k9j5t5p4.ssl.hwcdn.net Open in urlscan Pro
69.16.175.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://fabstylish.co.uk/4xd2.jsw?dkFhMkcc3PPjcyclkcccvGdgc7Lnqdv2ncbbb3w
Effective URL:
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=tx-6Bt-kovZSzmio-swkoY_KKAPr71X4aNBlCctkT5uFtz3CNbAjZPLzUoJPr5yhFW-NBNOcTuw...
Submission: On October 19 via api (October 19th 2022, 1:28:30 pm UTC) from BE — Scanned from DE

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 5 countries across 12 domains to perform 28 HTTP transactions. The main IP is 69.16.175.42, located in United States and belongs to STACKPATH-CDN, US. The main domain is k9j5t5p4.ssl.hwcdn.net.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 22nd 2021. Valid for: a year.

This is the only time k9j5t5p4.ssl.hwcdn.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	23.229.68.112 23.229.68.112	55286 (SERVER-MANIA) (SERVER-MANIA)
1	45.91.248.67 45.91.248.67	64249 (ENDOFFICE) (ENDOFFICE)
5	2606:4700:303... 2606:4700:3032::6815:1cae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:303... 2606:4700:3030::ac43:bfdd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	65.60.58.179 65.60.58.179	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
6 9	51.68.82.147 51.68.82.147	16276 (OVH) (OVH)
2 2	34.147.1.177 34.147.1.177	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	94.237.103.119 94.237.103.119	202053 (UPCLOUD) (UPCLOUD)
1 1	18.156.93.177 18.156.93.177	16509 (AMAZON-02) (AMAZON-02)
2	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
28	9

1 23.229.68.112 (Buffalo, United States) 1 redirects

ASN55286 (SERVER-MANIA, CA)
PTR: rv.devolocpl.com

fabstylish.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.91.248.67 (Boston, United States)

ASN64249 (ENDOFFICE, US)

nineteendrunk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3032::6815:1cae (United States)

ASN13335 (CLOUDFLARENET, US)

lynku.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zring.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3030::ac43:bfdd (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 65.60.58.179 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

otto.sherlowcke.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 51.68.82.147 (France) 6 redirects

ASN16276 (OVH, FR)

www.wewillserv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.147.1.177 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 177.1.147.34.bc.googleusercontent.com

admoustache.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

myofferplus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

t.bl-easycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.237.103.119 (Finland)

ASN202053 (UPCLOUD, FI)
PTR: 94-237-103-119.de-fra1.upcloud.host

1d6c9396fa1.777offers.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.93.177 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-93-177.eu-central-1.compute.amazonaws.com

optiestrycended.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

k9j5t5p4.ssl.hwcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	wewillserv.com 6 redirects www.wewillserv.com	18 KB
9	sherlowcke.com otto.sherlowcke.com	21 KB
5	jukminung.com lynku.jukminung.com zring.jukminung.com	24 KB
4	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 400192	4 KB
2	hwcdn.net k9j5t5p4.ssl.hwcdn.net	12 KB
2	myofferplus.com myofferplus.com — Cisco Umbrella Rank: 745624	3 KB
2	go2affise.com 2 redirects admoustache.go2affise.com — Cisco Umbrella Rank: 591801	421 B
1	optiestrycended.com 1 redirects optiestrycended.com — Cisco Umbrella Rank: 620972	1 KB
1	777offers.net 1d6c9396fa1.777offers.net	1 KB
1	bl-easycdn.com t.bl-easycdn.com	9 KB
1	nineteendrunk.com nineteendrunk.com	450 B
1	fabstylish.co.uk 1 redirects fabstylish.co.uk	275 B
28	12

	Domain	Requested by
9	www.wewillserv.com	6 redirects otto.sherlowcke.com
9	otto.sherlowcke.com	lynku.jukminung.com otto.sherlowcke.com myofferplus.com
4	cdn.addlnk.com	lynku.jukminung.com myofferplus.com zring.jukminung.com
4	lynku.jukminung.com	nineteendrunk.com lynku.jukminung.com
2	k9j5t5p4.ssl.hwcdn.net	k9j5t5p4.ssl.hwcdn.net
2	myofferplus.com	www.wewillserv.com
2	admoustache.go2affise.com	2 redirects
1	optiestrycended.com	1 redirects
1	1d6c9396fa1.777offers.net	zring.jukminung.com
1	zring.jukminung.com	t.bl-easycdn.com
1	t.bl-easycdn.com	www.wewillserv.com
1	nineteendrunk.com
1	fabstylish.co.uk	1 redirects
28	13

This site contains no links.

Subject Issuer	Validity	Valid
nineteendrunk.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-30` - `2023-01-23`	a year	crt.sh
*.jukminung.com E1	`2022-09-19` - `2022-12-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
otto.sherlowcke.com R3	`2022-09-13` - `2022-12-12`	3 months	crt.sh
www.wewillserv.com R3	`2022-10-09` - `2023-01-07`	3 months	crt.sh
*.777offers.net R3	`2022-10-14` - `2023-01-12`	3 months	crt.sh
*.ssl.hwcdn.net Sectigo RSA Domain Validation Secure Server CA	`2021-12-22` - `2023-01-19`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=tx-6Bt-kovZSzmio-swkoY_KKAPr71X4aNBlCctkT5uFtz3CNbAjZPLzUoJPr5yhFW-NBNOcTuwyS-B9dwq5qv7Ygur72ZG8HLHidGMCfqn_z-zQHkWQPKNjGPOaTCXldkIeNhvLSi6vNu5lUQZzbZP__NK79wsiQPHhPzvM5qOBSNV4rjxrgPp2DFj37FsH1uEp9sHwu6C_5V6-KpyWyGa3rBBcY_SJSBOPbuvmosfayacjaY47aTqk9M7mY8e-_OUDraW5sN5bTZop-ZhWqAgm1VisimK0km3RPlm188nnISullHB7tkIdzOz4frweTFqMapU9QtpQteZyVPsL2FUz0tOWhpcEuDnmEvglRW_GJ2FtzQEyibVVfCBvk_1jmIzq0RAEdfPezb5_4ImuwQbPqX6Ii1T0F4aFqid3tn5Uky_POD8OnuTXSCnRLSYKv31i_oLSeQxKtDlGJ73t5Q&lptoken=16a066901840793506bc&c2=4379&c1=5wmcpvo893hrngst75vuo8ssk%2C16628570%2C5%2C4379
Frame ID: 798EEA24993260E79C58A78866C6717A
Requests: 25 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1666180800
Frame ID: F5ED6A4ACE98840C352BAB7F4692F55E
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Search To Win

Page URL History Show full URLs

http://fabstylish.co.uk/4xd2.jsw?dkFhMkcc3PPjcyclkcccvGdgc7Lnqdv2ncbbb3w HTTP 302
https://nineteendrunk.com/176465ed30136731000/1_185078_2674679/867_3490350_4043012_56/436181623_217-11... Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295296937&pubid=690415 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream... Page URL
https://otto.sherlowcke.com/?utm_term=7156214817156497437&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
https://otto.sherlowcke.com/proc.php?43868b5feaa497d191ae35393649f9a36cd51768 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website... Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website... HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website... HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330001e2acfed882a220aeadf3422be9... HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=634ffb77ee77b50001fa3299&pubid=503 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream... Page URL
https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
https://otto.sherlowcke.com/proc.php?0c08cb3b0782596c99042a3914f00deba8b70016 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website... Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website... HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website... HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330003895a3ac4ff226e46f508e641ed... HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=634ffb78398132000189d5b4&pubid=503 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream... Page URL
https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9... Page URL
https://otto.sherlowcke.com/proc.php?4b97ee216e4b6017f3efb30f46becd6b760bb0d9 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website... Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website... HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website... HTTP 302
https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=395110faaa1f81bcc29542a30... Page URL
https://zring.jukminung.com/rc/22e841bd3c?affclick=22101915_01_371812_cbbbf52280565&pubid=a371812s&affe=... Page URL
https://1d6c9396fa1.777offers.net//?p=4379&media_type=mainstream&sub_id=pubf19eb9acdb8c4b7cb9de5974791d61c1&pu... Page URL
https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=4379&c1=5wmcpvo893hrngst75vuo8ssk,16... HTTP 302
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=tx-6Bt-kovZSzmio-swkoY_KKAPr71X4aNBlCctkT5uFtz3CNbAjZPL... Page URL

Page Statistics

28
Requests

100 %
HTTPS

33 %
IPv6

12
Domains

13
Subdomains

9
IPs

5
Countries

91 kB
Transfer

175 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://fabstylish.co.uk/4xd2.jsw?dkFhMkcc3PPjcyclkcccvGdgc7Lnqdv2ncbbb3w HTTP 302
https://nineteendrunk.com/176465ed30136731000/1_185078_2674679/867_3490350_4043012_56/436181623_217-114-218-29 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295296937&pubid=690415 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=fbbb5665&cid=pubfb1dba8bd6044b9eaa3151529bf3bd35&2=690415 Page URL
https://otto.sherlowcke.com/?utm_term=7156214817156497437&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://otto.sherlowcke.com/proc.php?43868b5feaa497d191ae35393649f9a36cd51768 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=44a188f8fb351760c4a004e8bbbf0314&eyer=0.07227772024614132&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.07227772024614132&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330001e2acfed882a220aeadf3422be9baa441019-202210-flb*5467509-4538f*M7156214817156497437*sl_5467509-4538f*afb75af20c8c7025470745bfae4209c8a900b635*13260-0b0f7687-8a0addf3*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=634ffb77ee77b50001fa3299&pubid=503 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub1eb6dd91687441aa88d75d6f741b9328&2=503 Page URL
https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://otto.sherlowcke.com/proc.php?0c08cb3b0782596c99042a3914f00deba8b70016 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=27f1a136948b43582a1d5b615c8d2942&eyer=0.3670427108048726&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.3670427108048726&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330003895a3ac4ff226e46f508e641ed25e111019-202210-flb*5467509-4538f*M7156214821451464801*sl_5467509-4538f*a6f4d314221767a64d5e055647efea515860a2d5*13260-e8537fa9-1cf44765*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=634ffb78398132000189d5b4&pubid=503 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub1eb6dd91687441aa88d75d6f741b9328&2=503 Page URL
https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://otto.sherlowcke.com/proc.php?4b97ee216e4b6017f3efb30f46becd6b760bb0d9 Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=6f02131b66a059f9531838187a38a065&eyer=0.9796576402485115&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.9796576402485115&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=395110faaa1f81bcc29542a30b1438741019-202210-flb Page URL
https://zring.jukminung.com/rc/22e841bd3c?affclick=22101915_01_371812_cbbbf52280565&pubid=a371812s&affe=rdmfl Page URL
https://1d6c9396fa1.777offers.net//?p=4379&media_type=mainstream&sub_id=pubf19eb9acdb8c4b7cb9de5974791d61c1&pubid=a371812s&pi=a371812s Page URL
https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=4379&c1=5wmcpvo893hrngst75vuo8ssk,16628570,5,4379 HTTP 302
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=tx-6Bt-kovZSzmio-swkoY_KKAPr71X4aNBlCctkT5uFtz3CNbAjZPLzUoJPr5yhFW-NBNOcTuwyS-B9dwq5qv7Ygur72ZG8HLHidGMCfqn_z-zQHkWQPKNjGPOaTCXldkIeNhvLSi6vNu5lUQZzbZP__NK79wsiQPHhPzvM5qOBSNV4rjxrgPp2DFj37FsH1uEp9sHwu6C_5V6-KpyWyGa3rBBcY_SJSBOPbuvmosfayacjaY47aTqk9M7mY8e-_OUDraW5sN5bTZop-ZhWqAgm1VisimK0km3RPlm188nnISullHB7tkIdzOz4frweTFqMapU9QtpQteZyVPsL2FUz0tOWhpcEuDnmEvglRW_GJ2FtzQEyibVVfCBvk_1jmIzq0RAEdfPezb5_4ImuwQbPqX6Ii1T0F4aFqid3tn5Uky_POD8OnuTXSCnRLSYKv31i_oLSeQxKtDlGJ73t5Q&lptoken=16a066901840793506bc&c2=4379&c1=5wmcpvo893hrngst75vuo8ssk%2C16628570%2C5%2C4379 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://fabstylish.co.uk/4xd2.jsw?dkFhMkcc3PPjcyclkcccvGdgc7Lnqdv2ncbbb3w HTTP 302
https://nineteendrunk.com/176465ed30136731000/1_185078_2674679/867_3490350_4043012_56/436181623_217-114-218-29

Request Chain 10

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=44a188f8fb351760c4a004e8bbbf0314&eyer=0.07227772024614132&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.07227772024614132&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330001e2acfed882a220aeadf3422be9baa441019-202210-flb*5467509-4538f*M7156214817156497437*sl_5467509-4538f*afb75af20c8c7025470745bfae4209c8a900b635*13260-0b0f7687-8a0addf3*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=634ffb77ee77b50001fa3299&pubid=503

Request Chain 16

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=27f1a136948b43582a1d5b615c8d2942&eyer=0.3670427108048726&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.3670427108048726&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330003895a3ac4ff226e46f508e641ed25e111019-202210-flb*5467509-4538f*M7156214821451464801*sl_5467509-4538f*a6f4d314221767a64d5e055647efea515860a2d5*13260-e8537fa9-1cf44765*13260 HTTP 302
https://myofferplus.com/rc/a91581ead4?affclick=634ffb78398132000189d5b4&pubid=503

Request Chain 22

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=6f02131b66a059f9531838187a38a065&eyer=0.9796576402485115&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.9796576402485115&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=395110faaa1f81bcc29542a30b1438741019-202210-flb

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

436181623_217-114-218-29
nineteendrunk.com/176465ed30136731000/1_185078_2674679/867_3490350_4043012_56/
Redirect Chain

http://fabstylish.co.uk/4xd2.jsw?dkFhMkcc3PPjcyclkcccvGdgc7Lnqdv2ncbbb3w
https://nineteendrunk.com/176465ed30136731000/1_185078_2674679/867_3490350_4043012_56/436181623_217-114-218-29

137 B
450 B

1058ms
405ms

Document
text/html

45.91.248.67
ENDOFFICE

General

Check archive.org

Show headers Download Go to

Full URL: https://nineteendrunk.com/176465ed30136731000/1_185078_2674679/867_3490350_4043012_56/436181623_217-114-218-29
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.91.248.67 Boston, United States, ASN64249 (ENDOFFICE, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Length: 137
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Oct 2022 13:28:21 GMT
Server: Apache

Redirect headers

Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 19 Oct 2022 13:28:19 GMT
Location: https://nineteendrunk.com/176465ed30136731000/1_185078_2674679/867_3490350_4043012_56/436181623_217-114-218-29
Server: Apache

GET
H2 200 9e8aef8068 Show response
lynku.jukminung.com/rc/ 3 KB
2 KB 221ms
162ms Document
text/html 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295296937&pubid=690415
Requested by: Host: nineteendrunk.com
URL: https://nineteendrunk.com/176465ed30136731000/1_185078_2674679/867_3490350_4043012_56/436181623_217-114-218-29
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50dec66a246b9306f197cf1dce0710b92fd5f3dda5c4f024ab14690e29e4d002

Request headers

Referer: https://nineteendrunk.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 75c9db3eee2a9a2d-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 13:28:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2BoHDgzBJPF1xddRtkv7e0S8SuXbcLU1cXg9Mi06IJXgP38%2FZxakX2bY%2B3FIuXfe7cAxYXPmIwwdXkEumuYwmazXRz9UsIM9ydnWdTN6siIVKCTiUPe%2F6nyuVZVQCDC46N4vB5kG5GXAYkGw%2FuFjOkeL"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 100ms
36ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295296937&pubid=690415
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 13:28:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 4361
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FCq%2BJYAojHRDDNF80qlV0YuVxG5a6P4v6P%2Bnuu8mgO2snQ3RE09hHGJClux4G1q%2FdtYeYvNj7%2BBarO8RGSBkQGk6G1aAik%2FzYhmzTaqzi9MLEE9idM8r1wHPjhdoaeBskZn2gQ6GiVlo19nY%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 75c9db405f919219-FRA

GET
H2 200 invisible.js Show response
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame F5ED 36 KB
13 KB 66ms
66ms Script
application/javascript 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1666180800
Requested by: Host: nineteendrunk.com
URL: https://nineteendrunk.com/176465ed30136731000/1_185078_2674679/867_3490350_4043012_56/436181623_217-114-218-29
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e639d57b372dd223b46ea5382ca3dce27bf0faaf9a2fd51f634f9e1840017c30

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 13:28:21 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wT5uM5Bjv1rXWamhQWgcJSwqfcXfy7bcOTYeWurC611xGg%2BB2QOoyUs3A7IuTZBAmsBEDT3prmdHdPwmIFzKGeeZQSM71Q0UzeSrE6o2WIyrV6KQZytxb4Q0Yz%2BoAWZ3RpcL3TjTCZWMhfJgu8TdTWBn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 75c9db40aa859a2d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame F5ED 20 KB
7 KB 26ms
26ms Other
application/javascript 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 13:28:21 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z6oaKj%2FGm1zu7m08xs4uQgvp161%2BcVY2BeuT22nBjgk2NPXhvidC8bbrFoIVt6q5sCZ7Za584lKEWbOZBSgNEOWyCXDrLqiOylvlJL1VP8hoCJJkwAjSkRR09PjP4zSnJKM4RGtQmQNszQGEccFQvhMZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 75c9db41184abbfb-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 /
otto.sherlowcke.com/ 3 KB
2 KB 371ms
123ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=fbbb5665&cid=pubfb1dba8bd6044b9eaa3151529bf3bd35&2=690415

Requested by

Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1295296937&pubid=690415

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 19 Oct 2022 13:28:22 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://otto.sherlowcke.com/?utm_term=7156214817156497437&ver=4viyaptcjo
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

POST
H3 200 75c9db3eee2a9a2d
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame F5ED 2 B
658 B 42ms
42ms XHR
text/plain 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/cv/result/75c9db3eee2a9a2d
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1666180800
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 19 Oct 2022 13:28:22 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wi5wnikOmoDC%2FVKsr5FvKl7EEdUJhmzqOgp3mgbiomLabxTxBzn0oKGwvov%2BSUrNir5nZHQOhclpnjAw53iClKS2szgtyALU2Wj%2FyP4my%2BVTCfX6EA8NFEl4fFV1QMP19F3wZaIjwUXT%2BfjGUCiEtZV"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 75c9db432cbdbbfb-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
otto.sherlowcke.com/ 9 KB
3 KB 135ms
135ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_term=7156214817156497437&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=fbbb5665&cid=pubfb1dba8bd6044b9eaa3151529bf3bd35&2=690415

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

4700388c97852e81199138b08be15336e6841c26292e0d62ae29aad5b8908cf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=fbbb5665&cid=pubfb1dba8bd6044b9eaa3151529bf3bd35&2=690415
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 13:28:22 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 proc.php
otto.sherlowcke.com/ 4 KB
2 KB 158ms
158ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/proc.php?43868b5feaa497d191ae35393649f9a36cd51768

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_term=7156214817156497437&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_term=7156214817156497437&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 19 Oct 2022 13:28:22 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H/1.1 200
OK /
www.wewillserv.com/ 5 KB
5 KB 117ms
22ms Document
text/html 51.68.82.147
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Requested by: Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/proc.php?43868b5feaa497d191ae35393649f9a36cd51768
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.82.147 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://otto.sherlowcke.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Wed, 19 Oct 2022 13:28:22 GMT
Transfer-Encoding: chunked

GET
H2

200

a91581ead4 Show response
myofferplus.com/rc/
Redirect Chain

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330001e2acfed882a220aeadf3422be9baa441019-202210-flb*5467509-4538f*M7156214817156497437*sl_5467509-4538f*afb75af20c8c70...
https://myofferplus.com/rc/a91581ead4?affclick=634ffb77ee77b50001fa3299&pubid=503

1 KB
1 KB

265ms
171ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://myofferplus.com/rc/a91581ead4?affclick=634ffb77ee77b50001fa3299&pubid=503
Requested by: Host: www.wewillserv.com
URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa3f1345e67132ddbbe045553d20df95f679d538425d8eb7715bd201cb6f8a67

Request headers

Referer: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214817156497437&website=13260-0b0f7687-8a0addf3&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 75c9db49bdb8be44-CPH
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 13:28:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dbyoeeLt%2F3MGakQkrOWV2hclQA0ItakNZvo2gFWLA2aggrkuKK0C77Ltch1nCKtD0aJne5fRcOrUIbAZquZ3MDunFR00bE76jszT0149Tl6Btf%2BtZAraNz9dPRgEATBkxQQ4gFQRQ1N9Y%2BuuOSs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Wed, 19 Oct 2022 13:28:23 GMT
location: https://myofferplus.com/rc/a91581ead4?affclick=634ffb77ee77b50001fa3299&pubid=503
server: nginx

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 84ms
42ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=634ffb77ee77b50001fa3299&pubid=503
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 13:28:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 4363
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aB3nRIr095RUbbIx7Sx7VwW7EbO2miRPlHkI81PuxUKiYxVTeuQg50j5s6XzpK0wWyKOIvJ%2FG9N3Ht6c%2BV0ACVv%2BbLfvJxLWLw7JiiYC%2BRbsCq743Nh1IO1uuJs7yvFUPLLyydeFw5de7jWlaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 75c9db4af8589290-FRA

GET
H2 200 /
otto.sherlowcke.com/ 3 KB
2 KB 124ms
122ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub1eb6dd91687441aa88d75d6f741b9328&2=503

Requested by

Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=634ffb77ee77b50001fa3299&pubid=503

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 19 Oct 2022 13:28:23 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 / Show response
otto.sherlowcke.com/ 9 KB
3 KB 140ms
139ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub1eb6dd91687441aa88d75d6f741b9328&2=503

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

d97b825e39f61f6325d0a29e73152803521063d24b20ca3f7f8b2c805d5cfbce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub1eb6dd91687441aa88d75d6f741b9328&2=503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 13:28:23 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 proc.php
otto.sherlowcke.com/ 4 KB
2 KB 125ms
123ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/proc.php?0c08cb3b0782596c99042a3914f00deba8b70016

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 19 Oct 2022 13:28:24 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H/1.1 200
OK /
www.wewillserv.com/ 5 KB
5 KB 22ms
22ms Document
text/html 51.68.82.147
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Requested by: Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/proc.php?0c08cb3b0782596c99042a3914f00deba8b70016
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.82.147 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://otto.sherlowcke.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Wed, 19 Oct 2022 13:28:24 GMT
Transfer-Encoding: chunked

GET
H3

200

a91581ead4 Show response
myofferplus.com/rc/
Redirect Chain

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330003895a3ac4ff226e46f508e641ed25e111019-202210-flb*5467509-4538f*M7156214821451464801*sl_5467509-4538f*a6f4d314221767...
https://myofferplus.com/rc/a91581ead4?affclick=634ffb78398132000189d5b4&pubid=503

1 KB
1 KB

98ms
65ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://myofferplus.com/rc/a91581ead4?affclick=634ffb78398132000189d5b4&pubid=503
Requested by: Host: www.wewillserv.com
URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 063118be5b99c3f29209863fe306ccbb83b3b1fb6866bf8afe5829a7e3951f55

Request headers

Referer: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 75c9db511b73905e-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 13:28:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gnMlba7zAQdeFTlu3A3s2YEaEQJ%2FiiX5bq6MoMzThJ4CzyZiuMVIl0doTW1LTKoX%2FONpfGaeFQqlqsQy2S8M52Se%2BBfmMNFFWcNW71K5okAHbl%2FhpJabbZvpCjGaPAxdbE2xZhZItaqQBx%2BRpno%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Wed, 19 Oct 2022 13:28:24 GMT
location: https://myofferplus.com/rc/a91581ead4?affclick=634ffb78398132000189d5b4&pubid=503
server: nginx

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1016 B 37ms
36ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=634ffb78398132000189d5b4&pubid=503
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 13:28:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 4364
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FOWkQPEvO5iZ6XUTroDuSvtaFCXDKSvILfQ6AcfBCz3enYC5HIOY4MsZBV4KoV5qTgLpxnlxDBNQMmVJvlCq61cFHKBr1x%2Bg8D8%2BHI3k9nqQVgJ%2BmShEaPb9EtK%2FMtAPijX6Fgd7XAoRRLWTrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 75c9db519c969290-FRA

GET
H2 200 /
otto.sherlowcke.com/ 3 KB
2 KB 123ms
121ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub1eb6dd91687441aa88d75d6f741b9328&2=503

Requested by

Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=634ffb78398132000189d5b4&pubid=503

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 19 Oct 2022 13:28:24 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&c=1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 / Show response
otto.sherlowcke.com/ 9 KB
3 KB 123ms
122ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub1eb6dd91687441aa88d75d6f741b9328&2=503

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

b9fcf506595890273c1219724af0034bdcc8371f79094fc432b5c5d846d0f6c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=f31e77b4&cid=pub1eb6dd91687441aa88d75d6f741b9328&2=503
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 13:28:24 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H2 200 proc.php
otto.sherlowcke.com/ 4 KB
2 KB 124ms
122ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/proc.php?4b97ee216e4b6017f3efb30f46becd6b760bb0d9

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.1.9

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Referer: https://otto.sherlowcke.com/?utm_term=7156214821451464801&ver=4viyaptcjo&c=1&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 19 Oct 2022 13:28:25 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains;
vary: Accept-Encoding
x-powered-by: PHP/8.1.9

GET
H/1.1 200
OK /
www.wewillserv.com/ 5 KB
5 KB 23ms
22ms Document
text/html 51.68.82.147
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Requested by: Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/proc.php?4b97ee216e4b6017f3efb30f46becd6b760bb0d9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.82.147 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://otto.sherlowcke.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Wed, 19 Oct 2022 13:28:25 GMT
Transfer-Encoding: chunked

GET
H2

200

/ Show response
t.bl-easycdn.com/directclick/
Redirect Chain

https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=395110faaa1f81bcc29542a30b1438741019-202210-flb

25 KB
9 KB

243ms
177ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=395110faaa1f81bcc29542a30b1438741019-202210-flb
Requested by: Host: www.wewillserv.com
URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 386255265427b17ddf79aa5199a659b094646164a3977b81a304a995976ef290

Request headers

Referer: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7156214821451464801&website=13260-e8537fa9-1cf44765&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 75c9db5789b3bb43-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 13:28:25 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2bo03quG9PXdQU3GVS0Yz3IAqYa2kb84NOuXUArkWgUU0qwsOQNVUOB2TbQI0iuw1Ec0ohXX%2Frk2gtl9HjTx7pSmE2yiscNTOJef%2FBFHjilHLYjx6X%2FBubE8wCy8LOEP0XL3rMpLoCrYFrt1XsRx"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 0
Date: Wed, 19 Oct 2022 13:28:25 GMT
Location: https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=395110faaa1f81bcc29542a30b1438741019-202210-flb

GET
H2 200 22e841bd3c Show response
zring.jukminung.com/rc/ 1 KB
1 KB 182ms
166ms Document
text/html 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zring.jukminung.com/rc/22e841bd3c?affclick=22101915_01_371812_cbbbf52280565&pubid=a371812s&affe=rdmfl
Requested by: Host: t.bl-easycdn.com
URL: https://t.bl-easycdn.com/directclick/?pid=CLBghSztLMxKnP7sw-K3orR0VUY1&wsid=395110faaa1f81bcc29542a30b1438741019-202210-flb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3841ca77a1e395f1ec04a4c26d1336eff878bdb83870d2cb638e160815edd56

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 75c9db591b719a2d-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Wed, 19 Oct 2022 13:28:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dHrp9VL9TDga%2Bj7wCstlOxZUBm951jDSCZoj7E7IKOIV2lLtZf4oGyJmwsu6UBe2oeyNNqrSQ%2FiHm9mgIm1FrBZdTT0XMIlZGzqOXlL7yRKRl1nDjGVfP5ECFzzx8tGbPukomKgEh06WG%2Bn1ShFGhN7i"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1009 B 78ms
78ms Stylesheet
text/css 2606:4700:3030::ac43:bfdd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: zring.jukminung.com
URL: https://zring.jukminung.com/rc/22e841bd3c?affclick=22101915_01_371812_cbbbf52280565&pubid=a371812s&affe=rdmfl
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 13:28:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NG3WEQ5NJ4PQVZ4F
age: 4365
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: QxX22n6jD9gBrjBZ6ohlWbPu+une0ezSYrlZ/gpY7cQk926tnR/U/t0VdL75pShx4aODRqNqN5k=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FwRPsa358ckUnOZKkiB0UNvciUtglXevW6mrUxV1jcoqa2A77cMNEOz5IN6UxzUCCbDHj7kYmyPR1OI4JLgixYlFv77I4LjYtHVk4eY7fylqOpEFRREnnsThhd4dB0dzkVsW4dYf63Abvq1X2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 75c9db5a2d7c9290-FRA

GET
H2 200 / Show response
1d6c9396fa1.777offers.net// 953 B
1 KB 96ms
40ms Document
text/html 94.237.103.119
UPCLOUD

General

Check archive.org

Show headers Download Go to

Full URL: https://1d6c9396fa1.777offers.net//?p=4379&media_type=mainstream&sub_id=pubf19eb9acdb8c4b7cb9de5974791d61c1&pubid=a371812s&pi=a371812s
Requested by: Host: zring.jukminung.com
URL: https://zring.jukminung.com/rc/22e841bd3c?affclick=22101915_01_371812_cbbbf52280565&pubid=a371812s&affe=rdmfl
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.237.103.119 , Finland, ASN202053 (UPCLOUD, FI),
Reverse DNS: 94-237-103-119.de-fra1.upcloud.host
Software: /
Resource Hash: 2aa5f2d7b775a7db59311dd545b8a11243bbc7e43b6111fcc483bad10773bd2f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 19 Oct 2022 13:28:26 GMT
expires: Wed, 19 Oct 2022 13:28:26 GMT
last-modified: Wed, 19 Oct 2022 13:28:26 GMT
pragma: no-cache
vary: Accept-Encoding
x-robots-tag: noindex, nofollow

GET
H/1.1

200
OK

Primary Request search.html Show response
k9j5t5p4.ssl.hwcdn.net/bing/
Redirect Chain

https://optiestrycended.com/bf0465cf-e980-478d-87f2-27d14b1b731e?c2=4379&c1=5wmcpvo893hrngst75vuo8ssk,16628570,5,4379
https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=tx-6Bt-kovZSzmio-swkoY_KKAPr71X4aNBlCctkT5uFtz3CNbAjZPLzUoJPr5yhFW-NBNOcTuwyS-B9dwq5qv7Ygur72ZG8HLHidGMCfqn_z-zQHkWQPKNjGPOaTCXldkIeNhvLSi6vNu5lU...

12 KB
4 KB

112ms
29ms

Document
text/html

69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=tx-6Bt-kovZSzmio-swkoY_KKAPr71X4aNBlCctkT5uFtz3CNbAjZPLzUoJPr5yhFW-NBNOcTuwyS-B9dwq5qv7Ygur72ZG8HLHidGMCfqn_z-zQHkWQPKNjGPOaTCXldkIeNhvLSi6vNu5lUQZzbZP__NK79wsiQPHhPzvM5qOBSNV4rjxrgPp2DFj37FsH1uEp9sHwu6C_5V6-KpyWyGa3rBBcY_SJSBOPbuvmosfayacjaY47aTqk9M7mY8e-_OUDraW5sN5bTZop-ZhWqAgm1VisimK0km3RPlm188nnISullHB7tkIdzOz4frweTFqMapU9QtpQteZyVPsL2FUz0tOWhpcEuDnmEvglRW_GJ2FtzQEyibVVfCBvk_1jmIzq0RAEdfPezb5_4ImuwQbPqX6Ii1T0F4aFqid3tn5Uky_POD8OnuTXSCnRLSYKv31i_oLSeQxKtDlGJ73t5Q&lptoken=16a066901840793506bc&c2=4379&c1=5wmcpvo893hrngst75vuo8ssk%2C16628570%2C5%2C4379
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: WasabiS3/7.7.900-2022-08-19-6bff245bcf (head08) /
Resource Hash: 2e0c77e31bf6fbe26c768a1a2f887ea01a8d5ee3c73b5aa5a3067c35ff79e69b

Request headers

Referer: https://1d6c9396fa1.777offers.net//?p=4379&media_type=mainstream&sub_id=pubf19eb9acdb8c4b7cb9de5974791d61c1&pubid=a371812s&pi=a371812s
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 3825
Content-Type: text/html
Date: Wed, 19 Oct 2022 13:28:26 GMT
ETag: "353efcbbb0d9f329fcb72d951e78b0af"
Last-Modified: Tue, 13 Sep 2022 07:52:04 GMT
Server: WasabiS3/7.7.900-2022-08-19-6bff245bcf (head08)
X-HW: 1666186106.dop130.fr8.t,1666186106.cds219.fr8.shn,1666186106.dop130.fr8.t,1666186106.cds260.fr8.c
x-amz-id-2: M7b/FgmEhH5i/mXvJwtheOjfToLa9RRWVpariiV7xr5ICb/LPX/11Ztmr1X/Pb43zp6hgbxzNTIG
x-amz-request-id: 87FE7268C94F109B

Redirect headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 0
date: Wed, 19 Oct 2022 13:28:26 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=tx-6Bt-kovZSzmio-swkoY_KKAPr71X4aNBlCctkT5uFtz3CNbAjZPLzUoJPr5yhFW-NBNOcTuwyS-B9dwq5qv7Ygur72ZG8HLHidGMCfqn_z-zQHkWQPKNjGPOaTCXldkIeNhvLSi6vNu5lUQZzbZP__NK79wsiQPHhPzvM5qOBSNV4rjxrgPp2DFj37FsH1uEp9sHwu6C_5V6-KpyWyGa3rBBcY_SJSBOPbuvmosfayacjaY47aTqk9M7mY8e-_OUDraW5sN5bTZop-ZhWqAgm1VisimK0km3RPlm188nnISullHB7tkIdzOz4frweTFqMapU9QtpQteZyVPsL2FUz0tOWhpcEuDnmEvglRW_GJ2FtzQEyibVVfCBvk_1jmIzq0RAEdfPezb5_4ImuwQbPqX6Ii1T0F4aFqid3tn5Uky_POD8OnuTXSCnRLSYKv31i_oLSeQxKtDlGJ73t5Q&lptoken=16a066901840793506bc&c2=4379&c1=5wmcpvo893hrngst75vuo8ssk%2C16628570%2C5%2C4379
pragma: no-cache
server: nginx

GET
H/1.1 200
OK blogo.png
k9j5t5p4.ssl.hwcdn.net/bing/ 7 KB
8 KB 22ms
22ms Image
image/png 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://k9j5t5p4.ssl.hwcdn.net/bing/blogo.png
Requested by: Host: k9j5t5p4.ssl.hwcdn.net
URL: https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=tx-6Bt-kovZSzmio-swkoY_KKAPr71X4aNBlCctkT5uFtz3CNbAjZPLzUoJPr5yhFW-NBNOcTuwyS-B9dwq5qv7Ygur72ZG8HLHidGMCfqn_z-zQHkWQPKNjGPOaTCXldkIeNhvLSi6vNu5lUQZzbZP__NK79wsiQPHhPzvM5qOBSNV4rjxrgPp2DFj37FsH1uEp9sHwu6C_5V6-KpyWyGa3rBBcY_SJSBOPbuvmosfayacjaY47aTqk9M7mY8e-_OUDraW5sN5bTZop-ZhWqAgm1VisimK0km3RPlm188nnISullHB7tkIdzOz4frweTFqMapU9QtpQteZyVPsL2FUz0tOWhpcEuDnmEvglRW_GJ2FtzQEyibVVfCBvk_1jmIzq0RAEdfPezb5_4ImuwQbPqX6Ii1T0F4aFqid3tn5Uky_POD8OnuTXSCnRLSYKv31i_oLSeQxKtDlGJ73t5Q&lptoken=16a066901840793506bc&c2=4379&c1=5wmcpvo893hrngst75vuo8ssk%2C16628570%2C5%2C4379
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: WasabiS3/7.7.900-2022-08-19-6bff245bcf (head08) /
Resource Hash: f1f97ddb28a4925de8234dd9a91b0cd8d5e8d050e2a2f5993ecffc278e733c37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://k9j5t5p4.ssl.hwcdn.net/bing/search.html?cep=tx-6Bt-kovZSzmio-swkoY_KKAPr71X4aNBlCctkT5uFtz3CNbAjZPLzUoJPr5yhFW-NBNOcTuwyS-B9dwq5qv7Ygur72ZG8HLHidGMCfqn_z-zQHkWQPKNjGPOaTCXldkIeNhvLSi6vNu5lUQZzbZP__NK79wsiQPHhPzvM5qOBSNV4rjxrgPp2DFj37FsH1uEp9sHwu6C_5V6-KpyWyGa3rBBcY_SJSBOPbuvmosfayacjaY47aTqk9M7mY8e-_OUDraW5sN5bTZop-ZhWqAgm1VisimK0km3RPlm188nnISullHB7tkIdzOz4frweTFqMapU9QtpQteZyVPsL2FUz0tOWhpcEuDnmEvglRW_GJ2FtzQEyibVVfCBvk_1jmIzq0RAEdfPezb5_4ImuwQbPqX6Ii1T0F4aFqid3tn5Uky_POD8OnuTXSCnRLSYKv31i_oLSeQxKtDlGJ73t5Q&lptoken=16a066901840793506bc&c2=4379&c1=5wmcpvo893hrngst75vuo8ssk%2C16628570%2C5%2C4379
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 13:28:26 GMT
Last-Modified: Mon, 12 Sep 2022 17:52:53 GMT
Server: WasabiS3/7.7.900-2022-08-19-6bff245bcf (head08)
x-amz-request-id: ED9E986BC7F11688
ETag: "0cf8d7eff944be4c1291e59790d6f38c"
X-HW: 1666186106.dop130.fr8.t,1666186106.cds219.fr8.shn,1666186106.dop130.fr8.t,1666186106.cds106.fr8.c
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 7676
x-amz-id-2: 66QzHSFghPw3JuDNBW9bHTIgNCeVZBcW5z6bPrVW1L/KY7be3cT4HIowqRTl7CFvraXOUIHw1Drb

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
nineteendrunk.com/	1970-01-20 07:32:58	Name: uid15295 Value: 1295296937-20221019092821-094f33beb051503173fd5df84462ced1-
lynku.jukminung.com/	1970-01-20 06:59:50	Name: AWSALB Value: bF+EQzKr1wukhIHLfO385JEUYKdXej8Ac9eZDXj6pcr0TXWfptTE65Ijp/lVyBlFgOvHpD5bk8ktH7XUIAVYBLnc0ZHQSd9oND6X/BhbD8C+xbUZzGUho2Nn05YJ
.jukminung.com/	1970-01-20 06:49:47	Name: __cf_bm Value: 4HwYne_znukgRnwaea0vBQTGt1QqEhm734ty18q3cF0-1666186102-0-Af2mvL0bPC1APpjr8pD/Lum9uRF7cFS5Rd2uoi2GEwmlxWCCfVpEbGkYppp74m7IuTcnSZPCLsESPKNXw3mG2GZpHRQBaif5xURJ0GPVn6rfzDjE7X8ntrhDHpMEo4r18Q==
otto.sherlowcke.com/	1970-01-20 15:35:22	Name: u Value: 02b6f707a148583e5c811047bfde031b
admoustache.go2affise.com/	1970-01-20 15:35:22	Name: afclick Value: 634ffb78398132000189d5b4
myofferplus.com/	1970-01-20 06:59:50	Name: AWSALB Value: 55bcKv+MfjxMp9/HZgpPSYoSL0CqqIdJa9wgoYjSOK216pNYueLNYid2sfWSdDDi+XHhaqozm2Np4K0FedbwvuD/WtCVCTIzH0O0SufoJeKrL1CFajleC0gbYeUI
.bl-easycdn.com/	1970-01-20 15:35:22	Name: checkkeks Value: 1
.bl-easycdn.com/	1970-01-20 06:51:12	Name: eTag Value: d908d149cf83e540f769d70ce4799c18
.bl-easycdn.com/	1970-01-20 15:35:22	Name: ck_uniques Value: 1666272504%3A24589-115227
.bl-easycdn.com/	1970-01-20 15:35:22	Name: ck_uniquesPa Value: 1666272504%3A89322
.bl-easycdn.com/	1970-01-20 06:51:12	Name: ck_sys_uniques_3 Value: 1
.bl-easycdn.com/	1970-01-20 06:51:12	Name: u_current_ads_view Value: 89322----
zring.jukminung.com/	1970-01-20 06:59:50	Name: AWSALB Value: taNGusNiE6n1U/0vJoY9C8p+Sxuwdp4uSEYDGHRvjNwz3ci6xkgxdgrSBJh4e2rST70BHudHFcF1FfI5DQ4dlnY6KTiRsroYasj3A+9QQdM1Lm1V7fa6pNriyeLj
.1d6c9396fa1.777offers.net/	1970-01-20 06:49:46	Name: rts-trck Value: 1
.777offers.net/	1970-01-20 16:25:46	Name: t-uuid Value: 5wmcpvo8haxbgnyazjcw0ooko
.777offers.net/	1970-01-20 06:49:46	Name: traffic-back Value: ok
.optiestrycended.com/	1970-01-20 06:51:12	Name: bf0465cf-e980-478d-87f2-27d14b1b731e-v4 Value: BzllHlWbSguqgM2pNgmlhaLVdFCHCu50eLOD3K5ORdE
.optiestrycended.com/	1970-01-20 06:51:12	Name: cep-v4 Value: zqNzcK8LIMfHRWxPqyqY3Lqs80AWGgugTW2ErT_jAXGI_txa1EcH82OZUakVjeGqVFxUrxwcHYDtgYIX5NLvz66pcZg_1o-mA5ciiE4AAh57qJZIOL89FdlLxf-6FAb89BHiEvawbooZMwFSuVWKrLqePyqa2V87MtCF7f2KdkK0vKQGk3EV5SEDJxqXt-fRzJe2LreBZVILLoT7gGdHomk9uY0Joedt0cLJy_3zZNJgCJCRfddS4ieYwlYgZsmYK_y0QfAPtHq1_-qiwiPDhcvmOBEzKMXZvtt7TDuYWWv_-P_m_bySQ1MPSPUGW_iZA4XLDIwVPl-ixVpgoVYTsmi79YLYWk684RsHd1WFPiGT76NIsWXs6BI2rJuRs0dfrK_T2rwtBXuRrnpswPQWoeohy2_yYXA4Nr1zMc-q3kE3ZGpLUm7_VomQbfLyfDUiKqkYWcM8LOBEHyffePlV9Q

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1d6c9396fa1.777offers.net
admoustache.go2affise.com
cdn.addlnk.com
fabstylish.co.uk
k9j5t5p4.ssl.hwcdn.net
lynku.jukminung.com
myofferplus.com
nineteendrunk.com
optiestrycended.com
otto.sherlowcke.com
t.bl-easycdn.com
www.wewillserv.com
zring.jukminung.com
18.156.93.177
23.229.68.112
2606:4700:3030::ac43:bfdd
2606:4700:3032::6815:1cae
2a06:98c1:3120::3
2a06:98c1:3121::3
34.147.1.177
45.91.248.67
51.68.82.147
65.60.58.179
69.16.175.42
94.237.103.119
063118be5b99c3f29209863fe306ccbb83b3b1fb6866bf8afe5829a7e3951f55
2aa5f2d7b775a7db59311dd545b8a11243bbc7e43b6111fcc483bad10773bd2f
2e0c77e31bf6fbe26c768a1a2f887ea01a8d5ee3c73b5aa5a3067c35ff79e69b
386255265427b17ddf79aa5199a659b094646164a3977b81a304a995976ef290
4700388c97852e81199138b08be15336e6841c26292e0d62ae29aad5b8908cf0
50dec66a246b9306f197cf1dce0710b92fd5f3dda5c4f024ab14690e29e4d002
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
aa3f1345e67132ddbbe045553d20df95f679d538425d8eb7715bd201cb6f8a67
b9fcf506595890273c1219724af0034bdcc8371f79094fc432b5c5d846d0f6c6
d3841ca77a1e395f1ec04a4c26d1336eff878bdb83870d2cb638e160815edd56
d97b825e39f61f6325d0a29e73152803521063d24b20ca3f7f8b2c805d5cfbce
e639d57b372dd223b46ea5382ca3dce27bf0faaf9a2fd51f634f9e1840017c30
f1f97ddb28a4925de8234dd9a91b0cd8d5e8d050e2a2f5993ecffc278e733c37

k9j5t5p4.ssl.hwcdn.net Open in urlscan Pro 69.16.175.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

28 Requests

100 %HTTPS

33 %IPv6

12 Domains

13 Subdomains

9 IPs

5 Countries

91 kBTransfer

175 kBSize

18 Cookies

0 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

k9j5t5p4.ssl.hwcdn.net Open in urlscan Pro
69.16.175.42 Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

100 %
HTTPS

33 %
IPv6

12
Domains

13
Subdomains

9
IPs

5
Countries

91 kB
Transfer

175 kB
Size

18
Cookies

28 HTTP transactions
0 data transactions