Submitted URL: http://cherub.nanoseller.ru/out.php?/favicon.ico
Effective URL: https://twinrdsyte.com/Redirect.eng?MediaSegmentId=63465&dcid=3_ctx_3ca65c61-cef9-4d08-a202-5946d96684cf&vmId=00000000-...
Submission: On December 17 via api from US — Scanned from CA

Summary

This website contacted 5 IPs in 5 countries across 8 domains to perform 8 HTTP transactions. The main IP is 104.18.8.218, located in and belongs to CLOUDFLARENET, US. The main domain is twinrdsyte.com. The Cisco Umbrella rank of the primary domain is 64826.
TLS certificate: Issued by WE1 on November 11th 2024. Valid for: 3 months.
This is the only time twinrdsyte.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 82.118.16.93 21100 (ITLDC-EU ...)
1 1 213.174.157.83 39572 (ADVANCEDH...)
2 104.21.0.238 13335 (CLOUDFLAR...)
1 2 94.130.197.239 24940 (HETZNER-A...)
2 2 62.122.168.43 50245 (SERVEREL-...)
3 31.220.27.154 39572 (ADVANCEDH...)
1 2 104.18.8.218 13335 (CLOUDFLAR...)
8 5
Apex Domain
Subdomains
Transfer
3 kaminari.systems
kaminari.systems — Cisco Umbrella Rank: 79048
21 KB
2 twinrdsyte.com
twinrdsyte.com — Cisco Umbrella Rank: 64826
7 KB
2 popdemission.com
popdemission.com — Cisco Umbrella Rank: 105819
755 B
2 crockadilla.com
crockadilla.com — Cisco Umbrella Rank: 354605
2 KB
2 trafget.com
pop.trafget.com
2 KB
1 tsyndicate.com
tsyndicate.com — Cisco Umbrella Rank: 8507
600 B
1 nanoseller.ru
cherub.nanoseller.ru
386 B
0 chaturbate.com Failed
chaturbate.com — Cisco Umbrella Rank: 18476 Failed
8 8
Domain Requested by
3 kaminari.systems crockadilla.com
kaminari.systems
2 twinrdsyte.com 1 redirects kaminari.systems
2 popdemission.com 2 redirects
2 crockadilla.com 1 redirects
2 pop.trafget.com
1 tsyndicate.com 1 redirects
1 cherub.nanoseller.ru 1 redirects
0 chaturbate.com Failed twinrdsyte.com
8 8

This site contains no links.

Subject Issuer Validity Valid
trafget.com
WE1
2024-11-28 -
2025-02-26
3 months crt.sh
popunder.infrapu.sh
R11
2024-12-03 -
2025-03-03
3 months crt.sh
kaminari.systems
E6
2024-10-10 -
2025-01-08
3 months crt.sh
twinrdsyte.com
WE1
2024-11-11 -
2025-02-09
3 months crt.sh

This page contains 1 frames:

Frame: https://chaturbate.com/ellaa91/?campaign=KzlTO&disable_sound=0&join_overlay=1&tour=OgA6
Frame ID: 300AE714461719A51D0378477A0F2005
Requests: 8 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://cherub.nanoseller.ru/out.php?/favicon.ico HTTP 307
    https://cherub.nanoseller.ru/out.php?/favicon.ico HTTP 307
    http://cherub.nanoseller.ru/out.php?/favicon.ico HTTP 302
    http://tsyndicate.com/api/v1/direct/cf2385535f8f403fa450e7faf5f1ceb3?extid={extid} HTTP 307
    https://tsyndicate.com/api/v1/direct/cf2385535f8f403fa450e7faf5f1ceb3?extid={extid} HTTP 302
    https://pop.trafget.com/ppa.php Page URL
  2. https://crockadilla.com/get/?spot_id=1426579&cat=25&subid=1147263051 Page URL
  3. https://crockadilla.com/popunder/in/click/?mid=4532187797855183599&pid=0&site=&sc=CA&usage_type=DCH&... HTTP 302
    https://popdemission.com/in/849/?source=1147263051&site_id=&utm1=&utm2=&utm3=&utm4=&idzone=&spot_id=1... HTTP 302
    https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fi... Page URL
  4. https://popdemission.com/in/849/?source=1147263051&spot_id=299762&p=https%3A%2F%2Fgloporn.com%2F HTTP 302
    https://twinrdsyte.com/link.engine?z=61806&guid=ef4d72a6-6976-4158-afbd-cbd1265894c6&tid=1147263051... HTTP 302
    https://twinrdsyte.com/Redirect.eng?MediaSegmentId=63465&dcid=3_ctx_3ca65c61-cef9-4d08-a202-5946d96... Page URL

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

8
Domains

8
Subdomains

5
IPs

5
Countries

27 kB
Transfer

52 kB
Size

45
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cherub.nanoseller.ru/out.php?/favicon.ico HTTP 307
    https://cherub.nanoseller.ru/out.php?/favicon.ico HTTP 307
    http://cherub.nanoseller.ru/out.php?/favicon.ico HTTP 302
    http://tsyndicate.com/api/v1/direct/cf2385535f8f403fa450e7faf5f1ceb3?extid={extid} HTTP 307
    https://tsyndicate.com/api/v1/direct/cf2385535f8f403fa450e7faf5f1ceb3?extid={extid} HTTP 302
    https://pop.trafget.com/ppa.php Page URL
  2. https://crockadilla.com/get/?spot_id=1426579&cat=25&subid=1147263051 Page URL
  3. https://crockadilla.com/popunder/in/click/?mid=4532187797855183599&pid=0&site=&sc=CA&usage_type=DCH&subid=1147263051&sid=0&cid=0&price=0&is_cpm=1&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=pop.trafget.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=1426579&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=149.88.16.228&testab=0&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.351484&placement_type_id=7&skin_test=&verify_hash=dd8e5d8597facf4cecb83b17e09abfe7&score=75.22518707040318&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&v2=0&pop_type=0&space_id=0&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.351484&url=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26site_id%3D%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26idzone%3D%26spot_id%3D1426579%26mo%3D%26ve%3D%26ad_tags%3D%26p%3Dhttps%253A%252F%252Fpop.trafget.com%252F%26sid%3D0%26katds_labels%3D%26is_iframe%3D0%26btype%3D0%26score%3D75.22518707040318%26bf%3D0.351484%26iabcat%3DIAB25%26allowed_labels%3D&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=2&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=0&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&direct_client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=America/Toronto&offer_label_ids=&client_payment_model=&auction_time=1734452921&is_in_app=0&delivery_method=js_redirect&mediation_ecpm=0&service_spot_id=0&user_keywords=&keywords= HTTP 302
    https://popdemission.com/in/849/?source=1147263051&site_id=&utm1=&utm2=&utm3=&utm4=&idzone=&spot_id=1426579&mo=&ve=&ad_tags=&p=https%3A%2F%2Fpop.trafget.com%2F&sid=0&katds_labels=&is_iframe=0&btype=0&score=75.22518707040318&bf=0.351484&iabcat=IAB25&allowed_labels= HTTP 302
    https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F Page URL
  4. https://popdemission.com/in/849/?source=1147263051&spot_id=299762&p=https%3A%2F%2Fgloporn.com%2F HTTP 302
    https://twinrdsyte.com/link.engine?z=61806&guid=ef4d72a6-6976-4158-afbd-cbd1265894c6&tid=1147263051&kw= HTTP 302
    https://twinrdsyte.com/Redirect.eng?MediaSegmentId=63465&dcid=3_ctx_3ca65c61-cef9-4d08-a202-5946d96684cf&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=4BM76a07QfPesqafoXxvkzk56MRgj3S_0Xh1CjmSL_0MlDYxr7LIF2fByFmcdzUWPsK_GCD7zARwydv6LRvjzBQaWZ-xZhSTVCKkwQsfKk6NZOLe0YdaRUKC0DVS05IOoxzhfxZIl-ddAuEa5y5JCri7J22xWqlm2ix9lxadJg1qrZ4e_0nry9Nv7Bkc9J9QSNjMR1vWhPtZDt7kambbIL7UoNRbK9-CAs3cvrpSDvzZniqdusST1dxnfvW4mmbo66SvNUyudqob131RIwjh1WDOanAl5jmiZykaEHzZ7lElk6ylMB3wUUsMTR0x4P_AWOfCcACRgjtM2WY9-8D6gUpkAy_jJ0db6z0SSmHhXNf8K-iKwk6G7b5LL0iQ8cwEXHrGpkjUh6Dwu4FFNnm0NWHzVIuANv8qyQStE5n1BS3-YdCVoay4b0SSBnhXo3Vrp1qhWa43TfIbZSbsP4nnsZSVogbPHj_AXR7r03gxgII9qqgmPCOC6bW53X_e7FgZjzanRO0NeXw_oqYAFU-tPUB2GajNRgLiBLyKkt6ttVN7L4E4B3ZF6CaIbNVqelnCBSIHYL9RV1SKSUGSWFTAWYyRQwCeHaNz0rIG2XO0jdSghYHZC2HDrz_s8LXxdBfAiGifylySl8tA1WTu5d1cpoOXfG_PXPna45X055vlqSbLz6gmw-pTZNyVc5JQcFA2OGhhlY4sBAzIjxQ0VMam_ZyjcY6fOjwRjPkQESPDwxnuKcYEAVDBVowaBnOFc_boWZnmdtgNncaaimalohQePqVkC-HWEYpdWTtEpNN0IASdCQwhsRwpHrtn_cJO8eYTJY-Nue5TH3sZQ6YFZZyIjPYnUUqdFoU8f8f0R9kFoCQwSVZsX0_mnZGIcsaAdRfNfdOBMthkLkDJLj5vmdoQGiKkjS-N4PomBxupzts68KQIhz3rgRgD9f3D2pHFjcFjhComqX95MXXxBPjvWvFt64eJoHzqp1x7uVLNdlyASNL2j-P9SZ6FCh4u_ZOQ1XeIaZlknoqvT-flx4ddolzKjA2&kw=&mw=1024&mh=768&at= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://cherub.nanoseller.ru/out.php?/favicon.ico HTTP 307
  • https://cherub.nanoseller.ru/out.php?/favicon.ico HTTP 307
  • http://cherub.nanoseller.ru/out.php?/favicon.ico HTTP 302
  • http://tsyndicate.com/api/v1/direct/cf2385535f8f403fa450e7faf5f1ceb3?extid={extid} HTTP 307
  • https://tsyndicate.com/api/v1/direct/cf2385535f8f403fa450e7faf5f1ceb3?extid={extid} HTTP 302
  • https://pop.trafget.com/ppa.php
Request Chain 3
  • https://crockadilla.com/popunder/in/click/?mid=4532187797855183599&pid=0&site=&sc=CA&usage_type=DCH&subid=1147263051&sid=0&cid=0&price=0&is_cpm=1&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=pop.trafget.com&hostname=auc-popunder-hz-2&site_id=0&spot_id=1426579&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=149.88.16.228&testab=0&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.351484&placement_type_id=7&skin_test=&verify_hash=dd8e5d8597facf4cecb83b17e09abfe7&score=75.22518707040318&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&v2=0&pop_type=0&space_id=0&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.351484&url=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26site_id%3D%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26idzone%3D%26spot_id%3D1426579%26mo%3D%26ve%3D%26ad_tags%3D%26p%3Dhttps%253A%252F%252Fpop.trafget.com%252F%26sid%3D0%26katds_labels%3D%26is_iframe%3D0%26btype%3D0%26score%3D75.22518707040318%26bf%3D0.351484%26iabcat%3DIAB25%26allowed_labels%3D&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=2&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=0&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&direct_client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=America/Toronto&offer_label_ids=&client_payment_model=&auction_time=1734452921&is_in_app=0&delivery_method=js_redirect&mediation_ecpm=0&service_spot_id=0&user_keywords=&keywords= HTTP 302
  • https://popdemission.com/in/849/?source=1147263051&site_id=&utm1=&utm2=&utm3=&utm4=&idzone=&spot_id=1426579&mo=&ve=&ad_tags=&p=https%3A%2F%2Fpop.trafget.com%2F&sid=0&katds_labels=&is_iframe=0&btype=0&score=75.22518707040318&bf=0.351484&iabcat=IAB25&allowed_labels= HTTP 302
  • https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F
Request Chain 6
  • https://chaturbate.com/in/?tour=OgA6&campaign=KzlTO&track=twinred_ca_popunder_desktop HTTP 302
  • https://chaturbate.com/toproom/female/?join_overlay=1&campaign=KzlTO&tour=OgA6&disable_sound=0 HTTP 302
  • https://chaturbate.com/ellaa91/?campaign=KzlTO&disable_sound=0&join_overlay=1&tour=OgA6

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
ppa.php
pop.trafget.com/
Redirect Chain
  • http://cherub.nanoseller.ru/out.php?/favicon.ico
  • https://cherub.nanoseller.ru/out.php?/favicon.ico
  • http://cherub.nanoseller.ru/out.php?/favicon.ico
  • http://tsyndicate.com/api/v1/direct/cf2385535f8f403fa450e7faf5f1ceb3?extid={extid}
  • https://tsyndicate.com/api/v1/direct/cf2385535f8f403fa450e7faf5f1ceb3?extid={extid}
  • https://pop.trafget.com/ppa.php
114 B
731 B
Document
General
Full URL
https://pop.trafget.com/ppa.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.21.0.238 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33 PleskLin
Resource Hash
91871e5a2067841a8aa73708003b5a290dedd8314a9342ee2f842a89f523c208

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8f38499f1e7a3533-WAW
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Tue, 17 Dec 2024 16:28:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MNf7QqECCnxLs75Q4xfjGKvWeN4mllb%2BRzBZY59p%2BUdrF1nHdf83sgHipWJfXhKUshkjUkyfBxQ034IFxqDzCwoMcL3xKsnflp1hsZWb3ZALGaj1serGKJJvYsS6xcDfd3Q%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=134389&min_rtt=134163&rtt_var=28481&sent=9&recv=10&lost=0&retrans=0&sent_bytes=3397&recv_bytes=2336&delivery_rate=29395&cwnd=33&unsent_bytes=0&cid=e5f0fceb14cdb560&ts=248&x=0"
vary
accept-encoding
x-powered-by
PHP/7.4.33 PleskLin

Redirect headers

cache-control
no-cache, no-store, no-transform, must-revalidate no-transform
content-length
0
date
Tue, 17 Dec 2024 16:28:39 GMT
expires
0
location
https://pop.trafget.com/ppa.php
pragma
no-cache
report-to
{ "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
server
nginx
vary
*
x-robots-tag
none noindex, nofollow
/
crockadilla.com/get/
2 KB
1 KB
Document
General
Full URL
https://crockadilla.com/get/?spot_id=1426579&cat=25&subid=1147263051
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.130.197.239 Bendorf, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
static.239.197.130.94.clients.your-server.de
Software
nginx/1.16.0 /
Resource Hash
1a70b421ee88f95adb5845ad0a5375f3b3ad0af88ac8a0fa83713b6c961a4277

Request headers

Referer
https://pop.trafget.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
text/html
date
Tue, 17 Dec 2024 16:28:41 GMT
pragma
no-cache
server
nginx/1.16.0
vary
Origin
favicon.ico
pop.trafget.com/
808 B
943 B
Other
General
Full URL
https://pop.trafget.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.21.0.238 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pop.trafget.com/ppa.php

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
EXPIRED
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6wu%2BfaIiy%2BIHMRP0gSPcIIDB7CHJGCXwK7OLFECb1ldHA%2FJlIOU5waBhe1Tf8Hqde6jNc%2FrUU9bKJJ%2BFNSi4t2uTRJn1q9AgkDVptaU2YxaVAFAxng7YOmOcWb8qvgDApsU%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f3849a18a5b3533-WAW
server-timing
cfL4;desc="?proto=TCP&rtt=134464&min_rtt=134000&rtt_var=7010&sent=15&recv=17&lost=0&retrans=1&sent_bytes=4473&recv_bytes=2543&delivery_rate=30755&cwnd=35&unsent_bytes=0&cid=e5f0fceb14cdb560&ts=649&x=0"
date
Tue, 17 Dec 2024 16:28:40 GMT
content-type
text/html
last-modified
Wed, 04 Dec 2024 13:19:28 GMT
server
cloudflare
vary
Accept-Encoding
click
kaminari.systems/v1/
Redirect Chain
  • https://crockadilla.com/popunder/in/click/?mid=4532187797855183599&pid=0&site=&sc=CA&usage_type=DCH&subid=1147263051&sid=0&cid=0&price=0&is_cpm=1&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c...
  • https://popdemission.com/in/849/?source=1147263051&site_id=&utm1=&utm2=&utm3=&utm4=&idzone=&spot_id=1426579&mo=&ve=&ad_tags=&p=https%3A%2F%2Fpop.trafget.com%2F&sid=0&katds_labels=&is_iframe=0&btype...
  • https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F
49 KB
20 KB
Document
General
Full URL
https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F
Requested by
Host: crockadilla.com
URL: https://crockadilla.com/get/?spot_id=1426579&cat=25&subid=1147263051
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.220.27.154 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash
62be01cb140c6cca55bb53024dd4b5fba8261223a0e4b70dd82f670a5be25304

Request headers

Referer
https://crockadilla.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Width, Viewport-Width, DPR, Device-Memory, Downlink, RTT, ECT, Save-Data, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-headers
X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 17 Dec 2024 16:28:43 GMT
server
nginx
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 17 Dec 2024 16:28:42 GMT
location
https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F
pragma
no-cache
server
nginx/1.20.1
vary
*
check
kaminari.systems/v2/
22 B
295 B
Fetch
General
Full URL
https://kaminari.systems/v2/check
Requested by
Host: kaminari.systems
URL: https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.220.27.154 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
rtt
100
downlink
9

Response headers

content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://kaminari.systems
date
Tue, 17 Dec 2024 16:28:43 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx
access-control-allow-headers
X-Requested-With, Cache-Control, Content-Type
favicon.ico
kaminari.systems/
318 B
451 B
Other
General
Full URL
https://kaminari.systems/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.220.27.154 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
rtt
100
downlink
9

Response headers

accept-ranges
bytes
content-length
318
date
Tue, 17 Dec 2024 16:28:43 GMT
etag
"675713b6-13e"
content-type
image/x-icon
last-modified
Mon, 09 Dec 2024 15:58:46 GMT
server
nginx
Primary Request Redirect.eng
twinrdsyte.com/
Redirect Chain
  • https://popdemission.com/in/849/?source=1147263051&spot_id=299762&p=https%3A%2F%2Fgloporn.com%2F
  • https://twinrdsyte.com/link.engine?z=61806&guid=ef4d72a6-6976-4158-afbd-cbd1265894c6&tid=1147263051&kw=
  • https://twinrdsyte.com/Redirect.eng?MediaSegmentId=63465&dcid=3_ctx_3ca65c61-cef9-4d08-a202-5946d96684cf&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=4BM76a07QfPesqafoXxvkz...
231 B
3 KB
Document
General
Full URL
https://twinrdsyte.com/Redirect.eng?MediaSegmentId=63465&dcid=3_ctx_3ca65c61-cef9-4d08-a202-5946d96684cf&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=4BM76a07QfPesqafoXxvkzk56MRgj3S_0Xh1CjmSL_0MlDYxr7LIF2fByFmcdzUWPsK_GCD7zARwydv6LRvjzBQaWZ-xZhSTVCKkwQsfKk6NZOLe0YdaRUKC0DVS05IOoxzhfxZIl-ddAuEa5y5JCri7J22xWqlm2ix9lxadJg1qrZ4e_0nry9Nv7Bkc9J9QSNjMR1vWhPtZDt7kambbIL7UoNRbK9-CAs3cvrpSDvzZniqdusST1dxnfvW4mmbo66SvNUyudqob131RIwjh1WDOanAl5jmiZykaEHzZ7lElk6ylMB3wUUsMTR0x4P_AWOfCcACRgjtM2WY9-8D6gUpkAy_jJ0db6z0SSmHhXNf8K-iKwk6G7b5LL0iQ8cwEXHrGpkjUh6Dwu4FFNnm0NWHzVIuANv8qyQStE5n1BS3-YdCVoay4b0SSBnhXo3Vrp1qhWa43TfIbZSbsP4nnsZSVogbPHj_AXR7r03gxgII9qqgmPCOC6bW53X_e7FgZjzanRO0NeXw_oqYAFU-tPUB2GajNRgLiBLyKkt6ttVN7L4E4B3ZF6CaIbNVqelnCBSIHYL9RV1SKSUGSWFTAWYyRQwCeHaNz0rIG2XO0jdSghYHZC2HDrz_s8LXxdBfAiGifylySl8tA1WTu5d1cpoOXfG_PXPna45X055vlqSbLz6gmw-pTZNyVc5JQcFA2OGhhlY4sBAzIjxQ0VMam_ZyjcY6fOjwRjPkQESPDwxnuKcYEAVDBVowaBnOFc_boWZnmdtgNncaaimalohQePqVkC-HWEYpdWTtEpNN0IASdCQwhsRwpHrtn_cJO8eYTJY-Nue5TH3sZQ6YFZZyIjPYnUUqdFoU8f8f0R9kFoCQwSVZsX0_mnZGIcsaAdRfNfdOBMthkLkDJLj5vmdoQGiKkjS-N4PomBxupzts68KQIhz3rgRgD9f3D2pHFjcFjhComqX95MXXxBPjvWvFt64eJoHzqp1x7uVLNdlyASNL2j-P9SZ6FCh4u_ZOQ1XeIaZlknoqvT-flx4ddolzKjA2&kw=&mw=1024&mh=768&at=
Requested by
Host: kaminari.systems
URL: https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.8.218 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7ee1d3ea7aa371b22a5f86a2e830869ef70bc4fd59965a263a7757e60fca00e

Request headers

Referer
https://kaminari.systems/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
private, no-transform
cf-cache-status
DYNAMIC
cf-ray
8f3849bd6db9ac8a-YYZ
content-length
231
content-type
text/html; charset=utf-8
date
Tue, 17 Dec 2024 16:28:45 GMT
p3p
CP="CAO PSA OUR IND"
priority
u=0,i
server
cloudflare
server-timing
cfExtPri

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
private, no-transform
cf-cache-status
DYNAMIC
cf-ray
8f3849ba7a3eac8a-YYZ
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 17 Dec 2024 16:28:44 GMT
location
https://twinrdsyte.com/Redirect.eng?MediaSegmentId=63465&dcid=3_ctx_3ca65c61-cef9-4d08-a202-5946d96684cf&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=4BM76a07QfPesqafoXxvkzk56MRgj3S_0Xh1CjmSL_0MlDYxr7LIF2fByFmcdzUWPsK_GCD7zARwydv6LRvjzBQaWZ-xZhSTVCKkwQsfKk6NZOLe0YdaRUKC0DVS05IOoxzhfxZIl-ddAuEa5y5JCri7J22xWqlm2ix9lxadJg1qrZ4e_0nry9Nv7Bkc9J9QSNjMR1vWhPtZDt7kambbIL7UoNRbK9-CAs3cvrpSDvzZniqdusST1dxnfvW4mmbo66SvNUyudqob131RIwjh1WDOanAl5jmiZykaEHzZ7lElk6ylMB3wUUsMTR0x4P_AWOfCcACRgjtM2WY9-8D6gUpkAy_jJ0db6z0SSmHhXNf8K-iKwk6G7b5LL0iQ8cwEXHrGpkjUh6Dwu4FFNnm0NWHzVIuANv8qyQStE5n1BS3-YdCVoay4b0SSBnhXo3Vrp1qhWa43TfIbZSbsP4nnsZSVogbPHj_AXR7r03gxgII9qqgmPCOC6bW53X_e7FgZjzanRO0NeXw_oqYAFU-tPUB2GajNRgLiBLyKkt6ttVN7L4E4B3ZF6CaIbNVqelnCBSIHYL9RV1SKSUGSWFTAWYyRQwCeHaNz0rIG2XO0jdSghYHZC2HDrz_s8LXxdBfAiGifylySl8tA1WTu5d1cpoOXfG_PXPna45X055vlqSbLz6gmw-pTZNyVc5JQcFA2OGhhlY4sBAzIjxQ0VMam_ZyjcY6fOjwRjPkQESPDwxnuKcYEAVDBVowaBnOFc_boWZnmdtgNncaaimalohQePqVkC-HWEYpdWTtEpNN0IASdCQwhsRwpHrtn_cJO8eYTJY-Nue5TH3sZQ6YFZZyIjPYnUUqdFoU8f8f0R9kFoCQwSVZsX0_mnZGIcsaAdRfNfdOBMthkLkDJLj5vmdoQGiKkjS-N4PomBxupzts68KQIhz3rgRgD9f3D2pHFjcFjhComqX95MXXxBPjvWvFt64eJoHzqp1x7uVLNdlyASNL2j-P9SZ6FCh4u_ZOQ1XeIaZlknoqvT-flx4ddolzKjA2&kw=&mw=1024&mh=768&at=
p3p
CP="CAO PSA OUR IND"
priority
u=0,i
server
cloudflare
server-timing
cfExtPri
vary
Accept-Encoding
/
chaturbate.com/ellaa91/
Redirect Chain
  • https://chaturbate.com/in/?tour=OgA6&campaign=KzlTO&track=twinred_ca_popunder_desktop
  • https://chaturbate.com/toproom/female/?join_overlay=1&campaign=KzlTO&tour=OgA6&disable_sound=0
  • https://chaturbate.com/ellaa91/?campaign=KzlTO&disable_sound=0&join_overlay=1&tour=OgA6
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
chaturbate.com
URL
https://chaturbate.com/ellaa91/?campaign=KzlTO&disable_sound=0&join_overlay=1&tour=OgA6

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Domain/Path Name / Value
cherub.nanoseller.ru/ Name: 24239
Value: bm9yZWZ8fHwwfDF8MHxub25lfDA6
.tsyndicate.com/ Name: ts_last_click_id
Value: W1bo7S9Dzu-XNAYLFMySD3A1_E7WVaFA2n97f4rAq17UY4zYMqqU8gc5hTHg9tdtcvdDp_OpmDXludP5pn7J2RQQtyvm5vMerLng_gUIDRUi
.tsyndicate.com/ Name: cookie_user_id
Value: a549453a-8a11-479c-bca5-bc156949ff54
popdemission.com/ Name: 849.0
Value: 1
popdemission.com/ Name: 1622.0
Value: 1
popdemission.com/ Name: 2672.0
Value: 1
twinrdsyte.com/ Name: IKSR
Value: {}
twinrdsyte.com/ Name: INF_DFL8
Value: false
twinrdsyte.com/ Name: IUID
Value: 5a4f4830-154e-46c1-87d7-b4a61bf4b59a
twinrdsyte.com/ Name: ISSH
Value: 7810FC
twinrdsyte.com/ Name: CHN
Value: #[]
twinrdsyte.com/ Name: MSRH
Value: #{}
twinrdsyte.com/ Name: ILP
Value: null
twinrdsyte.com/ Name: ILPLU
Value: #1/1/0001 12:00:00 AM
twinrdsyte.com/ Name: ILEALC
Value: #1/1/0001 12:00:00 AM
twinrdsyte.com/ Name: ILMPF
Value: #False
twinrdsyte.com/ Name: IPMPLU
Value: #1/1/0001 12:00:00 AM
twinrdsyte.com/ Name: IPMUID
Value: #
twinrdsyte.com/ Name: BSWUID
Value: #
twinrdsyte.com/ Name: IBL
Value: #[]
twinrdsyte.com/ Name: IOPT
Value: #[]
twinrdsyte.com/ Name: IPLSH
Value: #{}
twinrdsyte.com/ Name: IPLSH_Q
Value: #[]
twinrdsyte.com/ Name: IMCH
Value: #{}
twinrdsyte.com/ Name: IMCH_Q
Value: #[]
twinrdsyte.com/ Name: ISH
Value: #{"15083":[{"SId":"7810FC","D":"24/12/17T8:28:44"}]}
twinrdsyte.com/ Name: ISH_Q
Value: #[15083]
twinrdsyte.com/ Name: VMI
Value: 00000000-0000-0000-0000-000000000000
twinrdsyte.com/ Name: IPLH
Value: #{"84922":[{"SId":"7810FC","D":"24/12/17T8:28:45"}]}
twinrdsyte.com/ Name: IPLH_Q
Value: #[84922]
twinrdsyte.com/ Name: MSSH
Value: #{"63465":1}
twinrdsyte.com/ Name: IZH
Value: #{"61806":[{"SId":"7810FC","D":"24/12/17T8:28:45"}]}
twinrdsyte.com/ Name: IZH_Q
Value: #[61806]
twinrdsyte.com/ Name: IMH
Value: #{"110008":[{"SId":"7810FC","D":"24/12/17T8:28:45"}]}
twinrdsyte.com/ Name: IMH_Q
Value: #[110008]
twinrdsyte.com/ Name: ISPH
Value: #{"15083":[{"SId":"7810FC","D":"24/12/17T8:28:45"}]}
twinrdsyte.com/ Name: ISPH_Q
Value: #[15083]
twinrdsyte.com/ Name: ICH
Value: #{"47362":[{"SId":"7810FC","D":"24/12/17T8:28:45"}]}
twinrdsyte.com/ Name: ICH_Q
Value: #[47362]
.chaturbate.com/ Name: affkey
Value: "eJx9kD8PgjAUxL9K06ULiDSI2s3ZgcWdEMq/INCUZ4gSvru9bibq1Lt7l75fu3LiivGsuaQ8YLwcDOz1db9l8GR7eFq60VY6L4vcTOYx6srmupp7mgxaFp2WyMwqinxXz0+qduU0RJgXdY3G2DUttcXSS3k6I/e7JNTcaWhIL+ReJmEsw/jI4lTJk0oOmNUedhUkFBNgFgETxhnpTncHYkQOG/IPNloOC60PLOTuE5D7T4C3cD+eh7lf+4VYbHx7A2UIYyU="
chaturbate.com/ Name: u_OgA6
Value: 1
chaturbate.com/ Name: us_OgA6
Value: 1
.chaturbate.com/ Name: fromaffiliate
Value: 1
.chaturbate.com/ Name: sbr
Value: sec:sbr5515a801-79b8-49a4-8477-e5f7f9233912:1tNaRB:gaqqhYj9s32ty0G2ykIRq5TOMdWPdm4l2SaxXF2SGwU
.chaturbate.com/ Name: __cf_bm
Value: 5L07PR1J3KcwnxVvDlPighwDye4c2kNxI7mtc7_t23w-1734452925-1.0.1.1-7xP0EhepqNpuud9J6wh0b_MCBZkceHrwGt3SJalyAR10Jv2ZgrFBgW.4woUypBPkUdKwH1LhseSoCdej5oCXHg

3 Console Messages

Source Level URL
Text
network error URL: https://pop.trafget.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
rendering warning URL: https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F(Line 47)
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A01059097C0A0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
security warning URL: https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=1426579&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D1147263051%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F(Line 12)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.