urlscan.io logo urlscan.io
SecurityTrails logo

www.linkonclick.com Open in urlscan Pro
35.186.193.41  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=0...
Effective URL: http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614740
Submission: On October 26 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 6 countries across 16 domains to perform 12 HTTP transactions. The main IP is 35.186.193.41, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is www.linkonclick.com. The Cisco Umbrella rank of the primary domain is 165727.
This is the only time www.linkonclick.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.21.81.52 13335 (CLOUDFLAR...)
1 188.114.96.3 13335 (CLOUDFLAR...)
3 5 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 3 2606:4700:e2:... 13335 (CLOUDFLAR...)
3 3 51.161.115.163 16276 (OVH)
1 1 5.161.78.177 213230 (HETZNER-C...)
1 1 23.235.251.114 19437 (SS-ASH)
1 1 198.211.113.186 14061 (DIGITALOC...)
1 2 51.83.143.92 16276 (OVH)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 3.208.247.235 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
2 3 35.186.193.41 15169 (GOOGLE)
1 1 18.193.146.82 16509 (AMAZON-02)
1 52.29.88.206 16509 (AMAZON-02)
12 10
1    104.21.81.52 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)
bercioles.com
1    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
poqueras.com
5    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
dakotatraff.com
popmyads.com
3    2606:4700:e2::ac40:8d0c (United States)

ASN13335 (CLOUDFLARENET, US)
trk97.zzzperform.com
3    51.161.115.163 (Canada)

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net
t3.lowtid.com
t5.lowtid.com
t2.lowtid.com
1    5.161.78.177 (United States)

ASN213230 (HETZNER-CLOUD2-AS, DE)
PTR: static.177.78.161.5.clients.your-server.de
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
1    23.235.251.114 (Ashburn, United States)

ASN19437 (SS-ASH, US)
67.us.blowingwind.xyz
1    198.211.113.186 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
redir.tealwinds.xyz
2    51.83.143.92 (France)

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu
ron.trffclb.com
2    2606:4700:10::6816:4aab (United States)

ASN13335 (CLOUDFLARENET, US)
whos.amung.us
widgets.amung.us
1    3.208.247.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-247-235.compute-1.amazonaws.com
pritha-ner.com
1    2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    35.186.193.41 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 41.193.186.35.bc.googleusercontent.com
www.linkonclick.com
1    18.193.146.82 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-146-82.eu-central-1.compute.amazonaws.com
walter-larence.com
1    52.29.88.206 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-88-206.eu-central-1.compute.amazonaws.com
enloweb.com
Apex Domain
Subdomains		 Transfer
4 popmyads.com
popmyads.com — Cisco Umbrella Rank: 213227
4 KB
3 linkonclick.com
www.linkonclick.com — Cisco Umbrella Rank: 165727
4 KB
3 lowtid.com
t3.lowtid.com — Cisco Umbrella Rank: 240244
t5.lowtid.com
t2.lowtid.com — Cisco Umbrella Rank: 184381
987 B
3 zzzperform.com
trk97.zzzperform.com
14 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 15127
widgets.amung.us — Cisco Umbrella Rank: 19551
708 B
2 trffclb.com
ron.trffclb.com — Cisco Umbrella Rank: 421333
1 KB
1 enloweb.com
enloweb.com — Cisco Umbrella Rank: 301798
505 B
1 walter-larence.com
walter-larence.com — Cisco Umbrella Rank: 247531
636 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
20 KB
1 pritha-ner.com
pritha-ner.com — Cisco Umbrella Rank: 821269
495 B
1 tealwinds.xyz
redir.tealwinds.xyz
427 B
1 blowingwind.xyz
67.us.blowingwind.xyz
252 B
1 lowsea.fun
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun — Cisco Umbrella Rank: 256698
280 B
1 dakotatraff.com
dakotatraff.com — Cisco Umbrella Rank: 96546
575 B
1 poqueras.com
poqueras.com — Cisco Umbrella Rank: 88135
1 KB
1 bercioles.com
bercioles.com — Cisco Umbrella Rank: 83558
1 KB
12 16
Domain Requested by
4 popmyads.com 2 redirects ron.trffclb.com
3 www.linkonclick.com 2 redirects popmyads.com
3 trk97.zzzperform.com 1 redirects poqueras.com
bercioles.com
2 ron.trffclb.com 1 redirects trk97.zzzperform.com
1 enloweb.com www.linkonclick.com
1 walter-larence.com 1 redirects
1 www.google-analytics.com popmyads.com
www.google-analytics.com
1 pritha-ner.com 1 redirects
1 widgets.amung.us
1 whos.amung.us 1 redirects
1 t2.lowtid.com 1 redirects
1 redir.tealwinds.xyz 1 redirects
1 67.us.blowingwind.xyz 1 redirects
1 t5.lowtid.com 1 redirects
1 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun 1 redirects
1 t3.lowtid.com 1 redirects
1 dakotatraff.com 1 redirects
1 poqueras.com bercioles.com
1 bercioles.com
12 19

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-09-09 -
2023-09-09		 a year crt.sh
*.zzzperform.com
E1		 2022-10-01 -
2022-12-30		 3 months crt.sh
lone-star.landingtrack.com
R3		 2022-09-30 -
2022-12-29		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh
biggsti.com
Amazon		 2022-06-07 -
2023-07-06		 a year crt.sh

This page contains 1 frames:

Frame: https://enloweb.com/ifus98eak?key=7a321d12c41053d0b348c790f7c442f9&s2s=w8nk0dam0pvfv41k2hor1q52&sub1=1041905-2442835143-0
Frame ID: 9D39D4923FD6540F6A7BA584D89A5D5C
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m... Page URL
  2. https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
  3. https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
    https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
  4. https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0aY3VvB... HTTP 302
    https://trk97.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.ph... Page URL
  5. https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_2022102614... HTTP 302
    https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.gb.chrome.&k=bfb&url=https%3A%2F%2Ftrk97.zzzperform.com%2F&... HTTP 307
    https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63592659bdfb2e503... HTTP 302
    https://67.us.blowingwind.xyz/feed/?link=true&tid=67&subid=67.gb.windows&ref=https%3A%2F%2Ftrk97.zzzperfor... HTTP 301
    https://redir.tealwinds.xyz/click/invalid/?tid=67&subid=67.gb.windows HTTP 302
    https://t2.lowtid.com/l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=67p HTTP 302
    https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p Page URL
  6. https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p&bv=1 HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  7. https://popmyads.com/gget HTTP 302
    http://pritha-ner.com/0646614740?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://... HTTP 302
    https://popmyads.com/return/30?clickid=c49ba1a1-5528-11ed-904b-12dd5323ec9f Page URL
  8. https://popmyads.com/returngo/MTY2Njc4NjkxMFJDakZMMTk0NFpyVE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA... HTTP 302
    http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614740 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

12
Requests

67 %
HTTPS

27 %
IPv6

16
Domains

19
Subdomains

10
IPs

6
Countries

43 kB
Transfer

100 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=02E6hDQu2pmsFPESDU6wZ9S4L_1N3b4ALbs6sRCXFUMt6LRXm Page URL
  2. https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
  3. https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
    https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
  4. https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0aY3VvBDU7PD0-QTY6Mjg1PTsHe3tjAmtyBHtreQk7NgFrZ2UGNzgIeWx1A1ptczk5CH1jaQMDbXwHOD45MAFrawU2ODc4CWF4AzQ6NTYHaXEBMjQzNAV6gQk5AGN3bGgGBmpzbgEyAmZvaAc3CHhyb3YEBHt0awlQb3Bpb2klT3VrNwBpdWlnBnp5fW4AZ3RwBWtnc3tuAHZjBFF0gHB0dWEwNzE0JS5ecXdkcHl2JFNaJzk5LjE9I1tudD08RCB5ODctJUd3eHVlWGdlT256Nj08Ny81OSQtUU9cVkwtIm9tcGsnT25jbHEsJEhueXd2ZTAzMzozNjU9OzQ6MDQ1PiZaaW9hc2syOTg9NTs-AGJ4BDwFanQJQQBiNjYFNTY4ODkwAWM3OAY2Nwh8ZgIyMzQ1Bm1uCjEyMgNnbWoIOQlmbXgEamZyem0JY2lvBDU2Nwd0d2cCMzM0NQZ6fHtnAjM0NTY3ODgJb3Rlc3kGBnd6bXN2ZAQ2NTY6ODowOAJoenF0CDs8AHNnaQVtent4fDowMXNzdntsempzL2VycTQGeWpsYwIzMzY6Nzg9PABkcHd0BgZ.dnYBAXlqcHsHUHZ9ZW0iTHJoNAdrbWcCMzQ1Njc4OTowMTI0NTU2ODk6MTIzNDU2Nzg5OjEyMzQ0Njc4OToxMjM0NTY2ODk6MTIzNDU2Nzg5OjEyMzQ0NgZqcX4BMjM0NDY3ODk6MTIzNDU2Nzc5OTEyMzQ1BX18fAp3LzI.ezNfPV5fO3gwdThzdHV2RHcvbjdyc3R1Q4AudTh4P3w0TFN2OFcCbnBzbQhtdy1WVT5pcwZ5fH0BMQJvZXQHB3B1cwIyA3J5Bzg5OTAyMjM1NgZ.bAoxMjJlNgVpeYAKQ2l0cnFqJldMTyBRbnhrbnSDcXd0ZnRxZXEzd2xvLXdraHtqeEJLcXJwb2gkVUpNKF9pZnlodoFzb3JvYm5mamdrcGlqeWFmcW1za3Vvd25maGtobG9ncENXYXVreWklSXNxbm51fmxyeWt5dmpsLnBkZ3Ezd3R.Z2pwA3doagg6PQB0cmcFNzoHbHlyAjMDcmhqCDk5AG52cwU2Ow__&_tdf=26 HTTP 302
    https://trk97.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64%26s%3D139445_ww&vId=bmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64&hash=270226461dc64814f22c&ete=true Page URL
  5. https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64&s=139445_ww HTTP 302
    https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.gb.chrome.&k=bfb&url=https%3A%2F%2Ftrk97.zzzperform.com%2F&xrw=&lid=63592659bdfb2e50397671b9&fid=67 HTTP 307
    https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63592659bdfb2e50397671b9&source=67.gb.chrome. HTTP 302
    https://67.us.blowingwind.xyz/feed/?link=true&tid=67&subid=67.gb.windows&ref=https%3A%2F%2Ftrk97.zzzperform.com%2F&s1=6359265bf00f6169fd3dbd0b HTTP 301
    https://redir.tealwinds.xyz/click/invalid/?tid=67&subid=67.gb.windows HTTP 302
    https://t2.lowtid.com/l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=67p HTTP 302
    https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p Page URL
  6. https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p&bv=1 HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  7. https://popmyads.com/gget HTTP 302
    http://pritha-ner.com/0646614740?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP 302
    https://popmyads.com/return/30?clickid=c49ba1a1-5528-11ed-904b-12dd5323ec9f Page URL
  8. https://popmyads.com/returngo/MTY2Njc4NjkxMFJDakZMMTk0NFpyVE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDYuMC41MjQ5LjExOSBTYWZhcmkvNTM3LjM2/30/1600x1200/8/4/0 HTTP 302
    http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614740 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
  • https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
Request Chain 3
  • https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0aY3VvBDU7PD0-QTY6Mjg1PTsHe3tjAmtyBHtreQk7NgFrZ2UGNzgIeWx1A1ptczk5CH1jaQMDbXwHOD45MAFrawU2ODc4CWF4AzQ6NTYHaXEBMjQzNAV6gQk5AGN3bGgGBmpzbgEyAmZvaAc3CHhyb3YEBHt0awlQb3Bpb2klT3VrNwBpdWlnBnp5fW4AZ3RwBWtnc3tuAHZjBFF0gHB0dWEwNzE0JS5ecXdkcHl2JFNaJzk5LjE9I1tudD08RCB5ODctJUd3eHVlWGdlT256Nj08Ny81OSQtUU9cVkwtIm9tcGsnT25jbHEsJEhueXd2ZTAzMzozNjU9OzQ6MDQ1PiZaaW9hc2syOTg9NTs-AGJ4BDwFanQJQQBiNjYFNTY4ODkwAWM3OAY2Nwh8ZgIyMzQ1Bm1uCjEyMgNnbWoIOQlmbXgEamZyem0JY2lvBDU2Nwd0d2cCMzM0NQZ6fHtnAjM0NTY3ODgJb3Rlc3kGBnd6bXN2ZAQ2NTY6ODowOAJoenF0CDs8AHNnaQVtent4fDowMXNzdntsempzL2VycTQGeWpsYwIzMzY6Nzg9PABkcHd0BgZ.dnYBAXlqcHsHUHZ9ZW0iTHJoNAdrbWcCMzQ1Njc4OTowMTI0NTU2ODk6MTIzNDU2Nzg5OjEyMzQ0Njc4OToxMjM0NTY2ODk6MTIzNDU2Nzg5OjEyMzQ0NgZqcX4BMjM0NDY3ODk6MTIzNDU2Nzc5OTEyMzQ1BX18fAp3LzI.ezNfPV5fO3gwdThzdHV2RHcvbjdyc3R1Q4AudTh4P3w0TFN2OFcCbnBzbQhtdy1WVT5pcwZ5fH0BMQJvZXQHB3B1cwIyA3J5Bzg5OTAyMjM1NgZ.bAoxMjJlNgVpeYAKQ2l0cnFqJldMTyBRbnhrbnSDcXd0ZnRxZXEzd2xvLXdraHtqeEJLcXJwb2gkVUpNKF9pZnlodoFzb3JvYm5mamdrcGlqeWFmcW1za3Vvd25maGtobG9ncENXYXVreWklSXNxbm51fmxyeWt5dmpsLnBkZ3Ezd3R.Z2pwA3doagg6PQB0cmcFNzoHbHlyAjMDcmhqCDk5AG52cwU2Ow__&_tdf=26 HTTP 302
  • https://trk97.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64%26s%3D139445_ww&vId=bmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64&hash=270226461dc64814f22c&ete=true
Request Chain 4
  • https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64&s=139445_ww HTTP 302
  • https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.gb.chrome.&k=bfb&url=https%3A%2F%2Ftrk97.zzzperform.com%2F&xrw=&lid=63592659bdfb2e50397671b9&fid=67 HTTP 307
  • https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63592659bdfb2e50397671b9&source=67.gb.chrome. HTTP 302
  • https://67.us.blowingwind.xyz/feed/?link=true&tid=67&subid=67.gb.windows&ref=https%3A%2F%2Ftrk97.zzzperform.com%2F&s1=6359265bf00f6169fd3dbd0b HTTP 301
  • https://redir.tealwinds.xyz/click/invalid/?tid=67&subid=67.gb.windows HTTP 302
  • https://t2.lowtid.com/l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=67p HTTP 302
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p
Request Chain 5
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p&bv=1 HTTP 302
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Request Chain 6
  • https://whos.amung.us/swidget/popmyads.png HTTP 307
  • https://widgets.amung.us/draw/?w=small&n=19600&c=ffc20e000000&p=left
Request Chain 7
  • https://popmyads.com/gget HTTP 302
  • http://pritha-ner.com/0646614740?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP 302
  • https://popmyads.com/return/30?clickid=c49ba1a1-5528-11ed-904b-12dd5323ec9f
Request Chain 10
  • http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Co93a7o2PqB1dQO0dEdHP3xP.009%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6ca5yIsBR52BerCcS8uYqsQ%252C%252C&cbpage=http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614740&cbur=0.5810285061751819&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
  • http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CQierN2KqoGU3B0-GH0dEdHP3xP.f7f%252CHwfd8w4Khbcd3hk9I8cXyfYUZzGPp6nUROgyH6dGP_HD6AaIuS9Pc80OUx51yr_gV45eYuV_zyqwrUTN-ST7Xvp-ANgvE8GN9Q1YKz8_xEAYfqP7xGXcmWL7uiVHg_yrBpRf0-iKqmOHEb8t8IbtP3-t6xJxJ_pz8SNPP9JAw-k6f2VB_Se3pwsO46zmn7uuf9gEhInnhN_0-670A0C4ZqwmWI1RZa41A8G05zN6sPoPCu-FrQ1BRBRwji4EK6hUuCUtlff98eugiIhiOt6gIhGJXDSbrCKiTxav2v36QHo_L5PDuL63dpaNrwgi4WBHo3UDVefcrtlRuZFaRNdxZjL1ITr7P5SrSgBeJP3x9_EpJN3y9q391Zmx6ZAlGOHu55ZVMvY3AZGYFyRSoiw6myNF_d2r4g1aUABvTP5maxIeMEjxPYiHT-JWFdX1smn6EeZYOfufWemYB4WNMdgA0Nwbb8rqAKr005Pa__NmW5bDHXcRigVPGJoJA0rvpLyioAvLm7zG84GLp7V5-8ANnjQlx9cHemroBGWS3WvtwaFq_88wc-lok1u2d8PXZFhdOwJTY_gV4aU2pP0eq2Obxn5YDQqde0iHVDHPPZhFR48%252C HTTP 302
  • https://walter-larence.com/a0e58a65-cbb7-47ed-9f04-8cdaf50a2536?zone=1041905-2442835143-0&ban=23531788&ssp=PopMyAds&advertiser=180544&country=UK&org=M247%20Ltd&platform=Windows&ip=217.138.196.108&device_make=Unknown&redirection_cost=0.00185&clickid=166678691010000TUKTV436497501244V5b HTTP 302
  • https://enloweb.com/ifus98eak?key=7a321d12c41053d0b348c790f7c442f9&s2s=w8nk0dam0pvfv41k2hor1q52&sub1=1041905-2442835143-0

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redirect
bercioles.com/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=02E6hDQu2pmsFPESDU6wZ9S4L_1N3b4ALbs6sRCXFUMt6LRXm
Protocol
HTTP/1.1
Server
104.21.81.52 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d54270e14becb1cc4ceca40acb221ff295887a6466235b8d0323850a04005e31

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
76032749997335ef-MAN
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Wed, 26 Oct 2022 12:21:44 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oYGKkwpEbYCnFWw3KwcDVnIHsrYFgvptA91mnEXtOFT7JiYaRe5NHTDetIqiM5vGIYLEWOvfUptZkr%2Fq3WOWK%2FZbG3I9XCB4HAH2R8DJfQwj%2FQb%2BIYEffgerD8p%2BdljR"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy
origin
vary
accept-encoding
slope
poqueras.com/noid/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Requested by
Host: bercioles.com
URL: http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=02E6hDQu2pmsFPESDU6wZ9S4L_1N3b4ALbs6sRCXFUMt6LRXm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
http://bercioles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache
cf-cache-status
DYNAMIC
cf-ray
7603274b5b591887-MAN
content-encoding
br
content-type
text/html;charset=ISO-8859-1
date
Wed, 26 Oct 2022 12:21:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6tuO3lBbOE0xesoMkMeiCptOp0VbJbCmW8fBeUneAS6tEyxjmF8ev5ZM%2BJQ2yK%2B0RMew6%2FjuQRO6Gc%2BjOtaLJYy8lql1sqHQF5NpozhffFQzY00jx8bP9tuN5aqR0o%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
270226461dc64814f22c.js
trk97.zzzperform.com/l/
Redirect Chain
  • https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false
  • https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
36 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
Requested by
Host: poqueras.com
URL: https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8d0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Referer
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
1257
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
7603274d2bbc74d1-LHR
content-encoding
br
content-type
text/html
date
Wed, 26 Oct 2022 12:21:45 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Fri, 27 Mar 2020 14:29:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Peg5jDWpSYgxSMvIqFToPbVacOxPn%2BXVodHcXYJfMh1aqwRMx5sJ1TbqfrFTw5NPyYVaAm4ZFWb8AweAfX8og9BCKRtYVxc%2BE9GnUv39XRYu7kq%2F2%2FrkykPu0WYV9n5m6jz8kTEPFKSvNhOMqLwfAmGPnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
7603274c6e958897-LHR
date
Wed, 26 Oct 2022 12:21:45 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tYAt6dPtFHUpF3SL1QJaKxLDNiqoBbmMuujlAc0T%2BdB87eYOC%2F05tTRpko8TGFuMJEmUb%2F3yp%2FsLvHhKq1b75%2BMwb8LMcbUperWIn9BQ37B9ZBhiPSCMCC2khg5tVBuCfWUM3tk1FHWdFFYnK2w%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
gw.js
trk97.zzzperform.com/
Redirect Chain
  • https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0aY3VvBDU7PD0-QTY6Mjg1PTsHe3tjAmtyBHtreQk7NgFrZ2UGNzgIeWx1A1ptczk5CH1jaQMDbXwHOD45MAFrawU2ODc4CWF4A...
  • https://trk97.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221026142145_6...
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trk97.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64%26s%3D139445_ww&vId=bmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64&hash=270226461dc64814f22c&ete=true
Requested by
Host: bercioles.com
URL: http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=02E6hDQu2pmsFPESDU6wZ9S4L_1N3b4ALbs6sRCXFUMt6LRXm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8d0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://trk97.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
1254
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
7603274e0cba0662-LHR
content-encoding
br
content-type
text/html
date
Wed, 26 Oct 2022 12:21:45 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Thu, 04 Jul 2019 15:58:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7XXJpfLGO6f1zZnq%2F0CCUcj5%2BMwz28kRR5FpfC0dkRI8qhaae7daRfWrKxATOPkvhwrE6sqU2ofkf3Aw72l%2FcbTEC6SmGYKDMAEwLDn5PAt3ybrOpnZLOWkrhdiYcY%2FPRIlzj5FSNsRxGbnnHvjl165XGw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7603274dac7f74d1-LHR
date
Wed, 26 Oct 2022 12:21:45 GMT
location
https://trk97.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64%26s%3D139445_ww&vId=bmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64&hash=270226461dc64814f22c&ete=true
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83%2F05csBRGrYxyBV%2Bt7YGGIcfr40M4bdn%2FdmRsFtbCz3hoMml6Pd%2B0G2w8TjL27mCD%2BBux1yHPREw0AVdpExaqbolHuM0kZeicFz7euvcRgtAKS3QlXjvXQ%2B5bTppopYHMPo8eR7SQsICF0w5xLBGI2UDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
f.php
ron.trffclb.com/
Redirect Chain
  • https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64&s=139445_ww
  • https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.gb.chrome.&k=bfb&url=https%3A%2F%2Ftrk97.zzzperform.com%2F&xrw=&lid=63592659bdfb2e50397671b9&fid=67
  • https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63592659bdfb2e50397671b9&source=67.gb.chrome.
  • https://67.us.blowingwind.xyz/feed/?link=true&tid=67&subid=67.gb.windows&ref=https%3A%2F%2Ftrk97.zzzperform.com%2F&s1=6359265bf00f6169fd3dbd0b
  • https://redir.tealwinds.xyz/click/invalid/?tid=67&subid=67.gb.windows
  • https://t2.lowtid.com/l.php?p=c:1ighcayppnss2p5b2&d=63526ec4faf797126b433250&s=67p
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p
878 B
852 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p
Requested by
Host: trk97.zzzperform.com
URL: https://trk97.zzzperform.com/l/270226461dc64814f22c?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64%26s%3D139445_ww&vId=bmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64&hash=270226461dc64814f22c&ete=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.83.143.92 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3155458.ip-51-83-143.eu
Software
nginx /
Resource Hash

Request headers

Referer
https://trk97.zzzperform.com/l/270226461dc64814f22c?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64%26s%3D139445_ww&vId=bmconv_20221026142145_61937f13_9f9b_4827_93b3_db6b00b17f64&hash=270226461dc64814f22c&ete=true
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 26 Oct 2022 12:21:49 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 26 Oct 2022 12:21:49 GMT
Location
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p
Raund
1yh
Round
1217p3t0dz
Server
nginx
aHR0cDovL3RyYWZmaXgxMy5jb20=
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/
Redirect Chain
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p&bv=1
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Requested by
Host: ron.trffclb.com
URL: https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options DENY

Request headers

Referer
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys-67p
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7603276bb82676cc-LHR
content-encoding
br
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=UTF-8
date
Wed, 26 Oct 2022 12:21:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=khZTvehg2i3S%2FymCHhslJF69MC237%2B1B6HXwPG5mihcgkyOkILPMYAUPiUgCKedhrUMFpk3ZFJN5bw%2F56l6EBeOOYr5LsNRA8CD3PgN3TQjHK2Sonj%2FxP0LwMBM66RzzjSkxPo%2BopHaBono%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
DENY
x-powered-by
PHP/7.1.33

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 26 Oct 2022 12:21:49 GMT
Location
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Raund
2g2
Round
11kgq037yu
Server
nginx
/
widgets.amung.us/draw/
Redirect Chain
  • https://whos.amung.us/swidget/popmyads.png
  • https://widgets.amung.us/draw/?w=small&n=19600&c=ffc20e000000&p=left
368 B
534 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.amung.us/draw/?w=small&n=19600&c=ffc20e000000&p=left
Protocol
H2
Server
2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://popmyads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 26 Oct 2022 12:21:50 GMT
cf-cache-status
HIT
last-modified
Sat, 22 Oct 2022 23:07:43 GMT
server
cloudflare
age
306847
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2678400
content-disposition
filename=wau-widget.png
cf-ray
7603276dae06771d-LHR
expires
Sun, 23 Oct 2022 23:07:43 GMT

Redirect headers

location
https://widgets.amung.us/draw/?w=small&n=19600&c=ffc20e000000&p=left
date
Wed, 26 Oct 2022 12:21:50 GMT
cache-control
max-age=295
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7603276cbc28771d-LHR
content-type
text/html; charset=UTF-8
30
popmyads.com/return/
Redirect Chain
  • https://popmyads.com/gget
  • http://pritha-ner.com/0646614740?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
  • https://popmyads.com/return/30?clickid=c49ba1a1-5528-11ed-904b-12dd5323ec9f
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://popmyads.com/return/30?clickid=c49ba1a1-5528-11ed-904b-12dd5323ec9f
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://popmyads.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7603276e7e42dcf7-LHR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 26 Oct 2022 12:21:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aYeMUEBdUEIrwiDev3mNb851kZt7A9kz6dgrPM6F6Qu%2Fvq6OMt9Vo12%2BQIPdlivAr0ule7%2BMkwfZqPBsGeMqpo%2Brwh2BPU%2FHi7M6YsuytqL1jjdOenjS06l1oRiFTmP4xdpBlIx1pQzPysM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.1.33

Redirect headers

Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
keep-alive
Content-Length
0
Date
Wed, 26 Oct 2022 12:21:50 GMT
Location
https://popmyads.com/return/30?clickid=c49ba1a1-5528-11ed-904b-12dd5323ec9f
Server
IkHxHfcE
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: popmyads.com
URL: https://popmyads.com/return/30?clickid=c49ba1a1-5528-11ed-904b-12dd5323ec9f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://popmyads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 26 Oct 2022 11:15:54 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
3956
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Wed, 26 Oct 2022 13:15:54 GMT
Primary Request next.php
www.linkonclick.com/jump/
Redirect Chain
  • https://popmyads.com/returngo/MTY2Njc4NjkxMFJDakZMMTk0NFpyVE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDYuMC41MjQ5LjExOSB...
  • http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614740
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614740
Requested by
Host: popmyads.com
URL: https://popmyads.com/return/30?clickid=c49ba1a1-5528-11ed-904b-12dd5323ec9f
Protocol
HTTP/1.1
Server
35.186.193.41 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
41.193.186.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Referer
https://popmyads.com/return/30?clickid=c49ba1a1-5528-11ed-904b-12dd5323ec9f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Wed, 26 Oct 2022 12:21:50 GMT
Server
openresty
Transfer-Encoding
chunked
Via
1.1 google

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7603276eeee6dcf7-LHR
content-type
text/html; charset=UTF-8
date
Wed, 26 Oct 2022 12:21:50 GMT
location
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614740
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VEWUVgzgh0P4H6yajl%2BQXPh1lFzl8N4DlDs8Cu6OQt%2Fg%2BzPs%2Fz8hg%2BduS2nJDnkVRStWrrL3w2R8FSTolK151YHa1jHag%2FtJtrhIN%2BlKv6T%2BZwdykz3R0foO3kPv4SFU2ux%2BNKu%2FDX%2BvQ2E%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.1.33
collect
www.google-analytics.com/j/ 		0
0
ifus98eak
enloweb.com/
Redirect Chain
  • http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Co93a7o2PqB1dQO0dEdHP3xP.009%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6ca5yIsBR52BerCcS8uYqsQ%252C%252C&cbpage=ht...
  • http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252CQierN2KqoGU3B0-GH0dEdHP3xP.f7f%252CHwfd8w4Khbcd3hk9I8cXyfYUZzGPp6nUROgyH6dGP_HD6AaIuS9Pc80OUx51yr_gV45eYuV_zyqwrUTN-ST7Xvp-ANgvE8GN9Q1...
  • https://walter-larence.com/a0e58a65-cbb7-47ed-9f04-8cdaf50a2536?zone=1041905-2442835143-0&ban=23531788&ssp=PopMyAds&advertiser=180544&country=UK&org=M247%20Ltd&platform=Windows&ip=217.138.196.108&d...
  • https://enloweb.com/ifus98eak?key=7a321d12c41053d0b348c790f7c442f9&s2s=w8nk0dam0pvfv41k2hor1q52&sub1=1041905-2442835143-0
0
505 B 		Document
General
Check archive.org
Download Go to
Full URL
https://enloweb.com/ifus98eak?key=7a321d12c41053d0b348c790f7c442f9&s2s=w8nk0dam0pvfv41k2hor1q52&sub1=1041905-2442835143-0
Requested by
Host: www.linkonclick.com
URL: http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614740
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.88.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-88-206.eu-central-1.compute.amazonaws.com
Software
nginx/1.19.5 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646614740
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ch
Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
cache-control
no-cache max-age=0, private, no-cache
content-length
0
date
Wed, 26 Oct 2022 12:21:51 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma
no-cache
server
nginx/1.19.5
x-request-id
120f369823fc8b18f03662d06e6aa235

Redirect headers

cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
0
date
Wed, 26 Oct 2022 12:21:51 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://enloweb.com/ifus98eak?key=7a321d12c41053d0b348c790f7c442f9&s2s=w8nk0dam0pvfv41k2hor1q52&sub1=1041905-2442835143-0
pragma
no-cache
server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google-analytics.com
URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1529866394&t=pageview&_s=1&dl=https%3A%2F%2Fpopmyads.com%2Freturn%2F30%3Fclickid%3Dc49ba1a1-5528-11ed-904b-12dd5323ec9f&ul=en-us&de=UTF-8&dt=PopMyAds%20Redirecting...&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAACAAI~&jid=396800416&gjid=277480120&cid=422615671.1666786911&tid=UA-43135408-1&_gid=254866357.1666786911&_r=1&_slc=1&z=1887294515

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

7 Cookies

Domain/Path Name / Value
trk97.zzzperform.com/ Name: BSESSID
Value: trkcbc2047e-f3c6-489a-8ac2-3e2506de4782
.lowsea.fun/ Name: emwxcid_4_1
Value: r2wZtfupLriZOeokl3ZPTWqUpWCABOujPDR4w1VQeMiwoVMgW2
.popmyads.com/ Name: _ga
Value: GA1.2.422615671.1666786911
.popmyads.com/ Name: _gid
Value: GA1.2.254866357.1666786911
.popmyads.com/ Name: _gat
Value: 1
.walter-larence.com/ Name: a0e58a65-cbb7-47ed-9f04-8cdaf50a2536-v4
Value: zWxgLz4sj3f8kBab3KVsN87aLto78jfrg-p29jBPnfI
.walter-larence.com/ Name: cc-v4
Value: RMRIpMlx6d5wK1IVOpE%2BbiiJHCTvVMWm%2FfSyzhlNMLFarcgfRIW8TjysBl2hgvl14dYfp%2F89axdCODv%2BrTcCk12vDNELU8cGp1F32OdZzYJlzlr9u6sUsU3%2F6y4n4FWzp5fxxAEh0d6UKWBAzQ7rvQ%3D%3D