYrd2MqB1dAN0dEdHP3xP.1b2%2CR3wy2DY29rzkEz-nGvMl6iWSHq0Efw2Font_9QcomZnhwZ0sFGU9UiOs-VHKlAdbiiYcta6lLrHL8y7sJq530UkTWQ2y2P5AJCi-rXDoSsc%2C&cbrandom=0.06622762511347213&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fxebadu.com%2Fafu.php%3Fzoneid%3D1433141%26var%3D1540576
Requested by: Host: www.dexchangeinc.com
URL: https://www.dexchangeinc.com/jump/next.php?r=1965419&sub1=1540576
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.201.117.228 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 228.117.201.35.bc.googleusercontent.com
Software: openresty /
Resource Hash

Request headers

:method: GET
:authority: www.dexchangeinc.com
:scheme: https
:path: /jump/next.php?stamat=m%7C%2C0NiYrd2MqB1dAN0dEdHP3xP.1b2%2CR3wy2DY29rzkEz-nGvMl6iWSHq0Efw2Font_9QcomZnhwZ0sFGU9UiOs-VHKlAdbiiYcta6lLrHL8y7sJq530UkTWQ2y2P5AJCi-rXDoSsc%2C&cbrandom=0.06622762511347213&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fxebadu.com%2Fafu.php%3Fzoneid%3D1433141%26var%3D1540576
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: D63C37E9C09C48CF8954F9424452CA2D

Response headers

status: 204
server: openresty
date: Tue, 05 Jun 2018 22:35:08 GMT
referrer-policy: no-referrer
vary: Accept-Encoding
via: 1.1 google
alt-svc: clear

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: traffic.tc-clicks.com
URL: http://traffic.tc-clicks.com/?p=9968&media_type=mainstream&pi=mainstream_popunder&source_type=popunder&click_id=b2c8271f-6910-11e8-a968-024c4b0e6c48&sub_id=68_232_26920_31438_603345

Domain: squareup.com
URL: https://squareup.com/login?return_to=/favicon.ico

Domain: twitter.com
URL: https://twitter.com/login?redirect_after_login=/favicon.ico

Domain: www.facebook.com
URL: https://www.facebook.com/w/

Domain: login.skype.com
URL: https://login.skype.com/login?message=signin_continue&redirect_uri=https://secure.skype.com/favicon.ico

Domain: www.reddit.com
URL: https://www.reddit.com/login?dest=https://www.reddit.com/favicon.ico

Domain: www.tumblr.com
URL: https://www.tumblr.com/login?redirect_to=/favicon.ico

Domain: www.expedia.de
URL: https://www.expedia.de/user/login?ckoflag=0&selc=0&uurl=qscr=reds&rurl=%2Ffavicon.ico

Domain: www.dropbox.com
URL: https://www.dropbox.com/login?cont=https://www.dropbox.com/static/images/favicon.ico

Domain: www.pinterest.com
URL: https://www.pinterest.com/login/?next=https://www.pinterest.com/favicon.ico

Domain: de.foursquare.com
URL: https://de.foursquare.com/login?continue=/favicon.ico

Domain: eu.battle.net
URL: https://eu.battle.net/login/de/index?ref=https://eu.battle.net/favicon.ico

Domain: store.steampowered.com
URL: https://store.steampowered.com/login/?redir=favicon.ico

Domain: accounts.google.com
URL: https://accounts.google.com/ServiceLogin?service=blogger&hl=de&passive=1209600&continue=https://www.blogger.com/favicon.ico

Domain: github.com
URL: https://github.com/login?return_to=https://github.com/favicon.ico?id=1

Domain: medium.com
URL: https://medium.com/m/signin?redirect=https://medium.com/favicon.ico&loginType=default

Domain: carbonmade.com
URL: https://carbonmade.com/signin?returnTo=favicon.ico

Domain: courses.edx.org
URL: https://courses.edx.org/login?next=/favicon.ico

Domain: slack.com
URL: https://slack.com/checkcookie?redir=https://slack.com/favicon.ico

Domain: www.khanacademy.org
URL: https://www.khanacademy.org/login?continue=https://www.khanacademy.org/favicon.ico

Domain: www.paypal.com
URL: https://www.paypal.com/signin?returnUri=https://t.paypal.com/ts?v=1.0.0

Domain: 500px.com
URL: https://500px.com/login?r=/favicon.ico

Domain: www.airbnb.com
URL: https://www.airbnb.com/login?redirect_params[action]=favicon.ico&redirect_params[controller]=home

Domain: disqus.com
URL: https://disqus.com/profile/login/?next=https://disqus.com/favicon.ico

Domain: secure.meetup.com
URL: https://secure.meetup.com/login/?returnUri=https://www.meetup.com/img/ajax_loader_trans.gif

Domain: bitbucket.org
URL: https://bitbucket.org/account/signin/?next=/favicon.ico

Domain: secure.indeed.com
URL: https://secure.indeed.com/account/login?continue=/favicon.ico

Domain: vk.com
URL: https://vk.com/login?u=2&to=ZmF2aWNvbi5pY28-

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.traffic.tc-clicks.com/	1970-01-18 16:30:38	Name: rts-trck Value: 1
.traffic.tc-clicks.com/	1970-01-18 16:32:04	Name: traffic-visited-offers Value: 28069%7C1528238107%7C28069%7Cpopunder
.traffic.tc-clicks.com/	1970-01-18 16:30:38	Name: traffic-back Value: ok

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

500px.com
accounts.google.com
bitbucket.org
c.navhi.com
carbonmade.com
clk.apxadtracking.net
courses.edx.org
de.foursquare.com
disqus.com
eu.battle.net
github.com
login.skype.com
medium.com
plus.google.com
secure.indeed.com
secure.meetup.com
slack.com
squareup.com
store.steampowered.com
traffic.tc-clicks.com
twitter.com
vk.com
www.airbnb.com
www.dexchangeinc.com
www.dropbox.com
www.expedia.de
www.facebook.com
www.khanacademy.org
www.paypal.com
www.pinterest.com
www.reddit.com
www.tumblr.com
xebadu.com
500px.com
accounts.google.com
bitbucket.org
carbonmade.com
courses.edx.org
de.foursquare.com
disqus.com
eu.battle.net
github.com
login.skype.com
medium.com
secure.indeed.com
secure.meetup.com
slack.com
squareup.com
store.steampowered.com
traffic.tc-clicks.com
twitter.com
vk.com
www.airbnb.com
www.dropbox.com
www.expedia.de
www.facebook.com
www.khanacademy.org
www.paypal.com
www.pinterest.com
www.reddit.com
www.tumblr.com
136.243.47.66
172.217.16.173
172.217.22.110
31.220.24.95
35.201.117.228
54.194.116.224
54.69.114.80
464162f26f9d4dfd86b85f564c303c98c0314d71b3a813ece51d5f2bafd26738
4d886da2c8f77efd2967b411a5fc9de3caae3fcd3b29aea7b0026cf9c7a398b4
5b3eb3cd654416904c33a9b2894aa6114cd1e1601c7f3fca68cfe3f28a492967
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f5bdeab82aff1b26dada365d7212c5368cc077f68038da12dd064e1b3564ee14

www.dexchangeinc.com Open in urlscan Pro 35.201.117.228 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

14 %HTTPS

0 %IPv6

32 Domains

33 Subdomains

6 IPs

4 Countries

71 kBTransfer

18 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

3 Cookies

Indicators

www.dexchangeinc.com Open in urlscan Pro
35.201.117.228 Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

14 %
HTTPS

0 %
IPv6

32
Domains

33
Subdomains

6
IPs

4
Countries

71 kB
Transfer

18 kB
Size

3
Cookies

37 HTTP transactions
0 data transactions