urlscan.io logo urlscan.io
SecurityTrails logo

nexters.g2afse.com Open in urlscan Pro
34.147.7.70  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://clixily.com/click.php?camp=6632&pubid=26692&sid=
Effective URL: https://nexters.g2afse.com/disabled.html
Submission: On November 18 via manual from BD — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 3 HTTP transactions. The main IP is 34.147.7.70, located in Groningen, Netherlands and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is nexters.g2afse.com. The Cisco Umbrella rank of the primary domain is 278174.
TLS certificate: Issued by DigiCert Global G3 TLS ECC SHA384 202... on July 30th 2024. Valid for: a year.
This is the only time nexters.g2afse.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 51.89.233.18 16276 (OVH OVH SAS)
1 1 2600:1f18:244... 14618 (AMAZON-AES)
2 3 2606:4700:303... 13335 (CLOUDFLAR...)
2 4 34.147.7.70 396982 (GOOGLE-CL...)
3 2
Apex Domain
Subdomains		 Transfer
4 g2afse.com
nexters.g2afse.com — Cisco Umbrella Rank: 278174
593 B
3 adspredictiv.com
adspredictiv.com
6 KB
1 extload.com
extload.com
4 KB
1 clixily.com
clixily.com
525 B
3 4
Domain Requested by
4 nexters.g2afse.com 2 redirects adspredictiv.com
3 adspredictiv.com 2 redirects
1 extload.com 1 redirects
1 clixily.com 1 redirects
3 4

This site contains no links.

Subject Issuer Validity Valid
adspredictiv.com
WE1		 2024-10-21 -
2025-01-19		 3 months crt.sh
*.g2afse.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2024-07-30 -
2025-08-30		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nexters.g2afse.com/disabled.html
Frame ID: 0737A206817AC239E3D561B2696D00D3
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Disabled

Page URL History Show full URLs

  1. https://clixily.com/click.php?camp=6632&pubid=26692&sid= HTTP 302
    https://extload.com/?a=147586&c=329877&s2=1a12f77f59cc48e8808b7f0d4&s1=26692 HTTP 302
    https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=d62ae954aac7485c9f232b38dafaa2fd20999&su... Page URL
  2. https://adspredictiv.com/jump/next.php?stamat=m%257CF2Nia7o2aQdHkAH0dEdHP3xP.f5b%252CTwuhcE9ytvGl4nFR... HTTP 302
    https://adspredictiv.com/script/i.php?t=1&c=23888448&stamat=m%257C%252C%252CAiPi9jOqtGU3BU-GH0dEdHP3x... HTTP 302
    https://nexters.g2afse.com/click?pid=18&offer_id=33&sub1=6536598-3174868460-775356062&sub8=173190476810... HTTP 302
    https://nexters.g2afse.com/click?pid=18&offer_id=15&sub1=33 HTTP 302
    http://nexters.g2afse.com/disabled.html HTTP 307
    https://nexters.g2afse.com/disabled.html Page URL

Page Statistics

3
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

5 kB
Transfer

10 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://clixily.com/click.php?camp=6632&pubid=26692&sid= HTTP 302
    https://extload.com/?a=147586&c=329877&s2=1a12f77f59cc48e8808b7f0d4&s1=26692 HTTP 302
    https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=d62ae954aac7485c9f232b38dafaa2fd20999&sub1=147586&sub2=26692 Page URL
  2. https://adspredictiv.com/jump/next.php?stamat=m%257CF2Nia7o2aQdHkAH0dEdHP3xP.f5b%252CTwuhcE9ytvGl4nFRHB_Ai_s-mlABFntchTzo96_d71mnJpukNFwwxub0Up3naZrX9qvg5McFdXdHIf9u6DJijCZdEZyg5TbcPsEKp0Hpbu2VL9t9taENzSJ53yGm6sMB_hkTKm9CjzrOK1nfAeGvXA%252C%252C&cbpage=https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=d62ae954aac7485c9f232b38dafaa2fd20999&sub1=147586&sub2=26692&cbur=0.9625084309865322&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2FGoogle%20Inc.1600x1200600en-US84824%20bits HTTP 302
    https://adspredictiv.com/script/i.php?t=1&c=23888448&stamat=m%257C%252C%252CAiPi9jOqtGU3BU-GH0dEdHP3xP.3bb%252ChP6F7ispRAGgqRjDsH9oCOTRXg1fx1haxeBLhNNohwVulgqZ_bfN_baJP2fjhX47Rkvr_7GNGB3lJUd0o7vpoIawXZShcYo-dHqJq9mgq5Fwrn7goN-KBpXxcDkwS-rsWU-InMNawPi5a9OgEROCM0_fWjBPq673d_zPRxouUclk0VjJjSZPytxUZmn67NyY26c7y1yyMmOBVUQiuBa1TIsVjmOqepf_S8SL6Wkld4PvFyXkctD2-pGKZy2FjY3xF07T1AZs3406CMc9Tmu-At4WPyBLHYJRvMmIUNZUmUynpKW6RiGdrFNmOGS4o-9caoLQWUDHjKuQgd4uCcXjew_C-4p--vKdJQ3wvjYSPZmgm1R1vII7QbsdQn2yJoG3tGbfslkhqoWoevIH2LsmLLS0kJD-7kRzEiVJCz28lcoTfeCifbyuSWEIcooms8SifK7LnXqSp0Pzm_NocCDih5xw9SFYt5RG9juuM6spVB1gndgugaTGi9Byerv1i-ugYi9nGvb_jr-C6Jq5HZKJp7u5OF2dBC21aFPmbEKIk4zmDu-tGd3H2v49F6cwiNTkoH84qfMiSfHlelop3lHO5kBq46nMHdFS3Jw47pHvwMXrIlO3VO3QKIY4pHIlDi0E-QH59t9ZQNSpz3S6OpRamNf-yJ2mGZkedg3fCSwfIjqJdKaW5dvF9Q84XGrXQITNXKeNC-Gj8JQd805rwSc7v4glJgSL9JUO6j31ZRfPSCQ%252C HTTP 302
    https://nexters.g2afse.com/click?pid=18&offer_id=33&sub1=6536598-3174868460-775356062&sub8=173190476810000TUSTV62a0dR5600R24R1500R1012R127R9930R9aa96V33007 HTTP 302
    https://nexters.g2afse.com/click?pid=18&offer_id=15&sub1=33 HTTP 302
    http://nexters.g2afse.com/disabled.html HTTP 307
    https://nexters.g2afse.com/disabled.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://clixily.com/click.php?camp=6632&pubid=26692&sid= HTTP 302
  • https://extload.com/?a=147586&c=329877&s2=1a12f77f59cc48e8808b7f0d4&s1=26692 HTTP 302
  • https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=d62ae954aac7485c9f232b38dafaa2fd20999&sub1=147586&sub2=26692

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
next.php
adspredictiv.com/jump/
Redirect Chain
  • https://clixily.com/click.php?camp=6632&pubid=26692&sid=
  • https://extload.com/?a=147586&c=329877&s2=1a12f77f59cc48e8808b7f0d4&s1=26692
  • https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=d62ae954aac7485c9f232b38dafaa2fd20999&sub1=147586&sub2=26692
10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=d62ae954aac7485c9f232b38dafaa2fd20999&sub1=147586&sub2=26692
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:99ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e4546e0c85f7279-EWR
content-encoding
zstd
content-type
text/html; charset=utf-8
date
Mon, 18 Nov 2024 04:39:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bOUYFXdw5nEv9jDPdJFBGWjcVUDcJ%2FJBjkRH5fZpYeoaRYYbnUPpZwUJ7sQo1WO0k%2Bn1dRz%2FPir84V0ca%2BoHyQkJxe%2B06nqqlW21P1%2FmyZLgGZVSmM8ZdU1EkO9QkHxQEwDxZve%2FFEUUtqIg4kOX"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=13404&sent=13&recv=11&lost=0&retrans=0&sent_bytes=4219&recv_bytes=4541&delivery_rate=852&cwnd=12000&unsent_bytes=0&cid=f33c5e60f8551325&ts=101&x=1" cfExtPri cfHdrFlush;dur=0
vary
accept-encoding
via
1.1 google

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
*
content-language
en-US
content-type
text/html;charset=ISO-8859-1
date
Mon, 18 Nov 2024 04:39:28 GMT
location
https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=d62ae954aac7485c9f232b38dafaa2fd20999&sub1=147586&sub2=26692
server
nginx
Primary Request disabled.html
nexters.g2afse.com/
Redirect Chain
  • https://adspredictiv.com/jump/next.php?stamat=m%257CF2Nia7o2aQdHkAH0dEdHP3xP.f5b%252CTwuhcE9ytvGl4nFRHB_Ai_s-mlABFntchTzo96_d71mnJpukNFwwxub0Up3naZrX9qvg5McFdXdHIf9u6DJijCZdEZyg5TbcPsEKp0Hpbu2VL9t9...
  • https://adspredictiv.com/script/i.php?t=1&c=23888448&stamat=m%257C%252C%252CAiPi9jOqtGU3BU-GH0dEdHP3xP.3bb%252ChP6F7ispRAGgqRjDsH9oCOTRXg1fx1haxeBLhNNohwVulgqZ_bfN_baJP2fjhX47Rkvr_7GNGB3lJUd0o7vpoI...
  • https://nexters.g2afse.com/click?pid=18&offer_id=33&sub1=6536598-3174868460-775356062&sub8=173190476810000TUSTV62a0dR5600R24R1500R1012R127R9930R9aa96V33007
  • https://nexters.g2afse.com/click?pid=18&offer_id=15&sub1=33
  • http://nexters.g2afse.com/disabled.html
  • https://nexters.g2afse.com/disabled.html
111 B
209 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nexters.g2afse.com/disabled.html
Requested by
Host: adspredictiv.com
URL: https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=d62ae954aac7485c9f232b38dafaa2fd20999&sub1=147586&sub2=26692
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.147.7.70 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.7.147.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
b7413baf6c8d815f06ac626010aa7c4eff83b4f3ab3fa3cfd4c50cb533b5cf08

Request headers

Referer
https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=d62ae954aac7485c9f232b38dafaa2fd20999&sub1=147586&sub2=26692
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html
date
Mon, 18 Nov 2024 04:39:28 GMT
etag
W/"628f9513-6f"
last-modified
Thu, 26 May 2022 14:56:19 GMT
server
nginx

Redirect headers

Location
https://nexters.g2afse.com/disabled.html
Non-Authoritative-Reason
HttpsUpgrades
favicon.ico
nexters.g2afse.com/ 		0
110 B 		Other
General
Check archive.org
Download Go to
Full URL
https://nexters.g2afse.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.147.7.70 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
70.7.147.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://nexters.g2afse.com/disabled.html

Response headers

accept-ranges
bytes
content-length
0
date
Mon, 18 Nov 2024 04:39:28 GMT
etag
"628f9517-0"
content-type
image/x-icon
last-modified
Thu, 26 May 2022 14:56:23 GMT
server
nginx

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Domain/Path Name / Value
clixily.com/ Name: PHPSESSID
Value: c3779cd9804d09ecd97d224b7e825eba
.extload.com/ Name: gdm_suid_v2_1_001
Value: HPfHs3OFxkaNOwO68jCjbQ==
.extload.com/ Name: gdm_click_freq_v2_1_001
Value: HAWH9RymJMfl6rctixJaQobDaKYu4bm3mwBqUjSQueUnIkvOLDx/chzu4i4AKzLx
.extload.com/ Name: gdm_click_freq_v1_1_001
Value: HAWH9RymJMfl6rctixJaQobDaKYu4bm3mwBqUjSQueUnIkvOLDx/chzu4i4AKzLx
.extload.com/ Name: gdm_sid_v2_3_001
Value: peJf9fQwFX5OU85IHJ5ebtz+kfitxSGDgz+aaQ4oz2Hq1SF4iDBe9RXosAckdlth7Ey/zHIP+nZ0aWLa2XZQh+EMsK7sAIxcewubXwIOO/SuIZYF7OCO9lNV1cOyNBvYvM7Txn3J+N1UXuwHYUNAqqay5iaMCLDw5aLiUxY3YkkrTAn3YkSuYMzqLZJE6eYiNoiPgl2BPFTMPno4rFx6tq5SKKfEx0qY2bVIW1rUCwhzemO59Z6iH2SvI0X/+a011kLNr8FHkXRhXqP3Q3cVmY6B8pvVwdi+NznHHzbJ9s9INdGMEvAXKbkulG6oIQJzKJpvclWo1fAsZwzNyMnHAaICy4MB4QEJekP+pzrfOt7VWOk4NS2MS5e4q81tJqlCVwmulaMGXnBJQuH9qXlKcbvDm9RJF351L5IRhsyrxO0LH1V7AknbsHKgfe1SkUKGjoUKteSU2dOV2N9vNOGQg3uTe+CqpY7sshoBta3GI1LuJ7MJqgNFfZbiKidkcR9+8pli17EFy0eL4+spsy+hYTNF4XqJ6IPBBYEZ+eQqhNp0Ifk7ksHtrAqcgd8Wu7U9h8wje57UOM8z48RJ6Q/tRxvhp/OwQGzD+xXZa1XQlAq5uA0YOFLu95RbrC7B0O2x+vsBmcCFDBSGDvtYS9ZWQhQ5RKnRwoWsmkiRO6Sl+Fs9Pn+5FOuQ9jgQHGL4kWxhXKGxfJX/D5NX60KpwtND9L/yT+vAkIXJpRmppuFzkxeRTj/3Z+HH/9ivJF5YjQz14i23nkeaAL3y1+YrUMn0/bu2aP1OAEMQDsD/GBumejfasTIlTfqikEolnBqVkOtBeym7LbQL1XzqRGFjYcYB2HUSJq4eWr8sC8tgBOxVT1SAYRE708EGfkEx7VLSPAkhFKH2zmKiOHQgWttuihafPDlxjvgV9bIJNsCV53eA5zigIgBzph86qjnwKi3LG75242KWDtcQ6UNTigcyChwH6NcV0TvgWrwev4L702AeMjajMmBCJtKcgjqNGvxZCN4dX3Q9oKpnzqzaZFGmvsqHYUSUDUTqVvlZU3+tN3cqK9UxInGdpf/LOiKWHAEwxN5cJ+Q4F3P78DvMkblJ82LGhqzvKarIyL/ycDAc49ef5ZuOl+8PsR54HWiWJeHIRBmB
.extload.com/ Name: gdm_uid_v1_1_001
Value: yY6+PUWyruolCFLpPLnIk2KwHY+XyxF+x2zR77QBUwT3JWCqnOLia53RyNOAimJM
.extload.com/ Name: gdm_click_adv_freq_v2_1_001
Value: WGP2hL1mCj4amHrx09xyl65k09ZKtCi1646wK5es5cm9/Sv25Ojjj+m8+aqKP1xK
.extload.com/ Name: gdm_uid_v2_1_001
Value: yY6+PUWyruolCFLpPLnIk2KwHY+XyxF+x2zR77QBUwT3JWCqnOLia53RyNOAimJM
.extload.com/ Name: gdm_sid_v1_3_001
Value: peJf9fQwFX5OU85IHJ5ebtz+kfitxSGDgz+aaQ4oz2Hq1SF4iDBe9RXosAckdlth7Ey/zHIP+nZ0aWLa2XZQh+EMsK7sAIxcewubXwIOO/SuIZYF7OCO9lNV1cOyNBvYvM7Txn3J+N1UXuwHYUNAqqay5iaMCLDw5aLiUxY3YkkrTAn3YkSuYMzqLZJE6eYiNoiPgl2BPFTMPno4rFx6tq5SKKfEx0qY2bVIW1rUCwhzemO59Z6iH2SvI0X/+a011kLNr8FHkXRhXqP3Q3cVmY6B8pvVwdi+NznHHzbJ9s9INdGMEvAXKbkulG6oIQJzKJpvclWo1fAsZwzNyMnHAaICy4MB4QEJekP+pzrfOt7VWOk4NS2MS5e4q81tJqlCVwmulaMGXnBJQuH9qXlKcbvDm9RJF351L5IRhsyrxO0LH1V7AknbsHKgfe1SkUKGjoUKteSU2dOV2N9vNOGQg3uTe+CqpY7sshoBta3GI1LuJ7MJqgNFfZbiKidkcR9+8pli17EFy0eL4+spsy+hYTNF4XqJ6IPBBYEZ+eQqhNp0Ifk7ksHtrAqcgd8Wu7U9h8wje57UOM8z48RJ6Q/tRxvhp/OwQGzD+xXZa1XQlAq5uA0YOFLu95RbrC7B0O2x+vsBmcCFDBSGDvtYS9ZWQhQ5RKnRwoWsmkiRO6Sl+Fs9Pn+5FOuQ9jgQHGL4kWxhXKGxfJX/D5NX60KpwtND9L/yT+vAkIXJpRmppuFzkxeRTj/3Z+HH/9ivJF5YjQz14i23nkeaAL3y1+YrUMn0/bu2aP1OAEMQDsD/GBumejfasTIlTfqikEolnBqVkOtBeym7LbQL1XzqRGFjYcYB2HUSJq4eWr8sC8tgBOxVT1SAYRE708EGfkEx7VLSPAkhFKH2zmKiOHQgWttuihafPDlxjvgV9bIJNsCV53eA5zigIgBzph86qjnwKi3LG75242KWDtcQ6UNTigcyChwH6NcV0TvgWrwev4L702AeMjajMmBCJtKcgjqNGvxZCN4dX3Q9oKpnzqzaZFGmvsqHYUSUDUTqVvlZU3+tN3cqK9UxInGdpf/LOiKWHAEwxN5cJ+Q4F3P78DvMkblJ82LGhqzvKarIyL/ycDAc49ef5ZuOl+8PsR54HWiWJeHIRBmB
.extload.com/ Name: gdm_suid_v1_1_001
Value: HPfHs3OFxkaNOwO68jCjbQ==
.extload.com/ Name: gdm_click_adv_freq_v1_1_001
Value: WGP2hL1mCj4amHrx09xyl65k09ZKtCi1646wK5es5cm9/Sv25Ojjj+m8+aqKP1xK

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adspredictiv.com
clixily.com
extload.com
nexters.g2afse.com
2600:1f18:2448:f240:252f:919c:747a:456e
2606:4700:3035::ac43:99ee
34.147.7.70
51.89.233.18
b7413baf6c8d815f06ac626010aa7c4eff83b4f3ab3fa3cfd4c50cb533b5cf08
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855