urlscan.io logo urlscan.io
SecurityTrails logo

trk120.nedo.xyz Open in urlscan Pro
172.64.205.22  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://redir.flowwiththetide.xyz/click
Effective URL: https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2
Submission Tags: falconsandbox
Submission: On March 08 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 7 domains to perform 6 HTTP transactions. The main IP is 172.64.205.22, located in United States and belongs to CLOUDFLARENET, US. The main domain is trk120.nedo.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 27th 2020. Valid for: a year.
This is the only time trk120.nedo.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 198.134.116.30 27257 (WEBAIR-IN...)
3 5 51.83.143.92 16276 (OVH)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 172.64.205.22 13335 (CLOUDFLAR...)
6 4
1    198.134.116.30 (Grapevine, United States)

ASN27257 (WEBAIR-INTERNET, US)
redir.flowwiththetide.xyz
5    51.83.143.92 (France)

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu
lambda2.seawind.online
cafe.labtrffc.com
ak.labtrffc.com
2    2606:4700:3034::6815:4436 (United States)

ASN13335 (CLOUDFLARENET, US)
popmyads.com
1    2606:4700:3037::ac43:844c (United States)

ASN13335 (CLOUDFLARENET, US)
maryaravyne.com
2    172.64.205.22 (United States)

ASN13335 (CLOUDFLARENET, US)
trk120.nedo.xyz
Apex Domain
Subdomains		 Transfer
4 labtrffc.com
cafe.labtrffc.com
ak.labtrffc.com
2 KB
2 nedo.xyz
trk120.nedo.xyz
12 KB
2 popmyads.com
popmyads.com
2 KB
1 maryaravyne.com
maryaravyne.com
890 B
1 seawind.online
lambda2.seawind.online
289 B
1 flowwiththetide.xyz
redir.flowwiththetide.xyz
186 B
0 amung.us Failed
whos.amung.us Failed
6 7
Domain Requested by
2 trk120.nedo.xyz ak.labtrffc.com
cafe.labtrffc.com
2 ak.labtrffc.com 1 redirects
2 popmyads.com 1 redirects cafe.labtrffc.com
2 cafe.labtrffc.com 1 redirects
1 maryaravyne.com 1 redirects
1 lambda2.seawind.online 1 redirects
1 redir.flowwiththetide.xyz 1 redirects
0 whos.amung.us Failed popmyads.com
6 8

This site contains no links.

Subject Issuer Validity Valid
lone-star.landingtrack.com
R3		 2021-02-18 -
2021-05-19		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-04 -
2021-08-04		 a year crt.sh

This page contains 1 frames:

Frame: https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2&code=05Y3VvBDU2Mjc1ODA5OTU6OTMCdnZjAmtyBHZmdAQ2NgFrZ2UBMjMDdGx1A09tbnZ6I3w4N2E5OAB1ZWsFAGp5BDU2MTIDbWgCMzU0MAFjegUxNzIzBGFpAzQ2MDECd34BLjgzBGJ2a2cFAGRtaAUxAWVuZwExAnJ2bnUDA3puZQNKc29obmgkSW9lMQRodGhmBXRzd2gEZnNvBGphbXVoBHViA1Bzempub2UvNjAzJChYa3Fob3h1I1JUITMzMjA8Ilptbjc2PiR4NzYsJEFxcm9pV2ZkTm10MDc2Oy40OCMsS0lWUFAsIW5sb2UhSWhna3ArI0doc3FwaS85OzE0LjU1Oz0uODQjV2FnY3VtLzY1OjIzNwJkegE5AmdxATkCZDgzAjIzNTAxMgNlNDUDMzQAdGgENDAxMgNqZgIzNDQAZGpnBTABaG96AWdjb3dlAWVrcQEyMzQEbG9pBDUwMTIDd3RzaQQ1MDIzNDUwAXF2Z3B2AwN0cmV1eGYBMzIzNzAyMjoEZXducQUzNAJ1aWYCAnVmY2QDNDQyNjM0OTMBZXF4cAICenJtAgJ6a2x3AzMEY2VpBDUxMjM0NTEyMjM0MTIyMzQxMjM0NTEyMzQ1MTIzNDUxMTM0NTEyMzQ1MTIzMzUxMjM0NTEyMzQ1MTIzNDUxMTMDZ2l2AzQ1MTIzNDUxMjM0NTExMzQ0MTEzNDUxMgJ6eXQCeTE0O3gwXDpWVz16MnI1cHFybjx5MXA0b3Bxcjt4MHc6dTx5MUlLbjpZBGttcGoFZW8vWFcAc3Z3BTABbmRzAQFqb3cBMQJxeAEyMzM1MTIyNDQAeGYENTEyZDUEY3N6BARzZGYENjQBdXNoATM2A2hwcwM0BG5kZgQ1MAFvd3QBMjc_&_tdf=16
Frame ID: BBF1692C3AC58AF72BD09A47AF3D7E1C
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://redir.flowwiththetide.xyz/click HTTP 302
    https://lambda2.seawind.online/a.php?trf=m&p=c:9qopki6xwqp78c2dg&d=5efc364ad5afd518d70827f0&source=0&data1=0- HTTP 302
    https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown Page URL
  2. https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown&bv=1 HTTP 302
    https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ== Page URL
  3. https://popmyads.com/go HTTP 302
    https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930 Page URL
  4. https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930&bv=1 HTTP 302
    http://maryaravyne.com/l/270053360191cdeb14f6?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&... HTTP 302
    https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unkno... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

6
Requests

83 %
HTTPS

40 %
IPv6

7
Domains

8
Subdomains

4
IPs

2
Countries

15 kB
Transfer

39 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://redir.flowwiththetide.xyz/click HTTP 302
    https://lambda2.seawind.online/a.php?trf=m&p=c:9qopki6xwqp78c2dg&d=5efc364ad5afd518d70827f0&source=0&data1=0- HTTP 302
    https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown Page URL
  2. https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown&bv=1 HTTP 302
    https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ== Page URL
  3. https://popmyads.com/go HTTP 302
    https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930 Page URL
  4. https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930&bv=1 HTTP 302
    http://maryaravyne.com/l/270053360191cdeb14f6?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2 HTTP 302
    https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://redir.flowwiththetide.xyz/click HTTP 302
  • https://lambda2.seawind.online/a.php?trf=m&p=c:9qopki6xwqp78c2dg&d=5efc364ad5afd518d70827f0&source=0&data1=0- HTTP 302
  • https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown
Request Chain 1
  • https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown&bv=1 HTTP 302
  • https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
Request Chain 3
  • https://popmyads.com/go HTTP 302
  • https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set l.php
cafe.labtrffc.com/
Redirect Chain
  • http://redir.flowwiththetide.xyz/click
  • https://lambda2.seawind.online/a.php?trf=m&p=c:9qopki6xwqp78c2dg&d=5efc364ad5afd518d70827f0&source=0&data1=0-
  • https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown
552 B
687 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.83.143.92 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3155458.ip-51-83-143.eu
Software
nginx /
Resource Hash
397fd7afed2f01d12e9aa2c421deb43b3398aa40930484f49c0a9cd55fbe9ebe

Request headers

Host
cafe.labtrffc.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Mon, 08 Mar 2021 22:01:12 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
bt-603611c5b7eaf46891533240=60469ea824a42d5eca425bd2; expires=Thu, 11-Mar-2021 22:01:12 GMT; Max-Age=259200; path=/; domain=cafe.labtrffc.com; HttpOnly
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Mon, 08 Mar 2021 22:01:11 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
Round
11hx4alk7e
Raund
1p
Location
https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown
aHR0cDovL3RyYWZmaXgyLmNvbQ==
popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/
Redirect Chain
  • https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown&bv=1
  • https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
Requested by
Host: cafe.labtrffc.com
URL: https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash
16ef6295073c69bb77e8a85cb4dd8142bc45f703ce499c0e17f6bf88966be906
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options DENY

Request headers

:method
GET
:authority
popmyads.com
:scheme
https
:path
/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://cafe.labtrffc.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown

Response headers

date
Mon, 08 Mar 2021 22:01:12 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=da027ebb42928d42b659f600362fc7e701615240872; expires=Wed, 07-Apr-21 22:01:12 GMT; path=/; domain=.popmyads.com; HttpOnly; SameSite=Lax __cf_bm=dd7165f7d0962dcf8bfaff2fc069c15eed7c5112-1615240872-1800-AVyRKMY+/oyNKuP9jXV377ujgUb82WjO8wl+YA8chnDleZlysGs9G9ndZxda0LC4C3Sj/kTSiu5jBcVo5eyHHC4=; path=/; expires=Mon, 08-Mar-21 22:31:12 GMT; domain=.popmyads.com; HttpOnly; Secure; SameSite=None
x-powered-by
PHP/7.1.33
x-frame-options
DENY
content-security-policy
frame-ancestors 'none'
cf-cache-status
DYNAMIC
cf-request-id
08b574d91400004e4fbe38c000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SFCJ%2B8y0FLj4HQvSDafgb7wza1WMxbWrDzweK8sy1hTUKWaUi6LuBXBhfI0hc5d8puawqUbG9Aw7kHa53QHVoK2ebV5aObZAQEpuc1ZgwDRVJGT8hN%2FDdyE%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
62cf573b5da04e4f-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Server
nginx
Date
Mon, 08 Mar 2021 22:01:12 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
Set-Cookie
bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=cafe.labtrffc.com; HttpOnly
Round
10ut8s57tx
Raund
l3
Location
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
popmyads.png
whos.amung.us/swidget/ 		0
0
Cookie set u.php
ak.labtrffc.com/
Redirect Chain
  • https://popmyads.com/go
  • https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930
540 B
675 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.83.143.92 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3155458.ip-51-83-143.eu
Software
nginx /
Resource Hash
a57d6f151aa87b398e655dd1ee9eeffcbe2ea9b68fc410af66031995eb0bc17e

Request headers

Host
ak.labtrffc.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://popmyads.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
Origin
https://popmyads.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://popmyads.com/

Response headers

Server
nginx
Date
Mon, 08 Mar 2021 22:01:12 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
bt-5f9a76a347eb6438d428a930=60469ea8951dda0a7811a453; expires=Thu, 11-Mar-2021 22:01:12 GMT; Max-Age=259200; path=/; domain=ak.labtrffc.com; HttpOnly
Content-Encoding
gzip

Redirect headers

date
Mon, 08 Mar 2021 22:01:12 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.1.33
set-cookie
wGprrBLT=2; expires=Mon, 08-Mar-2021 22:01:14 GMT; Max-Age=2; path=/
location
https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930
cf-cache-status
DYNAMIC
cf-request-id
08b574d94300004e4f77b32000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=F4bbjTZX61REs0paz4j7iB9SVAgKYYjivEESa9nGAd61yfqSLGc1fon%2B%2FcrqV2y6aQpuiwV5NC%2Boo2MU0hI4WXjFBBVAS1aJi3Qht5kF6DpxckFesgzQpc0%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
62cf573b9e074e4f-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Primary Request 270053360191cdeb14f6.js
trk120.nedo.xyz/l/
Redirect Chain
  • https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930&bv=1
  • http://maryaravyne.com/l/270053360191cdeb14f6?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2
  • https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2
36 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2
Requested by
Host: ak.labtrffc.com
URL: https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.205.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

:method
GET
:authority
trk120.nedo.xyz
:scheme
https
:path
/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930

Response headers

date
Mon, 08 Mar 2021 22:01:12 GMT
content-type
text/html
set-cookie
__cfduid=dfa5fc0f937d0ab78f2ec86b22a1883311615240872; expires=Wed, 07-Apr-21 22:01:12 GMT; path=/; domain=.nedo.xyz; HttpOnly; SameSite=Lax
last-modified
Tue, 20 Aug 2019 14:25:21 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-cache-status
HIT
age
7142
cf-request-id
08b574dabe0000bdd23a81a000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tDVHRIo4rgRykseg3CuOYuPdbDgqje%2BLaTu8OWxnWXJihITmzfM%2BCoFHGYZAomIeZ%2Fzz06ynt%2FGczLaJ4Y0gvxKLDkEDnyP%2BvDkMZz5gSok%3D"}],"max_age":604800}
nel
{"max_age":604800,"report_to":"cf-nel"}
vary
Accept-Encoding
server
cloudflare
cf-ray
62cf573df828bdd2-AMS
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date
Mon, 08 Mar 2021 22:01:12 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Location
https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2
cf-request-id
08b574da3c00004a68852d7000000001
Report-To
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fXdp0nQG%2B1xuXUcHYDdqJQfP8h0tMLTyELgomF6j7CMzN1xpPca6pDf6OzJo2UPgxBr%2BA1k54y%2Bpm2Hd6UyDJ8o8M0IEac%2FpDpXCQp%2Bu6BlQQHL5PZUMEtO%2FEM8%3D"}]}
NEL
{"report_to":"cf-nel","max_age":604800}
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
62cf573d2f304a68-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
270053360191cdeb14f6.js
trk120.nedo.xyz/l/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2&code=05Y3VvBDU2Mjc1ODA5OTU6OTMCdnZjAmtyBHZmdAQ2NgFrZ2UBMjMDdGx1A09tbnZ6I3w4N2E5OAB1ZWsFAGp5BDU2MTIDbWgCMzU0MAFjegUxNzIzBGFpAzQ2MDECd34BLjgzBGJ2a2cFAGRtaAUxAWVuZwExAnJ2bnUDA3puZQNKc29obmgkSW9lMQRodGhmBXRzd2gEZnNvBGphbXVoBHViA1Bzempub2UvNjAzJChYa3Fob3h1I1JUITMzMjA8Ilptbjc2PiR4NzYsJEFxcm9pV2ZkTm10MDc2Oy40OCMsS0lWUFAsIW5sb2UhSWhna3ArI0doc3FwaS85OzE0LjU1Oz0uODQjV2FnY3VtLzY1OjIzNwJkegE5AmdxATkCZDgzAjIzNTAxMgNlNDUDMzQAdGgENDAxMgNqZgIzNDQAZGpnBTABaG96AWdjb3dlAWVrcQEyMzQEbG9pBDUwMTIDd3RzaQQ1MDIzNDUwAXF2Z3B2AwN0cmV1eGYBMzIzNzAyMjoEZXducQUzNAJ1aWYCAnVmY2QDNDQyNjM0OTMBZXF4cAICenJtAgJ6a2x3AzMEY2VpBDUxMjM0NTEyMjM0MTIyMzQxMjM0NTEyMzQ1MTIzNDUxMTM0NTEyMzQ1MTIzMzUxMjM0NTEyMzQ1MTIzNDUxMTMDZ2l2AzQ1MTIzNDUxMjM0NTExMzQ0MTEzNDUxMgJ6eXQCeTE0O3gwXDpWVz16MnI1cHFybjx5MXA0b3Bxcjt4MHc6dTx5MUlLbjpZBGttcGoFZW8vWFcAc3Z3BTABbmRzAQFqb3cBMQJxeAEyMzM1MTIyNDQAeGYENTEyZDUEY3N6BARzZGYENjQBdXNoATM2A2hwcwM0BG5kZgQ1MAFvd3QBMjc_&_tdf=16
Requested by
Host: cafe.labtrffc.com
URL: https://cafe.labtrffc.com/l.php?p=c:9qopki6xwqp79m4l1&d=603611c5b7eaf46891533240&s=unknown
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.205.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
trk120.nedo.xyz
:scheme
https
:path
/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2&code=05Y3VvBDU2Mjc1ODA5OTU6OTMCdnZjAmtyBHZmdAQ2NgFrZ2UBMjMDdGx1A09tbnZ6I3w4N2E5OAB1ZWsFAGp5BDU2MTIDbWgCMzU0MAFjegUxNzIzBGFpAzQ2MDECd34BLjgzBGJ2a2cFAGRtaAUxAWVuZwExAnJ2bnUDA3puZQNKc29obmgkSW9lMQRodGhmBXRzd2gEZnNvBGphbXVoBHViA1Bzempub2UvNjAzJChYa3Fob3h1I1JUITMzMjA8Ilptbjc2PiR4NzYsJEFxcm9pV2ZkTm10MDc2Oy40OCMsS0lWUFAsIW5sb2UhSWhna3ArI0doc3FwaS85OzE0LjU1Oz0uODQjV2FnY3VtLzY1OjIzNwJkegE5AmdxATkCZDgzAjIzNTAxMgNlNDUDMzQAdGgENDAxMgNqZgIzNDQAZGpnBTABaG96AWdjb3dlAWVrcQEyMzQEbG9pBDUwMTIDd3RzaQQ1MDIzNDUwAXF2Z3B2AwN0cmV1eGYBMzIzNzAyMjoEZXducQUzNAJ1aWYCAnVmY2QDNDQyNjM0OTMBZXF4cAICenJtAgJ6a2x3AzMEY2VpBDUxMjM0NTEyMjM0MTIyMzQxMjM0NTEyMzQ1MTIzNDUxMTM0NTEyMzQ1MTIzMzUxMjM0NTEyMzQ1MTIzNDUxMTMDZ2l2AzQ1MTIzNDUxMjM0NTExMzQ0MTEzNDUxMgJ6eXQCeTE0O3gwXDpWVz16MnI1cHFybjx5MXA0b3Bxcjt4MHc6dTx5MUlLbjpZBGttcGoFZW8vWFcAc3Z3BTABbmRzAQFqb3cBMQJxeAEyMzM1MTIyNDQAeGYENTEyZDUEY3N6BARzZGYENjQBdXNoATM2A2hwcwM0BG5kZgQ1MAFvd3QBMjc_&_tdf=16
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=dfa5fc0f937d0ab78f2ec86b22a1883311615240872
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://trk120.nedo.xyz/l/270053360191cdeb14f6.js?sub=60469ea8951dda0a7811a453&source=lonestar-unknown&sub2=lambda2

Response headers

date
Mon, 08 Mar 2021 22:01:12 GMT
set-cookie
BSESSID=trkdf378488-bf8b-4d61-bd2b-1c769470d3f8; Max-Age=63072000; Expires=Wed, 8 Mar 2023 22:01:12 GMT; Path=/
cf-cache-status
DYNAMIC
cf-request-id
08b574db1a0000bdd22d28e000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KiSEfxHLdaLCNJ4EXo%2BJg7WAIOhM6JjVwuJym9AbXVBTbr3U3%2BiSvh3elXgTqaAEg%2BCUHuycqi1GNibbO58lzDaSnL6%2FjQXa%2FhdvvEU0z7c%3D"}],"max_age":604800}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
62cf573e8888bdd2-AMS
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
whos.amung.us
URL
https://whos.amung.us/swidget/popmyads.png

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| Y6VV number| r4nnnn number| l4nnnn number| t6u function| EKm8V

1 Cookies

Domain/Path Name / Value
.nedo.xyz/ Name: __cfduid
Value: dfa5fc0f937d0ab78f2ec86b22a1883311615240872