urlscan.io logo urlscan.io
SecurityTrails logo

extension.advancedsearchlab.com Open in urlscan Pro
64.227.53.158  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://imgfil.com/1b5pbw
Effective URL: https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Submission: On April 07 via api from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 12 domains to perform 13 HTTP transactions. The main IP is 64.227.53.158, located in Jacksonville, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is extension.advancedsearchlab.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 18th 2020. Valid for: 3 months.
This is the only time extension.advancedsearchlab.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 5.149.248.110 59711 (HZ-NL-AS)
1 1 5.149.248.70 59711 (HZ-NL-AS)
1 78.140.165.10 35415 (WEBZILLA)
2 2 104.16.107.201 13335 (CLOUDFLAR...)
2 104.16.107.129 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 1 198.134.116.30 27257 (WEBAIR-IN...)
1 1 34.230.174.59 14618 (AMAZON-AES)
1 1 157.245.252.178 14061 (DIGITALOC...)
1 5 64.227.53.158 14061 (DIGITALOC...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
13 6
1    5.149.248.110 (Netherlands)

ASN59711 (HZ-NL-AS, GB)
imgfil.com
1    5.149.248.70 (Netherlands)

ASN59711 (HZ-NL-AS, GB)
xtraserp.com
1    78.140.165.10 (Netherlands)

ASN35415 (WEBZILLA, NL)
g3nerat3dn3w.best
2    104.16.107.201 (United States)

ASN13335 (CLOUDFLARENET, US)
reroplittrewheck.pro
2    104.16.107.129 (United States)

ASN13335 (CLOUDFLARENET, US)
saturalcorre.info
2    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    198.134.116.30 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)
xml.realtime-bid.com
1    34.230.174.59 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-174-59.compute-1.amazonaws.com
ps.popcash.net
1    157.245.252.178 (New York, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
click.find-more.xyz
5    64.227.53.158 (Jacksonville, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
extension.advancedsearchlab.com
2    2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Domain Requested by
5 extension.advancedsearchlab.com 1 redirects saturalcorre.info
extension.advancedsearchlab.com
2 cdnjs.cloudflare.com extension.advancedsearchlab.com
2 fonts.gstatic.com extension.advancedsearchlab.com
2 fonts.googleapis.com saturalcorre.info
extension.advancedsearchlab.com
2 saturalcorre.info g3nerat3dn3w.best
saturalcorre.info
2 reroplittrewheck.pro 2 redirects
1 click.find-more.xyz 1 redirects
1 ps.popcash.net 1 redirects
1 xml.realtime-bid.com 1 redirects
1 g3nerat3dn3w.best
1 xtraserp.com 1 redirects
1 imgfil.com 1 redirects
13 12

This site contains links to these domains. Also see Links.

Domain
www.advancedsearchlab.com
Subject Issuer Validity Valid
g3nerat3dn3w.best
Let's Encrypt Authority X3		 2020-04-01 -
2020-06-30		 3 months crt.sh
saturalcorre.info
CloudFlare Inc ECC CA-2		 2020-04-07 -
2020-10-09		 6 months crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
extension.advancedsearchlab.com
Let's Encrypt Authority X3		 2020-03-18 -
2020-06-16		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh

This page contains 1 frames:

Primary Page: https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Frame ID: 34D67BB2EFD75A2D581C83E946A1A072
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://imgfil.com/1b5pbw HTTP 302
    http://xtraserp.com/isoptin/ammonium/astringents.ZG93bmxvYWR8enA1TXpOamMySXdmSHd4TlRnMU1UWTRNRGc... HTTP 302
    https://g3nerat3dn3w.best/r/?token=9d0745f9c8757824933c881516f6b51678e7f13f&q=UBS%3A+Apple+looks+stron... Page URL
  2. https://reroplittrewheck.pro/redirect?tid=754576&subid=f294692c00ac34b8&puid=AGLkjF7giAAAV-cBAE5MNAASAELo... HTTP 302
    https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cooki... Page URL
  3. https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=f294692c00ac34b8 HTTP 302
    https://xml.realtime-bid.com/click?i=ELARBEjGuNU_0 HTTP 302
    http://ps.popcash.net/ad/ad?p=198473&w=546423&d=2609af0055a93f46cd87-1583247675546423&s=215319.801790 HTTP 303
    https://click.find-more.xyz/c.php?cakey=hbokbcvva8xxmvid2vs3&clickid=79175109253&bid=0.00130&siteid=5464... HTTP 302
    https://extension.advancedsearchlab.com/redirect.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=s... HTTP 302
    https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

13
Requests

100 %
HTTPS

25 %
IPv6

12
Domains

12
Subdomains

6
IPs

3
Countries

123 kB
Transfer

244 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://imgfil.com/1b5pbw HTTP 302
    http://xtraserp.com/isoptin/ammonium/astringents.ZG93bmxvYWR8enA1TXpOamMySXdmSHd4TlRnMU1UWTRNRGcxZkh3eU16VTBmSHdvVFU5T1UxUkZVaWtnVDNabGNpMWliRzluTG1OdmJTQmJVRzl6ZEVkbGRGMA/daily&prefaced==uvulopalatoplasty.VUJTOiBBcHBsZSBsb29rcyBzdHJvbmcgaW4gQ2hpbmEgYWhlYWQgb2YgZWFybmluZ3MVUJ HTTP 302
    https://g3nerat3dn3w.best/r/?token=9d0745f9c8757824933c881516f6b51678e7f13f&q=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s3=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s2=mmaa&s1=ufE1BQ19kYXRhMnw Page URL
  2. https://reroplittrewheck.pro/redirect?tid=754576&subid=f294692c00ac34b8&puid=AGLkjF7giAAAV-cBAE5MNAASAELoVr8A HTTP 302
    https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL Page URL
  3. https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=f294692c00ac34b8 HTTP 302
    https://xml.realtime-bid.com/click?i=ELARBEjGuNU_0 HTTP 302
    http://ps.popcash.net/ad/ad?p=198473&w=546423&d=2609af0055a93f46cd87-1583247675546423&s=215319.801790 HTTP 303
    https://click.find-more.xyz/c.php?cakey=hbokbcvva8xxmvid2vs3&clickid=79175109253&bid=0.00130&siteid=546423&category=Adult&cc=NL&operatingsystem=OS%20X&campaignid=297039&connection=WiFi&device=desktop&browser=Chrome&carrier= HTTP 302
    https://extension.advancedsearchlab.com/redirect.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs HTTP 302
    https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://imgfil.com/1b5pbw HTTP 302
  • http://xtraserp.com/isoptin/ammonium/astringents.ZG93bmxvYWR8enA1TXpOamMySXdmSHd4TlRnMU1UWTRNRGcxZkh3eU16VTBmSHdvVFU5T1UxUkZVaWtnVDNabGNpMWliRzluTG1OdmJTQmJVRzl6ZEVkbGRGMA/daily&prefaced==uvulopalatoplasty.VUJTOiBBcHBsZSBsb29rcyBzdHJvbmcgaW4gQ2hpbmEgYWhlYWQgb2YgZWFybmluZ3MVUJ HTTP 302
  • https://g3nerat3dn3w.best/r/?token=9d0745f9c8757824933c881516f6b51678e7f13f&q=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s3=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s2=mmaa&s1=ufE1BQ19kYXRhMnw
Request Chain 1
  • https://reroplittrewheck.pro/redirect?tid=754576&subid=f294692c00ac34b8&puid=AGLkjF7giAAAV-cBAE5MNAASAELoVr8A HTTP 302
  • https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
g3nerat3dn3w.best/r/
Redirect Chain
  • http://imgfil.com/1b5pbw
  • http://xtraserp.com/isoptin/ammonium/astringents.ZG93bmxvYWR8enA1TXpOamMySXdmSHd4TlRnMU1UWTRNRGcxZkh3eU16VTBmSHdvVFU5T1UxUkZVaWtnVDNabGNpMWliRzluTG1OdmJTQmJVRzl6ZEVkbGRGMA/daily&prefaced==uvulopala...
  • https://g3nerat3dn3w.best/r/?token=9d0745f9c8757824933c881516f6b51678e7f13f&q=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s3=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s2=mmaa&s1...
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g3nerat3dn3w.best/r/?token=9d0745f9c8757824933c881516f6b51678e7f13f&q=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s3=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s2=mmaa&s1=ufE1BQ19kYXRhMnw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
78.140.165.10 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
1028581e56a1a4b4d799b816732c1d06e559a05a1e62add6900c8302ea491bf1

Request headers

Host
g3nerat3dn3w.best
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.16.1
Date
Tue, 07 Apr 2020 20:36:51 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
bd_context=YAR8jerhdsa8iw3J+sH1EIIA0Y+7GaKx07PFBOyu6+V9OAxZrL3xRlVgnkTxH9l3Pe0kCyMHioKPXTBTdv/eGDL+pIAD1f/Ig7lLWmoK2ouLsj0R3BFCTcPEmyo9CbTrDOeOuqNhyUDLgzJcheoWPJjvBjM5ZRUSRHB8RW8rcejwxutAaqckmOa6m9GQl/Uq8AFqjRdsH1d9WrdJGUh6RugkiEJHaap3+aXmHPZFGxi2ZrI9YtyVPPEz8JBFdeTGI4SnRFEwh4zUnivvqIw/BdxWmnH/NAmM6tJjhi2Ayr/h9Ll5Y45wDizqImO2o9yMCnJ98n7V5CN41L0=; Expires=Wed, 07 Apr 2021 20:36:51 GMT

Redirect headers

Date
Tue, 07 Apr 2020 21:33:48 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=d39e56f92e70eab8e16b8dcd13bc820b; path=/
Location
https://g3nerat3dn3w.best/r/?token=9d0745f9c8757824933c881516f6b51678e7f13f&q=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s3=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s2=mmaa&s1=ufE1BQ19kYXRhMnw
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
Cookie set YNS
saturalcorre.info/
Redirect Chain
  • https://reroplittrewheck.pro/redirect?tid=754576&subid=f294692c00ac34b8&puid=AGLkjF7giAAAV-cBAE5MNAASAELoVr8A
  • https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20S...
12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL
Requested by
Host: g3nerat3dn3w.best
URL: https://g3nerat3dn3w.best/r/?token=9d0745f9c8757824933c881516f6b51678e7f13f&q=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s3=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s2=mmaa&s1=ufE1BQ19kYXRhMnw
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.16.107.129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ad5a90236cd4ab7c5e7089b4d14cbd490fa3ff629ba6e9861ed0f5a048a7177e

Request headers

Host
saturalcorre.info
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://g3nerat3dn3w.best/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://g3nerat3dn3w.best/r/?token=9d0745f9c8757824933c881516f6b51678e7f13f&q=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s3=UBS%3A+Apple+looks+strong+in+China+ahead+of+earnings&s2=mmaa&s1=ufE1BQ19kYXRhMnw

Response headers

Date
Tue, 07 Apr 2020 20:36:51 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d234415b725815d8f6fe8ca89ad25fb1b1586291811; expires=Thu, 07-May-20 20:36:51 GMT; path=/; domain=.saturalcorre.info; HttpOnly; SameSite=Lax; Secure
X-Powered-By
Express
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST
Access-Control-Allow-Headers
X-Requested-With,content-type
Vary
Accept-Encoding
CF-Cache-Status
DYNAMIC
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server
cloudflare
CF-RAY
58068b0d0f65dc23-LHR
Content-Encoding
br

Redirect headers

Date
Tue, 07 Apr 2020 20:36:51 GMT
Content-Type
text/plain
Content-Length
0
Connection
keep-alive
Set-Cookie
__cfduid=d497fecc834b8eded1cb8327099c6d3f31586291811; expires=Thu, 07-May-20 20:36:51 GMT; path=/; domain=.reroplittrewheck.pro; HttpOnly; SameSite=Lax; Secure
cache-control
no-store, no-cache, must-revalidate, no-transform
Pragma
no-cache
P3P
CP="NID DSP ALL COR"
set-cookie
csu=eaa91633-8204-42fc-aaf3-2c346ec37c71 fv=rjk5qTs4rjYFriEFqjY7rTUFpdwFvdw=; Expires=Wed, 07 Apr 2021 20:36:51 GMT; Max-Age=31536000; Domain=.reroplittrewheck.pro; Path=/; Version=1
Location
https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL
CF-Cache-Status
DYNAMIC
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server
cloudflare
CF-RAY
58068b0bef6cd911-AMS
dlp
saturalcorre.info/ 		64 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://saturalcorre.info/dlp?st=1&lp=stanley&geo=NL
Requested by
Host: saturalcorre.info
URL: https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.16.107.129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
bf8aa5ab5085d8d2defe0ba16d9ad5746190d297255a1c8e863ce4abca41a585

Request headers

Referer
https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

Date
Tue, 07 Apr 2020 20:36:51 GMT
Content-Encoding
br
CF-Cache-Status
DYNAMIC
Server
cloudflare
X-Powered-By
Express
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, POST
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
58068b0e4b4edc23-LHR
Access-Control-Allow-Headers
X-Requested-With,content-type
css
fonts.googleapis.com/ 		2 KB
660 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: saturalcorre.info
URL: https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 07 Apr 2020 20:36:51 GMT
server
ESF
date
Tue, 07 Apr 2020 20:36:51 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 07 Apr 2020 20:36:51 GMT
Primary Request index.php
extension.advancedsearchlab.com/
Redirect Chain
  • https://reroplittrewheck.pro/?tid=801790&noocp=1&subid=f294692c00ac34b8
  • https://xml.realtime-bid.com/click?i=ELARBEjGuNU_0
  • http://ps.popcash.net/ad/ad?p=198473&w=546423&d=2609af0055a93f46cd87-1583247675546423&s=215319.801790
  • https://click.find-more.xyz/c.php?cakey=hbokbcvva8xxmvid2vs3&clickid=79175109253&bid=0.00130&siteid=546423&category=Adult&cc=NL&operatingsystem=OS%20X&campaignid=297039&connection=WiFi&device=deskt...
  • https://extension.advancedsearchlab.com/redirect.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
  • https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Requested by
Host: saturalcorre.info
URL: https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
64.227.53.158 Jacksonville, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
da02dcdadf05af29758c3eaf806e88d58c7392847af08892a94e0ea35ef77ac3

Request headers

:method
GET
:authority
extension.advancedsearchlab.com
:scheme
https
:path
/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=eqraspdhr16f21nmk45mittrut
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://saturalcorre.info/YNS?tag_id=754576&sub_id1=f294692c00ac34b8&sub_id2=7470624193150165338&cookie_id=eaa91633-8204-42fc-aaf3-2c346ec37c71&lp=stanley&convert=Your%20Video%20Is%20Ready%20To%20Stream&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Freroplittrewheck.pro%2F%3Ftid%3D801790%26noocp%3D1%26subid%3Df294692c00ac34b8&hop=7&geo=NL

Response headers

status
200
server
nginx/1.14.0 (Ubuntu)
date
Tue, 07 Apr 2020 20:36:54 GMT
content-type
text/html; charset=UTF-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
set-cookie
clid=f17eesc8p1nxsbb8; expires=Tue, 21-Apr-2020 20:36:54 GMT; Max-Age=1209600; path=/; domain=.advancedsearchlab.com
content-encoding
gzip

Redirect headers

status
302
server
nginx/1.14.0 (Ubuntu)
date
Tue, 07 Apr 2020 20:36:54 GMT
content-type
text/html; charset=UTF-8
set-cookie
PHPSESSID=eqraspdhr16f21nmk45mittrut; path=/
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
location
/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto
Origin
https://saturalcorre.info
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 01 Apr 2020 18:22:23 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
526468
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Thu, 01 Apr 2021 18:22:23 GMT
animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.2/ 		57 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.7.2/animate.min.css
Requested by
Host: extension.advancedsearchlab.com
URL: https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Origin
https://extension.advancedsearchlab.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 07 Apr 2020 20:36:54 GMT
content-encoding
br
cf-cache-status
HIT
age
5228332
cf-ray
58068b1f7fe4d715-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Tue, 04 Jun 2019 23:01:01 GMT
server
cloudflare
etag
W/"5cf6f82d-e311"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Sun, 28 Mar 2021 20:36:54 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
css
fonts.googleapis.com/ 		2 KB
672 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: extension.advancedsearchlab.com
URL: https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 07 Apr 2020 20:36:54 GMT
server
ESF
date
Tue, 07 Apr 2020 20:36:54 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 07 Apr 2020 20:36:54 GMT
app.css
extension.advancedsearchlab.com/css/ 		7 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://extension.advancedsearchlab.com/css/app.css
Requested by
Host: extension.advancedsearchlab.com
URL: https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
64.227.53.158 Jacksonville, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
7e713609b4f3dbd0b06526231b09bcb3b02fd74c89e8655a439a692a6d31fe8b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 07 Apr 2020 20:36:54 GMT
last-modified
Thu, 02 Apr 2020 11:58:18 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e85d35a-1c8f"
content-type
text/css
status
200
accept-ranges
bytes
content-length
7311
bowser.min.js
cdnjs.cloudflare.com/ajax/libs/bowser/1.9.4/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bowser/1.9.4/bowser.min.js
Requested by
Host: extension.advancedsearchlab.com
URL: https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b52f6b6011741e76cefa2be41164bbc9b33bba334b9ad15b03abad37b609d983
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Origin
https://extension.advancedsearchlab.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 07 Apr 2020 20:36:54 GMT
content-encoding
br
cf-cache-status
HIT
age
13786037
cf-ray
58068b1f7fe9d715-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Mon, 02 Jul 2018 14:15:51 GMT
server
cloudflare
etag
W/"5b3a3397-1edd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sun, 28 Mar 2021 20:36:54 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
chrome-install-en.mp3
extension.advancedsearchlab.com/audio/ 		24 KB
25 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://extension.advancedsearchlab.com/audio/chrome-install-en.mp3
Requested by
Host: extension.advancedsearchlab.com
URL: https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
64.227.53.158 Jacksonville, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
587df51b1d65723c0d3a566c745768ce0348c9457d2a58cbec6d7d1dc379fa3b

Request headers

Sec-Fetch-Dest
audio
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range
bytes=0-

Response headers

date
Tue, 07 Apr 2020 20:36:54 GMT
last-modified
Wed, 18 Mar 2020 14:13:25 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e722c85-6180"
status
206
content-type
audio/mpeg
Content-Range
bytes 0-24959/24960
Content-Length
24960
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: extension.advancedsearchlab.com
URL: https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto&display=swap
Origin
https://extension.advancedsearchlab.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 01 Apr 2020 18:22:23 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
526471
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Thu, 01 Apr 2021 18:22:23 GMT
alert.mp3
extension.advancedsearchlab.com/audio/ 		16 KB
17 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://extension.advancedsearchlab.com/audio/alert.mp3
Requested by
Host: extension.advancedsearchlab.com
URL: https://extension.advancedsearchlab.com/index.php?clid=f17eesc8p1nxsbb8&wo=1&fa=1&domain=click.find-more.xyz&uc=sc8p1nxs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
64.227.53.158 Jacksonville, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
33c4dbad2053699f8332ce40e0edbba0d72563a981950fd574a8f04450b97a63

Request headers

Sec-Fetch-Dest
audio
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range
bytes=0-

Response headers

date
Tue, 07 Apr 2020 20:36:54 GMT
last-modified
Thu, 02 Apr 2020 12:11:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e85d659-417a"
status
206
content-type
audio/mpeg
Content-Range
bytes 0-16761/16762
Content-Length
16762

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| bowser

2 Cookies

Domain/Path Name / Value
.advancedsearchlab.com/ Name: clid
Value: f17eesc8p1nxsbb8
extension.advancedsearchlab.com/ Name: PHPSESSID
Value: eqraspdhr16f21nmk45mittrut