lp.gamega.me Open in urlscan Pro
185.49.222.99 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://leadmy.pl/p/C2GZ/3tLK/vh0o
Effective URL:
https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=3...
Submission: On June 28 via manual (June 28th 2023, 10:47:44 pm UTC) from PL — Scanned from PL

Summary HTTP 40 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 7 countries across 29 domains to perform 40 HTTP transactions. The main IP is 185.49.222.99, located in and belongs to . The main domain is lp.gamega.me.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 14th 2022. Valid for: a year.

This is the only time lp.gamega.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 7	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2.17.187.245 2.17.187.245	16625 (AKAMAI-AS) (AKAMAI-AS)
5	172.217.16.206 172.217.16.206	15169 (GOOGLE) (GOOGLE)
2 3	51.68.85.158 51.68.85.158	16276 (OVH) (OVH)
1 1	34.91.27.112 34.91.27.112	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 10	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.158.251 172.67.158.251	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	51.161.115.163 51.161.115.163	16276 (OVH) (OVH)
1 1	198.134.116.30 198.134.116.30	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	51.83.143.92 51.83.143.92	16276 (OVH) (OVH)
2 4	172.64.137.27 172.64.137.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	172.67.8.141 172.67.8.141	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	18.214.252.79 18.214.252.79	14618 (AMAZON-AES) (AMAZON-AES)
1 2	131.153.42.229 131.153.42.229	20454 (SSASN2) (SSASN2)
1	94.237.103.119 94.237.103.119	202053 (UPCLOUD) (UPCLOUD)
1 1	185.49.222.98 185.49.222.98	() ()
8	185.49.222.99 185.49.222.99	() ()
1	104.16.126.175 104.16.126.175	() ()
40	13

7 188.114.96.3 (Amsterdam, Netherlands) 2 redirects

ASN13335 (CLOUDFLARENET, US)

leadmy.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dakotatraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trk137.zzzperform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.17.187.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-187-245.deploy.static.akamaitechnologies.com

www.g2a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.16.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.68.85.158 (Saint-Venant, France) 2 redirects

ASN16276 (OVH, FR)

www.fireslaegrep.lol	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.27.112 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 112.27.91.34.bc.googleusercontent.com

admoustache.media-412.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 188.114.97.3 (Amsterdam, Netherlands) 3 redirects

ASN13335 (CLOUDFLARENET, US)

tonic.eygenci.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
armorads.aftrad-visit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
manuqas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
my.ueive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.158.251 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.161.115.163 (Canada) 2 redirects

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net

t3.hightid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t4.lowtid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.134.116.30 (United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

go.savethereef.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.83.143.92 (Warsaw, Poland) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu

t10.blowingwnd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.137.27 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

popmyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.8.141 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.214.252.79 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-252-79.compute-1.amazonaws.com

kuno-gae.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 131.153.42.229 (Phoenix, United States) 1 redirects

ASN20454 (SSASN2, US)

prpops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.237.103.119 (Finland)

ASN202053 (UPCLOUD, FI)
PTR: 94-237-103-119.de-fra1.upcloud.host

1d5e051bc65.traffic-c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.49.222.98 (None, ) 1 redirects

ASN- ()

tb.premium-advertiser.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.49.222.99 (None, )

ASN- ()

lp.gamega.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.126.175 (None, )

ASN- ()

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	gamega.me lp.gamega.me	611 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63	42 KB
4	popmyads.com 2 redirects popmyads.com — Cisco Umbrella Rank: 79353	3 KB
4	ueive.com 1 redirects my.ueive.com — Cisco Umbrella Rank: 522308	6 KB
4	eygenci.com 1 redirects tonic.eygenci.com — Cisco Umbrella Rank: 759913	6 KB
3	zzzperform.com 1 redirects trk137.zzzperform.com	14 KB
3	fireslaegrep.lol 2 redirects www.fireslaegrep.lol	5 KB
3	leadmy.pl leadmy.pl	31 KB
2	prpops.com 1 redirects prpops.com — Cisco Umbrella Rank: 422973	19 KB
2	amung.us 1 redirects whos.amung.us — Cisco Umbrella Rank: 14075 widgets.amung.us — Cisco Umbrella Rank: 23211	705 B
2	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 373647	2 KB
1	unpkg.com unpkg.com	15 KB
1	premium-advertiser.com 1 redirects tb.premium-advertiser.com	699 B
1	traffic-c.com 1d5e051bc65.traffic-c.com	1 KB
1	kuno-gae.com 1 redirects kuno-gae.com — Cisco Umbrella Rank: 212677	495 B
1	blowingwnd.com 1 redirects t10.blowingwnd.com — Cisco Umbrella Rank: 316320	293 B
1	lowtid.com 1 redirects t4.lowtid.com — Cisco Umbrella Rank: 266093	310 B
1	savethereef.xyz 1 redirects go.savethereef.xyz — Cisco Umbrella Rank: 270745	286 B
1	hightid.com 1 redirects t3.hightid.com — Cisco Umbrella Rank: 782459	519 B
1	dakotatraff.com 1 redirects dakotatraff.com — Cisco Umbrella Rank: 378940	545 B
1	manuqas.com manuqas.com — Cisco Umbrella Rank: 166318	1 KB
1	aftrad-visit.com 1 redirects armorads.aftrad-visit.com — Cisco Umbrella Rank: 126724	471 B
1	media-412.com 1 redirects admoustache.media-412.com — Cisco Umbrella Rank: 678179	270 B
1	g2a.com www.g2a.com — Cisco Umbrella Rank: 140627
0	googletagmanager.com Failed www.googletagmanager.com Failed
0	doubleclick.net Failed stats.g.doubleclick.net Failed
0	binance.com Failed www.binance.com Failed
0	gearbest.com Failed www.gearbest.com Failed
0	aliexpress.com Failed s.click.aliexpress.com Failed
40	29

	Domain	Requested by
8	lp.gamega.me	lp.gamega.me
5	www.google-analytics.com	leadmy.pl www.google-analytics.com popmyads.com
4	popmyads.com	2 redirects my.ueive.com
4	my.ueive.com	1 redirects trk137.zzzperform.com my.ueive.com
4	tonic.eygenci.com	1 redirects www.fireslaegrep.lol tonic.eygenci.com
3	trk137.zzzperform.com	1 redirects manuqas.com leadmy.pl
3	www.fireslaegrep.lol	2 redirects leadmy.pl
3	leadmy.pl	leadmy.pl
2	prpops.com	1 redirects popmyads.com
2	cdn.addlnk.com	tonic.eygenci.com my.ueive.com
1	unpkg.com	lp.gamega.me
1	tb.premium-advertiser.com	1 redirects
1	1d5e051bc65.traffic-c.com
1	kuno-gae.com	1 redirects
1	widgets.amung.us
1	whos.amung.us	1 redirects
1	t10.blowingwnd.com	1 redirects
1	t4.lowtid.com	1 redirects
1	go.savethereef.xyz	1 redirects
1	t3.hightid.com	1 redirects
1	dakotatraff.com	1 redirects
1	manuqas.com	tonic.eygenci.com
1	armorads.aftrad-visit.com	1 redirects
1	admoustache.media-412.com	1 redirects
1	www.g2a.com	leadmy.pl
0	www.googletagmanager.com Failed	www.google-analytics.com
0	stats.g.doubleclick.net Failed	www.google-analytics.com
0	www.binance.com Failed	leadmy.pl
0	www.gearbest.com Failed	leadmy.pl
0	s.click.aliexpress.com Failed	leadmy.pl
40	30

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-10-28` - `2023-10-28`	a year	crt.sh
*.g2a.com GeoTrust RSA CA 2018	`2023-06-08` - `2024-06-08`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
www.fireslaegrep.lol R3	`2023-06-01` - `2023-08-30`	3 months	crt.sh
eygenci.com E1	`2023-05-21` - `2023-08-19`	3 months	crt.sh
addlnk.com GTS CA 1P5	`2023-06-13` - `2023-09-11`	3 months	crt.sh
zzzperform.com GTS CA 1P5	`2023-05-26` - `2023-08-24`	3 months	crt.sh
ueive.com GTS CA 1P5	`2023-05-21` - `2023-08-19`	3 months	crt.sh
popmyads.com GTS CA 1P5	`2023-05-03` - `2023-08-01`	3 months	crt.sh
traffic-c.com R3	`2023-06-16` - `2023-09-14`	3 months	crt.sh
*.gamega.me Go Daddy Secure Certificate Authority - G2	`2022-06-14` - `2023-07-16`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
Frame ID: F24839EE54239F642BCE5EC6E7CB9D6F
Requests: 33 HTTP requests in this frame

Frame: https://www.g2a.com/n/reflink-381235804a
Frame ID: A67E953AE663F0AE544CEBFC4A57450E
Requests: 1 HTTP requests in this frame

Frame: https://s.click.aliexpress.com/e/_d6GDFTu
Frame ID: 2BC90774D0217FC5CFA30D8C4530DC95
Requests: 1 HTTP requests in this frame

Frame: https://www.gearbest.com/?lkid=78540179
Frame ID: 5766013029C63517CB183D04FC7305BC
Requests: 1 HTTP requests in this frame

Frame: https://www.binance.com/en/activity/referral-entry/CPA?fromActivityPage=true&ref=CPA_00N9NR54R9
Frame ID: 4204DF8ABFFC38DA7E0831987D445943
Requests: 1 HTTP requests in this frame

Frame: https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
Frame ID: A10404D74B473225454B1B9BC2F24FDE
Requests: 2 HTTP requests in this frame

Frame: https://my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
Frame ID: B99D29A09E50DB58A1E44941F76F6236
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://leadmy.pl/p/C2GZ/3tLK/vh0o Page URL
https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673 Page URL
https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673&eyeg=039f1768e5347f737... HTTP 302
https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673&eyeg=3&eyer=0.52950118... HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000aceb3d9ab865583a6db08f6befd... HTTP 302
https://tonic.eygenci.com/rc/a91581ead4?affclick=649cb88a800d390001695e51&pubid=503 Page URL
https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=22&network_id=1&click_id=pubba73... HTTP 302
https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D Page URL
https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=4cY3VvB... HTTP 302
https://trk137.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F... Page URL
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc... Page URL
https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub8914c40b4571... HTTP 302
https://go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.pl.windows.c... HTTP 302
https://t4.lowtid.com/n.php?p=c:1ighcaypoihz05u69&d=61e943f4a56e02198e0b0501&s=du.491426&d2=t3.hig... HTTP 302
https://t10.blowingwnd.com/e.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_du.491426&d1=121... HTTP 302
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ= Page URL
https://popmyads.com/gget HTTP 302
http://kuno-gae.com/0497634210?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://... HTTP 302
https://popmyads.com/return/30?clickid=ca59bbb1-1605-11ee-bd7a-0a7f739ebe33 Page URL
https://popmyads.com/returngo/MTY4Nzk5MjQ2MmNyZVBTSHVFTXF6aE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA... HTTP 302
http://prpops.com/p/sjbi/direct/t:0497634210 Page URL
http://prpops.com/p/sjbi/direct/t:0497634210?prc_c=1687992462&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOi... HTTP 302
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=d38fb... Page URL
https://tb.premium-advertiser.com/31-ggsl-pl/?clickid=25jmpo1x3kn0dj6cnmckoogws,16790077,5,4554&pubid=4554 HTTP 302
https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

40
Requests

78 %
HTTPS

0 %
IPv6

29
Domains

30
Subdomains

13
IPs

7
Countries

753 kB
Transfer

949 kB
Size

19
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://leadmy.pl/p/C2GZ/3tLK/vh0o Page URL
https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673 Page URL
https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673&eyeg=039f1768e5347f7374f0f41940ba9c72&eyer=0.5295011858318868&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=leadmy.pl HTTP 302
https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673&eyeg=3&eyer=0.5295011858318868&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=leadmy.pl HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000aceb3d9ab865583a6db08f6befd3a95c0628-202306-flb*5576699-2199c*mlClick-beNvoKhH*sl_5576699-2199c*36ea6d428628a661bc1bb5b6d04804467766e3cb*637673* HTTP 302
https://tonic.eygenci.com/rc/a91581ead4?affclick=649cb88a800d390001695e51&pubid=503 Page URL
https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=22&network_id=1&click_id=pubba7359f2335c4a53a74035dbf9c8f139&sub_source=503 HTTP 302
https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D Page URL
https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=4cY3VvBDU7Pj5BQjw-QUZEREQRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2np0FydHN0Rae.SXqAezABY2sFNjg3OAl.hQ09DnGFenYUFHiBfBlKGn6HgB9PIJCUkZgmJp2WjStym5yVm5VRe6GXYzafq5.dPLCvs6RAp7SwRauns7uuSsBhAk9yfm5yc2k4Pzk8LTZmeX92gouINmVsOUtLSk1ZP3eKkFlYYEafXl1TS22dnpuViJeVf56qZm1scWlvc15ni4mWkJBxZrOxtK9rR2ZlbnMuJkpwe3l4cTw-QEQ-QkFJTElMRkpTUzxwf4WBk4tSWVhdVVtfKoyiLmYvlJ4zazSWamo5aWpsbG1uP6F1dkR0dUa6rkp6ezAyAmlqBjc4OAltc3AOPw92fYgUenaCin0ZfYOJHk9QUSGOkYsmV1dYWSqeoJ.VMGFiY2RlZmY3p6ydq7E.Pq.ypbW4pkZ4d3h8enwwOAJoenF0CDs8Cn1xcw93hIWChk5ERYR5h4.MfZBMgo.OUSOWh4mKKVpaXWFeX2RjMZWhqKU3N6.npzw8tKWrtkKLsbiqsmeRt615AGRmagU2Nzg5Ojs8PT0.P0FCQkNFRkdISUpLTE1OT1BRUlNUVVVXWFlaW1xdXl9gYWFjZGVmZ2hpamtsbW5vcHFyc3N1RamwvUp7fDExMzQ1Njc4OTo7PD0.PkBAQkNERUYWjo2NG5JKTVmWTnpYeXpgnVWaXZiZmptppl6dZqGio6Ryr2eucbF4tW2FjK97mkWxs7awS7BuLldWP2p0B3p9fgw8DXpwfxISe4CIF0cYh44cTU5OT1FRUlRVJZ2LKVpbW45fLpKiqTN2nKelpJ1Zin.CXY6rtairscCutLutu7isbC5yZ2oyfHBtgG99R1B2gX9.dzNkWVw3boJ-koGPmoyIi4iFkYmNio6TjI2cjpOemqCYopykm52fop.jpp6neo6itqy6qmaKtLKvuXR9a3F4anh1aXU3eW1wejyAfYd6fYMWint9G01QHZGPhCJUVySJlpkpWiqZj5EvYGAxn6ekNmds&_tdf=23 HTTP 302
https://trk137.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125%26pubid%3D139445_ww&vId=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&hash=270226461dc64814f22c&ete=true Page URL
https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&pubid=139445_ww Page URL
https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub8914c40b45714f88990c01f90f711a50&s=3k4fcald HTTP 302
https://go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.pl.windows.chrome&query=3k4fcald&pub_clickid=649cb88cf1f15e370e35449b&default_url=https%3A%2F%2Ft4.lowtid.com%2Fn.php%3Fp%3Dc%3A1ighcaypoihz05u69%26d%3D61e943f4a56e02198e0b0501%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP 302
https://t4.lowtid.com/n.php?p=c:1ighcaypoihz05u69&d=61e943f4a56e02198e0b0501&s=du.491426&d2=t3.hightid.com HTTP 302
https://t10.blowingwnd.com/e.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_du.491426&d1=1217p3t0dz HTTP 302
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ= Page URL
https://popmyads.com/gget HTTP 302
http://kuno-gae.com/0497634210?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP 302
https://popmyads.com/return/30?clickid=ca59bbb1-1605-11ee-bd7a-0a7f739ebe33 Page URL
https://popmyads.com/returngo/MTY4Nzk5MjQ2MmNyZVBTSHVFTXF6aE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTQuMC41NzM1LjE5OCBTYWZhcmkvNTM3LjM2/30/1600x1200/8/4/0 HTTP 302
http://prpops.com/p/sjbi/direct/t:0497634210 Page URL
http://prpops.com/p/sjbi/direct/t:0497634210?prc_c=1687992462&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZVwvMTE0LjAuNTczNS4xOTggU2FmYXJpXC81MzcuMzYifQ==&prc_h=f4d774ad417f18ef0dee21248e8a969a6ebccefda9ba50c5198be169a79f5a04&pr_tsid=baa7d8daa933130434b084a7eb1514e4254dbc911a81a811711058e99b44ea8a&pr_tsids=7aa10e02c366eb8129557c3f358f920cfdf9da32a6f96cf4bad0397b807f903d HTTP 302
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=d38fbebb74d4b7b998610eb444648f99255632be42b6f5301b34c2c926066efd&sub_id=7734210&transaction_id=S27838467 Page URL
https://tb.premium-advertiser.com/31-ggsl-pl/?clickid=25jmpo1x3kn0dj6cnmckoogws,16790077,5,4554&pubid=4554 HTTP 302
https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673&eyeg=039f1768e5347f7374f0f41940ba9c72&eyer=0.5295011858318868&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=leadmy.pl HTTP 302
https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673&eyeg=3&eyer=0.5295011858318868&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=leadmy.pl HTTP 302
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000aceb3d9ab865583a6db08f6befd3a95c0628-202306-flb*5576699-2199c*mlClick-beNvoKhH*sl_5576699-2199c*36ea6d428628a661bc1bb5b6d04804467766e3cb*637673* HTTP 302
https://tonic.eygenci.com/rc/a91581ead4?affclick=649cb88a800d390001695e51&pubid=503

Request Chain 16

https://tonic.eygenci.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js

Request Chain 18

https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=22&network_id=1&click_id=pubba7359f2335c4a53a74035dbf9c8f139&sub_source=503 HTTP 302
https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D

Request Chain 19

https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false

Request Chain 20

https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=4cY3VvBDU7Pj5BQjw-QUZEREQRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2np0FydHN0Rae.SXqAezABY2sFNjg3OAl.hQ09DnGFenYUFHiBfBlKGn6HgB9PIJCUkZgmJp2WjStym5yVm5VRe6GXYzafq5.dPLCvs6RAp7SwRauns7uuSsBhAk9yfm5yc2k4Pzk8LTZmeX92gouINmVsOUtLSk1ZP3eKkFlYYEafXl1TS22dnpuViJeVf56qZm1scWlvc15ni4mWkJBxZrOxtK9rR2ZlbnMuJkpwe3l4cTw-QEQ-QkFJTElMRkpTUzxwf4WBk4tSWVhdVVtfKoyiLmYvlJ4zazSWamo5aWpsbG1uP6F1dkR0dUa6rkp6ezAyAmlqBjc4OAltc3AOPw92fYgUenaCin0ZfYOJHk9QUSGOkYsmV1dYWSqeoJ.VMGFiY2RlZmY3p6ydq7E.Pq.ypbW4pkZ4d3h8enwwOAJoenF0CDs8Cn1xcw93hIWChk5ERYR5h4.MfZBMgo.OUSOWh4mKKVpaXWFeX2RjMZWhqKU3N6.npzw8tKWrtkKLsbiqsmeRt615AGRmagU2Nzg5Ojs8PT0.P0FCQkNFRkdISUpLTE1OT1BRUlNUVVVXWFlaW1xdXl9gYWFjZGVmZ2hpamtsbW5vcHFyc3N1RamwvUp7fDExMzQ1Njc4OTo7PD0.PkBAQkNERUYWjo2NG5JKTVmWTnpYeXpgnVWaXZiZmptppl6dZqGio6Ryr2eucbF4tW2FjK97mkWxs7awS7BuLldWP2p0B3p9fgw8DXpwfxISe4CIF0cYh44cTU5OT1FRUlRVJZ2LKVpbW45fLpKiqTN2nKelpJ1Zin.CXY6rtairscCutLutu7isbC5yZ2oyfHBtgG99R1B2gX9.dzNkWVw3boJ-koGPmoyIi4iFkYmNio6TjI2cjpOemqCYopykm52fop.jpp6neo6itqy6qmaKtLKvuXR9a3F4anh1aXU3eW1wejyAfYd6fYMWint9G01QHZGPhCJUVySJlpkpWiqZj5EvYGAxn6ekNmds&_tdf=23 HTTP 302
https://trk137.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125%26pubid%3D139445_ww&vId=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&hash=270226461dc64814f22c&ete=true

Request Chain 23

https://my.ueive.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js

Request Chain 25

https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub8914c40b45714f88990c01f90f711a50&s=3k4fcald HTTP 302
https://go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.pl.windows.chrome&query=3k4fcald&pub_clickid=649cb88cf1f15e370e35449b&default_url=https%3A%2F%2Ft4.lowtid.com%2Fn.php%3Fp%3Dc%3A1ighcaypoihz05u69%26d%3D61e943f4a56e02198e0b0501%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP 302
https://t4.lowtid.com/n.php?p=c:1ighcaypoihz05u69&d=61e943f4a56e02198e0b0501&s=du.491426&d2=t3.hightid.com HTTP 302
https://t10.blowingwnd.com/e.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_du.491426&d1=1217p3t0dz HTTP 302
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=

Request Chain 26

https://whos.amung.us/swidget/popmyads.png HTTP 307
https://widgets.amung.us/draw/?w=small&n=12900&c=ffc20e000000&p=left

Request Chain 27

https://popmyads.com/gget HTTP 302
http://kuno-gae.com/0497634210?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP 302
https://popmyads.com/return/30?clickid=ca59bbb1-1605-11ee-bd7a-0a7f739ebe33

Request Chain 29

https://popmyads.com/returngo/MTY4Nzk5MjQ2MmNyZVBTSHVFTXF6aE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTQuMC41NzM1LjE5OCBTYWZhcmkvNTM3LjM2/30/1600x1200/8/4/0 HTTP 302
http://prpops.com/p/sjbi/direct/t:0497634210

Request Chain 31

http://prpops.com/p/sjbi/direct/t:0497634210?prc_c=1687992462&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZVwvMTE0LjAuNTczNS4xOTggU2FmYXJpXC81MzcuMzYifQ==&prc_h=f4d774ad417f18ef0dee21248e8a969a6ebccefda9ba50c5198be169a79f5a04&pr_tsid=baa7d8daa933130434b084a7eb1514e4254dbc911a81a811711058e99b44ea8a&pr_tsids=7aa10e02c366eb8129557c3f358f920cfdf9da32a6f96cf4bad0397b807f903d HTTP 302
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=d38fbebb74d4b7b998610eb444648f99255632be42b6f5301b34c2c926066efd&sub_id=7734210&transaction_id=S27838467

40 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 vh0o Show response
leadmy.pl/p/C2GZ/3tLK/ 27 KB
19 KB 230ms
160ms Document
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leadmy.pl/p/C2GZ/3tLK/vh0o
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33670d181ca21be2ff1b570f989747243a755949f9631ebb94aab1962ff239b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, private
cf-cache-status: DYNAMIC
cf-ray: 7de978fc3dca34ca-WAW
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 28 Jun 2023 22:47:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gnWHsWf01iG8bdbBlygCQIR0zWEWVPTUEPEjFM5MHVx%2Bv4eN59SxGQm6K8rYhuROYusH1847p%2Bryf%2F3HeW9oj7%2Bp1ztGs6NSqslvprZWEAqZ55xtJJ5aKQo6zgo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-robots-tag: noindex, nofollow

GET
H2 200 envoirment.js Show response
leadmy.pl/js/ 32 KB
12 KB 34ms
34ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leadmy.pl/js/envoirment.js?id=a535a99b3fccb8f0756e
Requested by: Host: leadmy.pl
URL: https://leadmy.pl/p/C2GZ/3tLK/vh0o
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2360f05aaa5110f0891046d08ab93ee8bfd6249debd8d8c1d173eac2dd5e172

Request headers

device-memory: 8
Referer: https://leadmy.pl/p/C2GZ/3tLK/vh0o
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 22:47:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 May 2022 11:25:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2835
etag: W/"627a4b98-8078"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2KmsgzBOY7Hx2mNuA32hSMtPMWEdiKtIG7sfLEzHKMNCWK1nIykhUnQYjFfj6IN6pAuEEaZ0ZCx%2F6UC5rKkoUEGz5qR6p4%2FevGpUeGR%2BUWYeo0rWzL2gNMlj088%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7de978fd4e4734ca-WAW
alt-svc: h3=":443"; ma=86400

GET
H2 200 reflink-381235804a
www.g2a.com/n/ Frame A67E 0
0 245ms
122ms Document
text/html 2.17.187.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.g2a.com/n/reflink-381235804a

Requested by

Host: leadmy.pl
URL: https://leadmy.pl/p/C2GZ/3tLK/vh0o

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.187.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-187-245.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

Referer: https://leadmy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

content-encoding: gzip
content-length: 1282
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=utf-8
date: Wed, 28 Jun 2023 22:47:38 GMT
vary: Accept-Encoding
x-akamai-transformed: 9 2943 0 pmb=mTOE,3
x-frame-options: DENY

GET _d6GDFTu
s.click.aliexpress.com/e/ Frame 2BC9 0
0

GET /
www.gearbest.com/ Frame 5766 0
0

GET CPA
www.binance.com/en/activity/referral-entry/ Frame 4204 0
0

GET
DATA 200
OK truncated
/ 18 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76666ee7d0d9c862fb84cbd129ac1b056a57c78203eaa3f9338f5c76715a2aa2

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 160ms
50ms Script
text/javascript 172.217.16.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: leadmy.pl
URL: https://leadmy.pl/p/C2GZ/3tLK/vh0o

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://leadmy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 22:35:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 735
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 29 Jun 2023 00:35:22 GMT

POST
H3 200 finger
leadmy.pl/ 20 B
461 B 86ms
86ms XHR
application/json 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://leadmy.pl/finger
Requested by: Host: leadmy.pl
URL: https://leadmy.pl/js/envoirment.js?id=a535a99b3fccb8f0756e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

device-memory: 8
Referer: https://leadmy.pl/p/C2GZ/3tLK/vh0o
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 28 Jun 2023 22:47:38 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cu5r4xfhucl6XlGXuhokeLpaegPpYn783bm%2FEnEy52oiklyH4p3eGTQ7EUIX69UeHpouvewk5zZ2JGF4Ymkg1C15NFfiThuJKxjbWOfusbreV%2Be%2F5UZsijh6Ngw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
cf-ray: 7de978fe6c3934e6-WAW
alt-svc: h3=":443"; ma=86400

POST
H2 200 collect
www.google-analytics.com/j/ 16 B
218 B 58ms
57ms XHR
text/plain 172.217.16.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=545168812&t=pageview&_s=1&dl=https%3A%2F%2Fleadmy.pl%2Fp%2FC2GZ%2F3tLK%2Fvh0o&ul=en-us&de=UTF-8&dt=leadmy.pl&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1277261844&gjid=1772798987&cid=474164237.1687992458&tid=UA-110090096-2&_gid=1780183457.1687992458&_r=1&_slc=1&z=117295367

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leadmy.pl/
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 22:47:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://leadmy.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect
www.google-analytics.com/ 35 B
111 B 57ms
57ms Ping
image/gif 172.217.16.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leadmy.pl/
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 22:47:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://leadmy.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
www.fireslaegrep.lol/ 4 KB
4 KB 175ms
47ms Document
text/html 51.68.85.158
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673
Requested by: Host: leadmy.pl
URL: https://leadmy.pl/js/envoirment.js?id=a535a99b3fccb8f0756e
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.85.158 Saint-Venant, France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://leadmy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Platform-Version
Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Wed, 28 Jun 2023 22:47:38 GMT
Transfer-Encoding: chunked

POST collect
stats.g.doubleclick.net/j/ 0
0

GET js
www.googletagmanager.com/gtag/ 0
0

GET
H2

200

a91581ead4 Show response
tonic.eygenci.com/rc/
Redirect Chain

https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673&eyeg=039f1768e5347f7374f0f41940ba9c72&eyer=0.5295011858318868&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=leadmy.pl
https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673&eyeg=3&eyer=0.5295011858318868&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=leadmy.pl
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000aceb3d9ab865583a6db08f6befd3a95c0628-202306-flb*5576699-2199c*mlClick-beNvoKhH*sl_5576699-2199c*36ea6d428628a661bc...
https://tonic.eygenci.com/rc/a91581ead4?affclick=649cb88a800d390001695e51&pubid=503

2 KB
2 KB

255ms
190ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tonic.eygenci.com/rc/a91581ead4?affclick=649cb88a800d390001695e51&pubid=503
Requested by: Host: www.fireslaegrep.lol
URL: https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: abaaeb1cdd1b958f3c642bbf7f1c2c4892452bbaba3345350369fd1964d38fda

Request headers

Referer: https://www.fireslaegrep.lol/?sl=5576699-2199c&tag=mlClick-beNvoKhH&website=637673
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7de979026df1bff5-WAW
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Wed, 28 Jun 2023 22:47:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mv2Gg9RdXAVKiA1vIi3fOcUau4oiAR3jK7Tt%2F2B08D1RGTMyXJQ1rZgdinMHEaRJSbeGvLcPh2DLNQ34iW1u%2BSgpye15Ql58%2FnUSP%2BSWeQFV4muZ0wqeKlMR8bY0nhwRY7LkEw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Wed, 28 Jun 2023 22:47:38 GMT
location: https://tonic.eygenci.com/rc/a91581ead4?affclick=649cb88a800d390001695e51&pubid=503
referer
referrer-policy: no-referrer
server: nginx
x-adjust-use-original-forwarded-for: 1

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1015 B 94ms
31ms Stylesheet
text/css 172.67.158.251
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: tonic.eygenci.com
URL: https://tonic.eygenci.com/rc/a91581ead4?affclick=649cb88a800d390001695e51&pubid=503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.158.251 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 22:47:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 8N170743W1JPC8PY
age: 7030
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400
x-amz-id-2: g8bv3HSjzvK1zFu3fQIv4Bg3LSBTlFToQhd22E6lzHJOMhd7HAd0OjEQSg/Dtn/qj1l1vnKpjeI=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2InWj9VcDOg9Z4se9tbJeCKm0KDckzincvSg2wfDBOHOzBi4%2F0Lj7yLnVjp1a1uz9y2L3eayVvu3YndU7%2F4cx8S5NcYfyNNcqkOul9V%2ByhJY79YWoeX0%2FsLCA5pjIlHYXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7de979040f553bca-WAW

GET
H2

200

invisible.js Show response
tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/ Frame A104
Redirect Chain

https://tonic.eygenci.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js

7 KB
4 KB

29ms
29ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js

Protocol

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50dc9e33cf4e660293368cf9b836f101295a13101cb6a825bb39350a2b1f65ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 22:47:38 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dxp6x2DourfDkWjunDROU%2BKelaTlI5mLIz1D2cxMfu3Y2mUSw7YmVS9dLDpHuYrwA8DvHCSx4bS4z8P9NgCrnNxqYmUkILts4E9cq%2BWMz7WaxXpO4bZUa15MRREeDLLNzwpUjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7de979047ef9bff5-WAW
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 28 Jun 2023 22:47:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=shOhe2SaeLOMSVwsZ%2FDekesK4n%2FuTe1Ldqu2fttlMn4QqGUlm%2F1lnkPSOWXooWHgZmrQb1NSsWjiN5EpK8bRoHo2KsnEDh2%2FDf0%2FLmxezsy8uZaCdCowsgMIloDWp0li3ihYtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
cache-control: max-age=300, public
cf-ray: 7de979044eebbff5-WAW
alt-svc: h3=":443"; ma=86400

POST
H3 200 7de979026df1bff5
tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame A104 0
607 B 41ms
40ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tonic.eygenci.com/cdn-cgi/challenge-platform/h/g/cv/result/7de979026df1bff5
Requested by: Host: tonic.eygenci.com
URL: https://tonic.eygenci.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 28 Jun 2023 22:47:39 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvNcbyEHv3oIrXmXU5ggIHGNE1bdHC4PfUmqYNQ13D%2FWi6S2%2BnYRHaWub%2BTJaiGtTkQmJJ8jaOd7E9onxhvxOlGftetiaCnqASJ1zl82knOLav0O%2BWjKeynSigdfauN09RXGVA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7de979057a5abf56-WAW
alt-svc: h3=":443"; ma=86400

GET
H2

200

unite
manuqas.com/kalo/
Redirect Chain

https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=22&network_id=1&click_id=pubba7359f2335c4a53a74035dbf9c8f139&sub_source=503
https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D

1 KB
1 KB

156ms
93ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
Requested by: Host: tonic.eygenci.com
URL: https://tonic.eygenci.com/rc/a91581ead4?affclick=649cb88a800d390001695e51&pubid=503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://tonic.eygenci.com/rc/a91581ead4?affclick=649cb88a800d390001695e51&pubid=503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache
cf-cache-status: DYNAMIC
cf-ray: 7de97906ea9234af-WAW
content-encoding: br
content-type: text/html;charset=ISO-8859-1
date: Wed, 28 Jun 2023 22:47:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FgomqL%2BdwI2WZbW8oUgtb2lRttz4X5QJJI9FoCC%2BFcO4JmOPLWwF%2BpTwsr27fqOh2pF7hwClhgeVy%2FmlyQf0S%2FM4Ad8lb4VSS59jGp2uo9Jj%2FQB9PI49hFJ1lg7X2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7de97905ee4ebf62-WAW
content-type: text/html; charset=utf-8
date: Wed, 28 Jun 2023 22:47:39 GMT
location: https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8YSizmY2pRMLZJd%2Bdo17Rf35km8qVXfkCRMKWPg3iRb49SFEfWFJLb0TsD3bG7tbHO1NLpsOU3TTQ52ry8ANFK9fcsxTpFM069nBoY8%2FsgTApo2TKSvF%2FymgWDw1o0SK%2By%2FdWoedrsZDJiBJ"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2

200

270226461dc64814f22c.js Show response
trk137.zzzperform.com/l/
Redirect Chain

https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false
https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false

36 KB
12 KB

99ms
35ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
Requested by: Host: manuqas.com
URL: https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Referer: https://manuqas.com/kalo/unite?five=YezU%2FXi5GKBf9HGBsDaIxw%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

age: 2813
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000
cf-cache-status: HIT
cf-ray: 7de979089a17353a-WAW
content-encoding: br
content-type: text/html
date: Wed, 28 Jun 2023 22:47:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 20 Aug 2019 14:25:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuJL4r04GayU5r3b1AUXEl7%2B3T91QMwe5EaMGPPm9MqtfPMtpM4sVdxQtRk2wLNVaSTkfQQOyZg1eEvZMDS4qNw0dzTjAXk1E9OS%2BQ6b15i7gAI6AI17Tj6GLMBSHbw9kMxg%2FYPNM84%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7de97907fa3c349e-WAW
date: Wed, 28 Jun 2023 22:47:39 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
location: https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V5%2FTSGHpKS8K5bMMIAoUGBAKXwwz%2BekLeBmHZG%2FWYV%2FTa1meex9dTF1rL0QieSYI4iqBo1cMZS5BqeeBe8J5srwLwOXmKiW1xQnXoEDg2WcKSPpVKw8%2FK4%2F51lqskUSWIhc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3

200

gw.js
trk137.zzzperform.com/
Redirect Chain

https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=4cY3VvBDU7Pj5BQjw-QUZEREQRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2np0FydHN0Rae....
https://trk137.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125%26pubid%...

1 KB
1 KB

32ms
32ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk137.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125%26pubid%3D139445_ww&vId=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&hash=270226461dc64814f22c&ete=true
Requested by: Host: leadmy.pl
URL: https://leadmy.pl/p/C2GZ/3tLK/vh0o
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://trk137.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

age: 2834
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000
cf-cache-status: HIT
cf-ray: 7de979099fabbfb2-WAW
content-encoding: br
content-type: text/html
date: Wed, 28 Jun 2023 22:47:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 27 Mar 2020 14:30:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=psVOu%2FmaYJ6G6qlEKmR57Pv%2BFbrlY1kp%2FXmy1QgiAqL9yfC615UAEgH9iOzuTNRcN1F2pZwhiyzMoak%2F7%2FlAs8oVJMxmZrNvr12WW9on%2FpyxjgC10OBOzuBNLwnOZXmX2h2CJsNnJKM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7de979090a43353a-WAW
date: Wed, 28 Jun 2023 22:47:39 GMT
location: https://trk137.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125%26pubid%3D139445_ww&vId=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&hash=270226461dc64814f22c&ete=true
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2FjdZPjrQ%2FWt2yFrggf58o1K70%2FtTUf964r%2FUcl%2BKvEEeL6oF6hufigTmVKFmFRCTkHVPrCsajVDJGtbwSSxt9H8ypMNrdQbR2NU3CQleajIzwlmRIux%2Bc556oDVSbtdyNNk9tRmiP8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 3d8a3d97e5 Show response
my.ueive.com/rc/ 2 KB
2 KB 246ms
182ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&pubid=139445_ww
Requested by: Host: trk137.zzzperform.com
URL: https://trk137.zzzperform.com/l/270226461dc64814f22c?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fmy.ueive.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125%26pubid%3D139445_ww&vId=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&hash=270226461dc64814f22c&ete=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 379b50ce2b311d0803e59398da94066f9079e5638223920a558f7d15e0d9d8b0

Request headers

Referer: https://trk137.zzzperform.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7de9790a5ab85012-WAW
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Wed, 28 Jun 2023 22:47:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qrov1Jwud8J4EuxqU5IKhSv5OEvANeIGUhV2KJ8LvS%2F9DvekamxiZzSoIy%2FFnG3C%2BbTKYZo8i344Zsx6d%2B2XA%2BovEeNkY6R39BQMbPO5wR23sLoVxt6HliZqwVGsyME%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
698 B 31ms
30ms Stylesheet
text/css 172.67.158.251
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&pubid=139445_ww
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.158.251 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 22:47:40 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 8N170743W1JPC8PY
age: 7032
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400
x-amz-id-2: g8bv3HSjzvK1zFu3fQIv4Bg3LSBTlFToQhd22E6lzHJOMhd7HAd0OjEQSg/Dtn/qj1l1vnKpjeI=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5gjAon%2Foc8jDpRxKlzrgBpRIiNd%2B%2F2n558sgtNbyqgCA1LXng8iu2nXE%2FUmuKTrz47Q98N8CglI0kXbQZ6qBTMvAWIDrCeOEycP3PoguPKqbszbxCQtrLc1SeJNG8qIPAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 7de9790b7b333bca-WAW

GET
H2

200

invisible.js Show response
my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/ Frame B99D
Redirect Chain

https://my.ueive.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js

7 KB
4 KB

30ms
30ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://my.ueive.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js

Protocol

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a32af4379a57c161494c710d09a2826915502daa6899747ad29380a442fa8949

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 22:47:40 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JEdf0gAW3YzohJnxiJ1Feru6k%2Bv6ewkxtXCtaspIC2JgV0qAKtDUzFZqmEgeVXIvg62nnFoh84kSmo6ksoGFg%2ByUHPwHGFQO8xjZ4Y3JHtLPdjhSmnAMzLFxM6D9saw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7de9790beb545012-WAW
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Wed, 28 Jun 2023 22:47:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=As7aJaAQfkwnjwPj6VJd%2Fhz5J5Ui7dcIxbpFPKe2FxNhXL1Kr0oZBE6QzF6KOk7EqyL5G27v5Xm9BTuK8axhx64XQZLWhzM71f8Ub77TksE%2FgNXLx%2F8c6z7AN0PMNxk%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7de9790bcb405012-WAW
alt-svc: h3=":443"; ma=86400

POST
H3 200 7de9790a5ab85012
my.ueive.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame B99D 0
596 B 44ms
43ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://my.ueive.com/cdn-cgi/challenge-platform/h/g/cv/result/7de9790a5ab85012
Requested by: Host: my.ueive.com
URL: https://my.ueive.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 28 Jun 2023 22:47:40 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NfWRJMUo%2BYdePptYjULNVh1mO5zbiPaFggQbJfdxtxgJ2Cnz2%2BNlAl%2BEPxgKX0VDxfGSYDScswOF0o%2FrDQd20gxSD7G4fhYP1iMh8L%2FMZ0jQ6RiUlUtS0eQbjbhoWrI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7de9790ceae0bf60-WAW
alt-svc: h3=":443"; ma=86400

GET
H2

200

aHR0cDovL3RyYWZmaXg0LmNvbQ=
popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/
Redirect Chain

https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub8914c40b45714f88990c01f90f711a50&s=3k4fcald
https://go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.pl.windows.chrome&query=3k4fcald&pub_clickid=649cb88cf1f15e370e35449b&default_url=https%3A%2F%2Ft4.lowtid....
https://t4.lowtid.com/n.php?p=c:1ighcaypoihz05u69&d=61e943f4a56e02198e0b0501&s=du.491426&d2=t3.hightid.com
https://t10.blowingwnd.com/e.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_du.491426&d1=1217p3t0dz
https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=

2 KB
1 KB

143ms
76ms

Document
text/html

172.64.137.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=

Requested by

Host: my.ueive.com
URL: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&pubid=139445_ww

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.137.27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

Referer: https://my.ueive.com/rc/3d8a3d97e5?affclick=bmconv_20230629004739_8b2f5a9c_9293_4716_81e6_e59a1bc7e125&pubid=139445_ww
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7de9791558613522-WAW
content-encoding: br
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=UTF-8
date: Wed, 28 Jun 2023 22:47:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jOXIw6i6x7AJEq8ppa%2FP52Y45iVpsl60pcan5QujfhOKVUkIdWxfreK1U3AGo3ni6c7alSilnu5DIoUPXjDOnzXQ7e5gDB3C%2F%2FTc46FodH8sWjPjckpji%2B3shhux8xE%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: DENY
x-powered-by: PHP/7.1.33

Redirect headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 28 Jun 2023 22:47:41 GMT
Location: https://popmyads.com/serve/52264/49763/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXg0LmNvbQ=
Raund: 12uf2w0vxv-300
Round: 12c7p6j8cg
Server: nginx

GET
H2

200

/
widgets.amung.us/draw/
Redirect Chain

https://whos.amung.us/swidget/popmyads.png
https://widgets.amung.us/draw/?w=small&n=12900&c=ffc20e000000&p=left

365 B
531 B

42ms
34ms

Image
image/png

172.67.8.141
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.amung.us/draw/?w=small&n=12900&c=ffc20e000000&p=left
Protocol: H2
Server: 172.67.8.141 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://popmyads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 22:47:41 GMT
cf-cache-status: HIT
last-modified: Tue, 20 Jun 2023 20:19:32 GMT
server: cloudflare
age: 700089
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2678400
content-disposition: filename=wau-widget.png
cf-ray: 7de97917496635ae-WAW
expires: Wed, 21 Jun 2023 20:19:32 GMT

Redirect headers

location: https://widgets.amung.us/draw/?w=small&n=12900&c=ffc20e000000&p=left
date: Wed, 28 Jun 2023 22:47:41 GMT
cache-control: max-age=295
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7de9791658b035ae-WAW
content-type: text/html; charset=UTF-8

GET
H3

200

30
popmyads.com/return/
Redirect Chain

https://popmyads.com/gget
http://kuno-gae.com/0497634210?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
https://popmyads.com/return/30?clickid=ca59bbb1-1605-11ee-bd7a-0a7f739ebe33

1 KB
1 KB

75ms
74ms

Document
text/html

172.64.137.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popmyads.com/return/30?clickid=ca59bbb1-1605-11ee-bd7a-0a7f739ebe33
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.137.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://popmyads.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7de9791869863bb5-WAW
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 28 Jun 2023 22:47:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hDGL62S4YRkp6tENtkIE%2B1Svd2h6WPR%2FCZYpBLhlc6EYHLWEqs8VlSVbXaKxiLKwzLy8jWG3kj2j%2Bj3WqhZbMu2VYrSn3WmLsHsxhlD6io4k9TPjcRQQLb5CmE50J1c%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33

Redirect headers

Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Connection: keep-alive
Content-Length: 0
Date: Wed, 28 Jun 2023 22:47:42 GMT
Location: https://popmyads.com/return/30?clickid=ca59bbb1-1605-11ee-bd7a-0a7f739ebe33
Server: bIBSFlHr
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'

GET
H3 200 analytics.js
www.google-analytics.com/ 52 KB
21 KB 52ms
51ms Script
text/javascript 172.217.16.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: popmyads.com
URL: https://popmyads.com/return/30?clickid=ca59bbb1-1605-11ee-bd7a-0a7f739ebe33

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://popmyads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 22:35:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 740
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 29 Jun 2023 00:35:22 GMT

GET
H/1.1

200
OK

t:0497634210 Show response
prpops.com/p/sjbi/direct/
Redirect Chain

https://popmyads.com/returngo/MTY4Nzk5MjQ2MmNyZVBTSHVFTXF6aE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTQuMC41NzM1LjE5OCB...
http://prpops.com/p/sjbi/direct/t:0497634210

50 KB
18 KB

357ms
180ms

Document
text/html

131.153.42.229
SSASN2

General

Check archive.org

Show headers Download Go to

Full URL: http://prpops.com/p/sjbi/direct/t:0497634210
Requested by: Host: popmyads.com
URL: https://popmyads.com/return/30?clickid=ca59bbb1-1605-11ee-bd7a-0a7f739ebe33
Protocol: HTTP/1.1
Server: 131.153.42.229 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software: nginx /
Resource Hash: f6dc854b4f57c08e4da477ebabe58af8be8fd1eb1b317d88671d0d3965612a04

Request headers

Referer: https://popmyads.com/return/30?clickid=ca59bbb1-1605-11ee-bd7a-0a7f739ebe33
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

Accept-CH: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Device-Memory, RTT, ECT, Downlink
Access-Control-Allow-Origin: *
Cache-Control: no-cache, must-revalidate, no-transform
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 28 Jun 2023 22:47:42 GMT
Expires: Tue, 31 Dec 2013 23:59:59 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7de9791919d23bb5-WAW
content-type: text/html; charset=UTF-8
date: Wed, 28 Jun 2023 22:47:42 GMT
location: http://prpops.com/p/sjbi/direct/t:0497634210
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jTJnNlikndCPGsCoEjkdqI9%2FaqN3IYXktsCkRph58Xd4hVNHCdA0NFTNJVgbuhBYFdZ0vwZYxqv8D3fvZr8BQgO5TYL9CJI5%2F6LuKfoZwbAWFHdUJdXAmgEw9PKBvPY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33

POST
H3 200 collect
www.google-analytics.com/j/ 3 B
23 B 58ms
58ms XHR
text/plain 172.217.16.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=744902003&t=pageview&_s=1&dl=https%3A%2F%2Fpopmyads.com%2Freturn%2F30%3Fclickid%3Dca59bbb1-1605-11ee-bd7a-0a7f739ebe33&ul=en-us&de=UTF-8&dt=PopMyAds%20Redirecting...&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAACAAI~&jid=1830516177&gjid=1148672778&cid=809787523.1687992462&tid=UA-43135408-1&_gid=629664400.1687992462&_r=1&_slc=1&z=811637693

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://popmyads.com/
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 22:47:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://popmyads.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/ Show response
1d5e051bc65.traffic-c.com/
Redirect Chain

http://prpops.com/p/sjbi/direct/t:0497634210?prc_c=1687992462&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR...
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=d38fbebb74d4b7b998610eb444648f99255632be42b6f5301b34c2c926066efd&sub_id=7734210&transaction_...

1006 B
1 KB

223ms
123ms

Document
text/html

94.237.103.119
UPCLOUD

General

Check archive.org

Show headers Download Go to

Full URL: https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=d38fbebb74d4b7b998610eb444648f99255632be42b6f5301b34c2c926066efd&sub_id=7734210&transaction_id=S27838467
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.103.119 , Finland, ASN202053 (UPCLOUD, FI),
Reverse DNS: 94-237-103-119.de-fra1.upcloud.host
Software: /
Resource Hash: 581d8ec90806ff9e2a6bc55df3d6902e30517601100b1f67ac61a7f99d849a17

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: http://prpops.com
Referer: http://prpops.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 28 Jun 2023 22:47:43 GMT
expires: Wed, 28 Jun 2023 22:47:43 GMT
last-modified: Wed, 28 Jun 2023 22:47:43 GMT
pragma: no-cache
vary: Accept-Encoding
x-robots-tag: noindex, nofollow

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache, must-revalidate, no-transform
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 28 Jun 2023 22:47:43 GMT
Expires: Tue, 31 Dec 2013 23:59:59 GMT
Location: https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=d38fbebb74d4b7b998610eb444648f99255632be42b6f5301b34c2c926066efd&sub_id=7734210&transaction_id=S27838467
Server: nginx
Transfer-Encoding: chunked

GET
H/1.1

200
OK

Primary Request pl.html Show response
lp.gamega.me/page/funbo1/
Redirect Chain

https://tb.premium-advertiser.com/31-ggsl-pl/?clickid=25jmpo1x3kn0dj6cnmckoogws,16790077,5,4554&pubid=4554
https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1

6 KB
2 KB

206ms
48ms

Document
text/html

185.49.222.99

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.49.222.99 -, , ASN (),
Reverse DNS
Software: nginx/1.6.2 /
Resource Hash: 4b6bc4aa409dbce0aa11175dd00903cd39a74ae8d40631db45e3e9ebd6b5c975

Request headers

Referer: https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=d38fbebb74d4b7b998610eb444648f99255632be42b6f5301b34c2c926066efd&sub_id=7734210&transaction_id=S27838467
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 28 Jun 2023 22:47:44 GMT
Last-Modified: Tue, 25 Apr 2023 12:22:46 GMT
Server: nginx/1.6.2
Transfer-Encoding: chunked

Redirect headers

Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Wed, 28 Jun 2023 22:47:43 GMT
Location: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
Server: nginx
Transfer-Encoding: chunked
X-node: 778mobile-ws2

GET
H/1.1 200
OK output.css
lp.gamega.me/page/funbo1/ 12 KB
13 KB 95ms
94ms Stylesheet
text/css 185.49.222.99

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.gamega.me/page/funbo1/output.css
Requested by: Host: lp.gamega.me
URL: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.49.222.99 -, , ASN (),
Reverse DNS
Software: nginx/1.6.2 /
Resource Hash: 7009e22106598287cb288494b4e08628562bde6608eba3cfddafb101219d0083

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 22:47:44 GMT
Last-Modified: Tue, 08 Nov 2022 15:25:42 GMT
Server: nginx/1.6.2
ETag: "636a74f6-3191"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12689

GET
H2 200 cdn.min.js Show response
unpkg.com/alpinejs@3.10.3/dist/ 39 KB
15 KB 98ms
34ms Script
application/javascript 104.16.126.175

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js

Requested by

Host: lp.gamega.me
URL: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.126.175 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

80e915e1df7f16630d1248cecd597233678d0164945e2b13fb545b3134c88172

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://lp.gamega.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 22:47:44 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 12803507
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01GR4GNVARQ9FFWGR2ZHMANWYA-waw
server: cloudflare
etag: W/"9b22-C2KvCpUmON88zgE4vxpsrN2/GXk"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7de979254c023506-WAW

GET
H/1.1 200
OK logo_white.png
lp.gamega.me/page/funbo1/ 8 KB
8 KB 48ms
48ms Image
image/png 185.49.222.99

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.gamega.me/page/funbo1/logo_white.png
Requested by: Host: lp.gamega.me
URL: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.49.222.99 -, , ASN (),
Reverse DNS
Software: nginx/1.6.2 /
Resource Hash: 7357749296451ad39aeda82a867f139f2433182a9abfb53a9b463c3039457347

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 22:47:44 GMT
Last-Modified: Tue, 08 Nov 2022 15:25:42 GMT
Server: nginx/1.6.2
ETag: "636a74f6-1f09"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7945

GET
H/1.1 200
OK Icon_arrow_left.svg
lp.gamega.me/page/funbo1/ 513 B
754 B 150ms
52ms Image
image/svg+xml 185.49.222.99

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.gamega.me/page/funbo1/Icon_arrow_left.svg
Requested by: Host: lp.gamega.me
URL: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.49.222.99 -, , ASN (),
Reverse DNS
Software: nginx/1.6.2 /
Resource Hash: 83efe78852be88305f27628e78bd287dc36bfffb53bb941661f6916a1e99344d

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 22:47:44 GMT
Last-Modified: Tue, 08 Nov 2022 15:25:42 GMT
Server: nginx/1.6.2
ETag: "636a74f6-201"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 513

GET
H/1.1 200
OK Icon_arrow_right.svg
lp.gamega.me/page/funbo1/ 503 B
744 B 149ms
51ms Image
image/svg+xml 185.49.222.99

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.gamega.me/page/funbo1/Icon_arrow_right.svg
Requested by: Host: lp.gamega.me
URL: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.49.222.99 -, , ASN (),
Reverse DNS
Software: nginx/1.6.2 /
Resource Hash: 8b1f753342022212b98a481ef65aabce4fc31b9659741e4b6fcf3810b256d3d2

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 22:47:44 GMT
Last-Modified: Tue, 08 Nov 2022 15:25:42 GMT
Server: nginx/1.6.2
ETag: "636a74f6-1f7"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 503

GET
H/1.1 200
OK bg-1000.png
lp.gamega.me/page/funbo1/ 254 KB
254 KB 193ms
96ms Image
image/png 185.49.222.99

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.gamega.me/page/funbo1/bg-1000.png
Requested by: Host: lp.gamega.me
URL: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.49.222.99 -, , ASN (),
Reverse DNS
Software: nginx/1.6.2 /
Resource Hash: bcdb07b8708ff3b2c04bf8e0b1dd59e152f951aae733290eacaaf879de94e102

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://lp.gamega.me/page/funbo1/pl.html?request_id=a9b3joya2y4185uiwz1ztrz8mzynrzmg07rse9cv&pub_id=4554&partner_id=31&_sms_id=14605011&_outer_id=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 22:47:44 GMT
Last-Modified: Tue, 08 Nov 2022 15:25:42 GMT
Server: nginx/1.6.2
ETag: "636a74f6-3f604"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 259588

GET
H/1.1 200
OK RobotoCondensed-Regular.ttf
lp.gamega.me/page/funbo1/ 166 KB
167 KB 94ms
48ms Font
application/octet-stream 185.49.222.99

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.gamega.me/page/funbo1/RobotoCondensed-Regular.ttf
Requested by: Host: lp.gamega.me
URL: https://lp.gamega.me/page/funbo1/output.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.49.222.99 -, , ASN (),
Reverse DNS
Software: nginx/1.6.2 /
Resource Hash: 6a2cfb7e61dd09d77526fd314b256894094f96e3a6f3149d9f8000c1132ef4b8

Request headers

Referer: https://lp.gamega.me/page/funbo1/output.css
Origin: https://lp.gamega.me
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 22:47:44 GMT
Last-Modified: Tue, 08 Nov 2022 15:25:42 GMT
Server: nginx/1.6.2
ETag: "636a74f6-2992c"
Content-Type: application/octet-stream
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 170284

GET
H/1.1 200
OK RobotoCondensed-Bold.ttf
lp.gamega.me/page/funbo1/ 166 KB
166 KB 182ms
99ms Font
application/octet-stream 185.49.222.99

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.gamega.me/page/funbo1/RobotoCondensed-Bold.ttf
Requested by: Host: lp.gamega.me
URL: https://lp.gamega.me/page/funbo1/output.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.49.222.99 -, , ASN (),
Reverse DNS
Software: nginx/1.6.2 /
Resource Hash: 03b4e8042b9af4bf3349428fa734ed583f2d5d83287e1f42cf4d514c909146ef

Request headers

Referer: https://lp.gamega.me/page/funbo1/output.css
Origin: https://lp.gamega.me
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 22:47:44 GMT
Last-Modified: Tue, 08 Nov 2022 15:25:42 GMT
Server: nginx/1.6.2
ETag: "636a74f6-29748"
Content-Type: application/octet-stream
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 169800

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s.click.aliexpress.com
URL: https://s.click.aliexpress.com/e/_d6GDFTu

Domain: www.gearbest.com
URL: https://www.gearbest.com/?lkid=78540179

Domain: www.binance.com
URL: https://www.binance.com/en/activity/referral-entry/CPA?fromActivityPage=true&ref=CPA_00N9NR54R9

Domain: stats.g.doubleclick.net
URL: https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-110090096-2&cid=474164237.1687992458&jid=1277261844&gjid=1772798987&_gid=1780183457.1687992458&_u=IEBAAEAAAAAAACAAI~&z=505647991

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9R803BRQ9Q&cx=c&_slc=1

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
prpops.com/p/sjbi/direct	1970-01-20 17:12:24	Name: woa1quur7O Value: 70dba2096b7acf6d2d22914d5a9ce9984f87e3723632c18846fb70a136959d182787587572f98a07bbfe8aeebb60db7094b910854f49e037f0e4f789a900050a
prpops.com/p/sjbi/direct	1970-01-20 12:53:12	Name: biscuit_suus99w8 Value: 015d2b3205983ceb40f5ead0d0ec49f2d2e2dbc8e495372b08b590260f2a54e2
leadmy.pl/	1970-01-20 21:38:48	Name: dc0a08e416cd7f8471c71ad711523ca3 Value: dc0a08e416cd7f8471c71ad711523ca3
.leadmy.pl/	1970-01-20 22:29:12	Name: _ga Value: GA1.2.474164237.1687992458
.leadmy.pl/	1970-01-20 12:54:38	Name: _gid Value: GA1.2.1780183457.1687992458
.leadmy.pl/	1970-01-20 12:53:12	Name: _gat Value: 1
admoustache.media-412.com/	1970-01-20 21:38:48	Name: afclick Value: 649cb88a800d390001695e51
tonic.eygenci.com/	1970-01-20 13:03:17	Name: AWSALB Value: JnVX1KQYeC1mFbp6dVnVLNDU70tMXjLjqDwbsfo5ah8QWL8D+FQqmT+cziLn7G4PzK2BeC7d+MuieNb1/IIN/jobpCOZlTN/Otx01kQo3SOKQRbtFKEpq12OY3AG
.eygenci.com/	1970-01-20 12:53:14	Name: __cf_bm Value: YyFJJFEUkPb3dptxWInDbgLGrX0B_zg2VrUF2RrsIdk-1687992459-0-AVIwp4VPvAYPUYFSOmyXBEzYy5TWyy1RwLtSrGVYChyAAEwiiO0QWwVj8CP1Fos9/A==
trk137.zzzperform.com/	1970-01-20 22:29:12	Name: BSESSID Value: trk3a52d940-54aa-456a-9b3a-491f0e742a24
my.ueive.com/	1970-01-20 13:03:17	Name: AWSALB Value: h0vwaG1dYYBavMLONn89cIRDchnPVMcE52JaPQCCjkpCeOqEoQ0uNvowchVU2FstvMmdtcQywi31v3tsG0c/9ZZyh3i2teAQ327DJSMuiD4/Qhb32+a62lPPcwx2
.ueive.com/	1970-01-20 12:53:14	Name: __cf_bm Value: jZLT160DIZwtBaS6MCNsTcGhve7G1QQEboedqQ1EZ6U-1687992460-0-Adms/P7ofly65yOI1cfPxZ/OURtCsG5tJRMWIrI7wLr3+V5H4dSimYc/LxRf/Jz1aw==
popmyads.com/	1970-01-20 12:53:12	Name: wGprrBLT Value: 2
.popmyads.com/	1970-01-20 22:29:12	Name: _ga Value: GA1.2.809787523.1687992462
.popmyads.com/	1970-01-20 12:54:38	Name: _gid Value: GA1.2.629664400.1687992462
.popmyads.com/	1970-01-20 12:53:12	Name: _gat Value: 1
.1d5e051bc65.traffic-c.com/	1970-01-20 12:53:13	Name: rts-trck Value: 1
.traffic-c.com/	1970-01-20 22:29:12	Name: t-uuid Value: 5zej3atbrcuwo75twtdwg4848
.traffic-c.com/	1970-01-20 12:53:12	Name: traffic-back Value: ok

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	Message: Refused to frame 'https://www.g2a.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1d5e051bc65.traffic-c.com
admoustache.media-412.com
armorads.aftrad-visit.com
cdn.addlnk.com
dakotatraff.com
go.savethereef.xyz
kuno-gae.com
leadmy.pl
lp.gamega.me
manuqas.com
my.ueive.com
popmyads.com
prpops.com
s.click.aliexpress.com
stats.g.doubleclick.net
t10.blowingwnd.com
t3.hightid.com
t4.lowtid.com
tb.premium-advertiser.com
tonic.eygenci.com
trk137.zzzperform.com
unpkg.com
whos.amung.us
widgets.amung.us
www.binance.com
www.fireslaegrep.lol
www.g2a.com
www.gearbest.com
www.google-analytics.com
www.googletagmanager.com
s.click.aliexpress.com
stats.g.doubleclick.net
www.binance.com
www.gearbest.com
www.googletagmanager.com
104.16.126.175
131.153.42.229
172.217.16.206
172.64.137.27
172.67.158.251
172.67.8.141
18.214.252.79
185.49.222.98
185.49.222.99
188.114.96.3
188.114.97.3
198.134.116.30
2.17.187.245
34.91.27.112
51.161.115.163
51.68.85.158
51.83.143.92
94.237.103.119
03b4e8042b9af4bf3349428fa734ed583f2d5d83287e1f42cf4d514c909146ef
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
33670d181ca21be2ff1b570f989747243a755949f9631ebb94aab1962ff239b4
379b50ce2b311d0803e59398da94066f9079e5638223920a558f7d15e0d9d8b0
4b6bc4aa409dbce0aa11175dd00903cd39a74ae8d40631db45e3e9ebd6b5c975
50dc9e33cf4e660293368cf9b836f101295a13101cb6a825bb39350a2b1f65ce
581d8ec90806ff9e2a6bc55df3d6902e30517601100b1f67ac61a7f99d849a17
6a2cfb7e61dd09d77526fd314b256894094f96e3a6f3149d9f8000c1132ef4b8
7009e22106598287cb288494b4e08628562bde6608eba3cfddafb101219d0083
7357749296451ad39aeda82a867f139f2433182a9abfb53a9b463c3039457347
76666ee7d0d9c862fb84cbd129ac1b056a57c78203eaa3f9338f5c76715a2aa2
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
80e915e1df7f16630d1248cecd597233678d0164945e2b13fb545b3134c88172
83efe78852be88305f27628e78bd287dc36bfffb53bb941661f6916a1e99344d
8b1f753342022212b98a481ef65aabce4fc31b9659741e4b6fcf3810b256d3d2
a2360f05aaa5110f0891046d08ab93ee8bfd6249debd8d8c1d173eac2dd5e172
a32af4379a57c161494c710d09a2826915502daa6899747ad29380a442fa8949
abaaeb1cdd1b958f3c642bbf7f1c2c4892452bbaba3345350369fd1964d38fda
bcdb07b8708ff3b2c04bf8e0b1dd59e152f951aae733290eacaaf879de94e102
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
f6dc854b4f57c08e4da477ebabe58af8be8fd1eb1b317d88671d0d3965612a04

lp.gamega.me Open in urlscan Pro 185.49.222.99 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

40 Requests

78 %HTTPS

0 %IPv6

29 Domains

30 Subdomains

13 IPs

7 Countries

753 kBTransfer

949 kBSize

19 Cookies

0 Outgoing links

Page URL History

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

lp.gamega.me Open in urlscan Pro
185.49.222.99 Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

78 %
HTTPS

0 %
IPv6

29
Domains

30
Subdomains

13
IPs

7
Countries

753 kB
Transfer

949 kB
Size

19
Cookies

40 HTTP transactions
1 data transactions