urlscan.io logo urlscan.io
SecurityTrails logo

read-the-news.online Open in urlscan Pro
213.227.145.147  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hardcopypassbook.co.uk/Oa6hWU.jsw?dr5dH7cckYNhcxJspcccSMc9c4Tkbcbbdcbbb3N
Effective URL: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dati...
Submission: On July 08 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 13 domains to perform 23 HTTP transactions. The main IP is 213.227.145.147, located in Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is read-the-news.online. The Cisco Umbrella rank of the primary domain is 320871.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on November 26th 2021. Valid for: a year.
This is the only time read-the-news.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 5.104.107.29 24961 (MYLOC-AS ...)
1 65.98.48.138 25653 (FORTRESSITX)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 51.161.115.163 16276 (OVH)
1 1 23.235.251.114 19437 (SS-ASH)
1 1 142.93.240.225 14061 (DIGITALOC...)
1 1 51.83.143.92 16276 (OVH)
1 2 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 3 35.186.193.41 15169 (GOOGLE)
1 1 2a03:b0c0:3:d... 14061 (DIGITALOC...)
1 9 213.227.145.147 60781 (LEASEWEB-...)
1 213.227.129.23 ()
23 8
1    5.104.107.29 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: mediumproject.co.uk
hardcopypassbook.co.uk
1    65.98.48.138 (United States)

ASN25653 (FORTRESSITX, US)
PTR: mx1.asdwirkvin.com
positivemime.com
4    2606:4700:3031::ac43:92ee (United States)

ASN13335 (CLOUDFLARENET, US)
lynku.jukminung.com
1    2606:4700:3033::6815:1446 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
1    51.161.115.163 (Canada)

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net
t1.goldensevenseas.net
1    23.235.251.114 (Ashburn, United States)

ASN19437 (SS-ASH, US)
23.us.goldwinds.xyz
1    142.93.240.225 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
redir.goldwinds.xyz
1    51.83.143.92 (France)

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu
cola.labtrffc.com
2    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
popmyads.com
3    35.186.193.41 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 41.193.186.35.bc.googleusercontent.com
www.linkonclick.com
1    2a03:b0c0:3:d0::1114:8001 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
go.ts-tracker.me
9    213.227.145.147 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
read-the-news.online
1    213.227.129.23 (None, )

ASN- ()
wbidder2.com
Apex Domain
Subdomains		 Transfer
9 read-the-news.online
read-the-news.online — Cisco Umbrella Rank: 320871
171 KB
4 jukminung.com
lynku.jukminung.com
23 KB
3 linkonclick.com
www.linkonclick.com — Cisco Umbrella Rank: 349865
4 KB
2 popmyads.com
popmyads.com — Cisco Umbrella Rank: 89675
2 KB
2 goldwinds.xyz
23.us.goldwinds.xyz — Cisco Umbrella Rank: 771695
redir.goldwinds.xyz — Cisco Umbrella Rank: 60612
680 B
1 wbidder2.com
wbidder2.com Failed
738 B
1 ts-tracker.me
go.ts-tracker.me — Cisco Umbrella Rank: 115500
912 B
1 labtrffc.com
cola.labtrffc.com — Cisco Umbrella Rank: 74313
283 B
1 goldensevenseas.net
t1.goldensevenseas.net — Cisco Umbrella Rank: 760684
300 B
1 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 219407
1 KB
1 positivemime.com
positivemime.com
450 B
1 hardcopypassbook.co.uk
hardcopypassbook.co.uk
255 B
0 amung.us Failed
whos.amung.us Failed
23 13
Domain Requested by
9 read-the-news.online 1 redirects www.linkonclick.com
read-the-news.online
4 lynku.jukminung.com positivemime.com
lynku.jukminung.com
3 www.linkonclick.com 2 redirects
2 popmyads.com 1 redirects lynku.jukminung.com
1 wbidder2.com read-the-news.online
1 go.ts-tracker.me 1 redirects
1 cola.labtrffc.com 1 redirects
1 redir.goldwinds.xyz 1 redirects
1 23.us.goldwinds.xyz 1 redirects
1 t1.goldensevenseas.net 1 redirects
1 cdn.addlnk.com lynku.jukminung.com
1 positivemime.com
1 hardcopypassbook.co.uk 1 redirects
0 whos.amung.us Failed popmyads.com
23 14

This site contains no links.

Subject Issuer Validity Valid
positivemime.com
Sectigo RSA Domain Validation Secure Server CA		 2022-04-25 -
2023-05-26		 a year crt.sh
*.jukminung.com
E1		 2022-05-22 -
2022-08-20		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-15 -
2023-05-15		 a year crt.sh
*.read-the-news.online
AlphaSSL CA - SHA256 - G2		 2021-11-26 -
2022-12-28		 a year crt.sh
*.wbidder2.com
AlphaSSL CA - SHA256 - G2		 2021-11-12 -
2022-12-14		 a year crt.sh

This page contains 2 frames:

Primary Page: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Frame ID: 853CCD78FCD1AAEC9556B0A685D1AD27
Requests: 21 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1657267200
Frame ID: B7F51FDE0D72B205A2BF4759631061B1
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Title

Page URL History Show full URLs

  1. http://hardcopypassbook.co.uk/Oa6hWU.jsw?dr5dH7cckYNhcxJspcccSMc9c4Tkbcbbdcbbb3N HTTP 302
    https://positivemime.com/17620c366ddd57b2800/1_2_2631731/2380_1121593_3639948_30/478918156 Page URL
  2. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1272046807&pubid=690144 Page URL
  3. https://t1.goldensevenseas.net/s.php?p=c%3A1ighcayppkorshdbl&d=61e943f4a56e02198e0b0501&s=c283d9f6&pid=pub7... HTTP 302
    https://23.us.goldwinds.xyz/feed/?link=true&tid=23&subid=23-c283d9f6&ref=&s1=62c7eb89af19be13e0779c94 HTTP 301
    https://redir.goldwinds.xyz/click/invalid/?tid=23&subid=23-c283d9f6 HTTP 302
    https://cola.labtrffc.com/h.php?p=c:xecd97ullhqs49nas&d=62a055db84c90235f05e05a1&s=23 HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  4. https://popmyads.com/gget HTTP 302
    http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250 Page URL
  5. http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Cso2fvI2MqB1dQO0dEdHP3xP.ff6%252CS0kXXHXf2ck-... HTTP 302
    http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252Cw3LqYiZnoGU3B5-GH0dEdHP3xP.269%252CEeZBe... HTTP 302
    https://go.ts-tracker.me/15GIEA?subid=1041905-329088980-0&cid=16572691323117783976207928630224533&aff... HTTP 302
    https://read-the-news.online/lp/y-arrow?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3... HTTP 301
    https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag... Page URL

Page Statistics

23
Requests

70 %
HTTPS

31 %
IPv6

13
Domains

14
Subdomains

8
IPs

5
Countries

201 kB
Transfer

308 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hardcopypassbook.co.uk/Oa6hWU.jsw?dr5dH7cckYNhcxJspcccSMc9c4Tkbcbbdcbbb3N HTTP 302
    https://positivemime.com/17620c366ddd57b2800/1_2_2631731/2380_1121593_3639948_30/478918156 Page URL
  2. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1272046807&pubid=690144 Page URL
  3. https://t1.goldensevenseas.net/s.php?p=c%3A1ighcayppkorshdbl&d=61e943f4a56e02198e0b0501&s=c283d9f6&pid=pub7ad3660d95c74713befb8cda9744479a HTTP 302
    https://23.us.goldwinds.xyz/feed/?link=true&tid=23&subid=23-c283d9f6&ref=&s1=62c7eb89af19be13e0779c94 HTTP 301
    https://redir.goldwinds.xyz/click/invalid/?tid=23&subid=23-c283d9f6 HTTP 302
    https://cola.labtrffc.com/h.php?p=c:xecd97ullhqs49nas&d=62a055db84c90235f05e05a1&s=23 HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  4. https://popmyads.com/gget HTTP 302
    http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250 Page URL
  5. http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Cso2fvI2MqB1dQO0dEdHP3xP.ff6%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6sQQdGgDhC8DO2lEpOlLseA%252C%252C&cbpage=http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250&cbur=0.9355462135350283&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
    http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252Cw3LqYiZnoGU3B5-GH0dEdHP3xP.269%252CEeZBesfdfk_29WRpHbs2NETP47o_CGvO6yutg7bvoMz-n0B_W5dvBrSt2895wuEBOsVnNn2ImzwFsr2MaeJta_7wInaS2WQ5pFKGpHw465CRlREmtS2hbQC9QednX9j8qLGB5o3Pr2Bdx9zTty31wOb8iU_9RSdWUbI50hP4_y3qlEKd1iJydmiWRxHy1Q34XSS2tFJHGnVsPEG9_xZubCKe5dIx3qY33Ji39LvaOmqbi6UDYY0u6f4kebs3C1kJhijwU1Fzn_rqOLr5uZVducdArVOerFJ6pTGHD1rHOw1gk66PhT-EqEihOG9m24vqvPy6BeaPvXUE-7AmYpzzwutQA7PCC024kh8p7zI5qspjKymwwD0W7_2-b-2rkig2uPAvswo4MtXPFg7LUNlsKa3V-dxSPGC8LiFak-KCuD5wQxH4l_6Ns_HKkjXgvPb0tCGVqxJDMLNPprfzVPfL4m-DqwQ8A7sSTwSBI76JG1U0UL2UTDyaYcGlWfCzicvSWFctGoY4HgELLFd9ssWiXPlK_d-my2onqakfnnXLo2IF936myY1IHr7hLnDilWMKqIhgGElNNQckFEME4LXyDg%252C%252C HTTP 302
    https://go.ts-tracker.me/15GIEA?subid=1041905-329088980-0&cid=16572691323117783976207928630224533&affid=%2030555&cost=[payout]&external_id=16572691323117783976207928630224533 HTTP 302
    https://read-the-news.online/lp/y-arrow?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12 HTTP 301
    https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://hardcopypassbook.co.uk/Oa6hWU.jsw?dr5dH7cckYNhcxJspcccSMc9c4Tkbcbbdcbbb3N HTTP 302
  • https://positivemime.com/17620c366ddd57b2800/1_2_2631731/2380_1121593_3639948_30/478918156
Request Chain 5
  • https://t1.goldensevenseas.net/s.php?p=c%3A1ighcayppkorshdbl&d=61e943f4a56e02198e0b0501&s=c283d9f6&pid=pub7ad3660d95c74713befb8cda9744479a HTTP 302
  • https://23.us.goldwinds.xyz/feed/?link=true&tid=23&subid=23-c283d9f6&ref=&s1=62c7eb89af19be13e0779c94 HTTP 301
  • https://redir.goldwinds.xyz/click/invalid/?tid=23&subid=23-c283d9f6 HTTP 302
  • https://cola.labtrffc.com/h.php?p=c:xecd97ullhqs49nas&d=62a055db84c90235f05e05a1&s=23 HTTP 302
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Request Chain 8
  • https://popmyads.com/gget HTTP 302
  • http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
478918156
positivemime.com/17620c366ddd57b2800/1_2_2631731/2380_1121593_3639948_30/
Redirect Chain
  • http://hardcopypassbook.co.uk/Oa6hWU.jsw?dr5dH7cckYNhcxJspcccSMc9c4Tkbcbbdcbbb3N
  • https://positivemime.com/17620c366ddd57b2800/1_2_2631731/2380_1121593_3639948_30/478918156
137 B
450 B 		Document
General
Check archive.org
Download Go to
Full URL
https://positivemime.com/17620c366ddd57b2800/1_2_2631731/2380_1121593_3639948_30/478918156
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
65.98.48.138 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS
mx1.asdwirkvin.com
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
137
Content-Type
text/html; charset=UTF-8
Date
Fri, 08 Jul 2022 08:32:08 GMT
Server
Apache

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 08 Jul 2022 08:32:07 GMT
Location
https://positivemime.com/17620c366ddd57b2800/1_2_2631731/2380_1121593_3639948_30/478918156
Server
Apache
9e8aef8068
lynku.jukminung.com/rc/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1272046807&pubid=690144
Requested by
Host: positivemime.com
URL: https://positivemime.com/17620c366ddd57b2800/1_2_2631731/2380_1121593_3639948_30/478918156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11ac0d0f7fa317560c48297c3878a380b05d6b311ccbd4aca9c2341778f5a95f

Request headers

Referer
https://positivemime.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
727777b83a679070-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Fri, 08 Jul 2022 08:32:09 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPewSsWj2ZhKgn6kWP%2B4p4LpK3eCm6S0N50s6c%2FqPVBOpePqtpPsr1F4iytWWQgEPAKQMTI8svjOAZN51vNdlAdMAC1rR6mKxYYpV9jOe%2BnwEWEzEKFxvW7o3Fhyvwmepjozu0gWovpkkwKP12Hfh31L"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1272046807&pubid=690144
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:1446 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:09 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5860
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
72BQ43Z832DMHS8A
x-amz-id-2
9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eCc3fwran%2FnniySssufUap9rkwxJ0bPoL%2BI%2FITlONeT7LA2r7x8SfsqfDO6OBKwLAF8%2FHl%2FO65MIT7%2Fl28Amj0ejA5H8OrUR1EAnrdNaO%2B8drqedUUzvEQGVVdkpg4LSXs1szFHsj0RSCykx1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
727777b91ab89013-FRA
cf-bgj
minify
invisible.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame B7F5 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1657267200
Requested by
Host: positivemime.com
URL: https://positivemime.com/17620c366ddd57b2800/1_2_2631731/2380_1121593_3639948_30/478918156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
545979148032e4670cd9d2ae31759b959266e1d46b46e9a35286afb43d294ddd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:09 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8dq7MVzXTHZ3ZF091S9Nxu%2F7Xwm%2FMcoiiTIxuU66awpHY0Hnm5lWngySQ1WBs%2BfF9LkUOiUSO04kcWpsuIxGjfXtDpaKJrUAssCieDAuuEjvyEZeUngSjg6Ku1zpCkseN1lCr4mRLM2U3MqOQhbY9tGk"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
727777b95c029070-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pica.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame B7F5 		20 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb955face53234bc1257e6daaa7727fe84a99be1e68fde1741a3cb5bed4ba677

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:09 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xaw3NU%2BhUW1kbfgI2XDPbWtGg8lPjckKfVOz9PFYHr1XW79cmFKAzgnlzVL0WjEUXPndS5OtAVPiWiedzVb2aSfaDtx5koqv0Qbw3QRocDk27lp3I%2F2DQQYzcbXuCXnUX%2F69JfBgaLoSj8seKWTIAgOU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=604800, public
x-control-type-options
nosniff
cf-ray
727777b99c4f6904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
aHR0cDovL3RyYWZmaXgxMy5jb20=
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/
Redirect Chain
  • https://t1.goldensevenseas.net/s.php?p=c%3A1ighcayppkorshdbl&d=61e943f4a56e02198e0b0501&s=c283d9f6&pid=pub7ad3660d95c74713befb8cda9744479a
  • https://23.us.goldwinds.xyz/feed/?link=true&tid=23&subid=23-c283d9f6&ref=&s1=62c7eb89af19be13e0779c94
  • https://redir.goldwinds.xyz/click/invalid/?tid=23&subid=23-c283d9f6
  • https://cola.labtrffc.com/h.php?p=c:xecd97ullhqs49nas&d=62a055db84c90235f05e05a1&s=23
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1272046807&pubid=690144
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options DENY

Request headers

Referer
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1272046807&pubid=690144
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
727777cafb166964-FRA
content-encoding
br
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=UTF-8
date
Fri, 08 Jul 2022 08:32:12 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSeQh9ARuAFxZrMJW2QnjG3RLv9DeBqZMPjkMOjikE1VKip3u%2Fk%2B1t5ZXOMmm1hKFiDD%2BGOVh2erMkjWDHXS9G8sjBKikKRpkpZF8RiWC7XN2rYLWNA5LChgMlbqpnQ1ASsBNdsaTP14gEo%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
DENY
x-powered-by
PHP/7.1.33

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 08 Jul 2022 08:32:11 GMT
Location
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Raund
2fo
Round
11kgq037yu
Server
nginx
727777b83a679070
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame B7F5 		2 B
721 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/727777b83a679070
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1657267200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 08 Jul 2022 08:32:09 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jGrnj1IxgGZfZV5UyD2pYxiDG42IepBzM2V0YcYi1dpndx4C5QXcqOapkpgYnnp3qHywz3FdF3ftGaH1qnSJI9dcMi7OW4z9y4AgUuLbZhwGi%2FqhJDvDdhaEX9iuv51gC9%2Fqcu7yGHvBv5BakG34FV7C"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
727777bb2e716904-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
popmyads.png
whos.amung.us/swidget/ 		0
0
next.php
www.linkonclick.com/jump/
Redirect Chain
  • https://popmyads.com/gget
  • http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Protocol
HTTP/1.1
Server
35.186.193.41 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
41.193.186.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://popmyads.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Fri, 08 Jul 2022 08:32:12 GMT
Server
openresty
Transfer-Encoding
chunked
Via
1.1 google

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
727777cb786d9a23-FRA
content-type
text/html; charset=UTF-8
date
Fri, 08 Jul 2022 08:32:12 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IMIwPs%2BXqQ5yeAe8f17k8SBrExFeMEXJiY8SPHv9N6GFKEb6CdYsDXbYhO25vl%2FFIB4OZ7xVuBWxYUezFTLUOuNeRvIytxup4L6rpgJYPipKllG4sJ2AQ6IIruyJclYfCFHXJLmlbzaZvNk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.1.33
Primary Request /
read-the-news.online/lp/y-arrow/
Redirect Chain
  • http://www.linkonclick.com/jump/next.php?stamat=m%257C%252Cso2fvI2MqB1dQO0dEdHP3xP.ff6%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM8JUm5HksBtX5-SSJ8vLRk6sQQdGgDhC8DO2lEpOlLseA%252C%252C&cbpage=ht...
  • http://www.linkonclick.com/script/i.php?stamat=m%257C%252C%252Cw3LqYiZnoGU3B5-GH0dEdHP3xP.269%252CEeZBesfdfk_29WRpHbs2NETP47o_CGvO6yutg7bvoMz-n0B_W5dvBrSt2895wuEBOsVnNn2ImzwFsr2MaeJta_7wInaS2WQ5pFK...
  • https://go.ts-tracker.me/15GIEA?subid=1041905-329088980-0&cid=16572691323117783976207928630224533&affid=%2030555&cost=[payout]&external_id=16572691323117783976207928630224533
  • https://read-the-news.online/lp/y-arrow?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&bran...
  • https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&bra...
29 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Requested by
Host: www.linkonclick.com
URL: http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
0c1ec20cebee238e4fa9aa825a6d5005a429fb7fcd3ef4c741c9e85e748adfc7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://www.linkonclick.com/jump/next.php?r=1041905&sub1=0646613250
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html
date
Fri, 08 Jul 2022 08:32:12 GMT
etag
W/"62341cea-729d"
last-modified
Fri, 18 Mar 2022 05:47:22 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Redirect headers

content-length
162
content-type
text/html
date
Fri, 08 Jul 2022 08:32:12 GMT
location
https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
server
nginx
x-frame-options
SAMEORIGIN
client.new.js
read-the-news.online/plugin/js/ 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://read-the-news.online/plugin/js/client.new.js
Requested by
Host: read-the-news.online
URL: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
ea8d074475a237fc34ae2ed9415f0faa805968e5747b685873841dca68c9042a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:12 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Mon, 04 Jul 2022 17:04:55 GMT
server
nginx
etag
W/"62c31db7-692e"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
expires
Sun, 07 Aug 2022 08:32:12 GMT
bidder.js
read-the-news.online/plugin/js/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://read-the-news.online/plugin/js/bidder.js
Requested by
Host: read-the-news.online
URL: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
d3a7350f32ae624e1d340bbfe32400930c4b75e5c5860f65351d31a0ee4d8377
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:12 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Mon, 04 Jul 2022 17:04:55 GMT
server
nginx
etag
W/"62c31db7-3b60"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
expires
Sun, 07 Aug 2022 08:32:12 GMT
bidder-interval.js
read-the-news.online/plugin/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://read-the-news.online/plugin/js/bidder-interval.js
Requested by
Host: read-the-news.online
URL: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
4fcf63aeecc00b000351d5b887fb4cc3dc9b6bc97cb7852734864852b7797226
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:12 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 16 Jun 2022 13:19:20 GMT
server
nginx
etag
W/"62ab2dd8-1f27"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
expires
Sun, 07 Aug 2022 08:32:12 GMT
e-client.v2.js
read-the-news.online/plugin/js/ 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://read-the-news.online/plugin/js/e-client.v2.js
Requested by
Host: read-the-news.online
URL: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
3e0c01a6c467139034e28e06b14cfe72288008d377ef4c02219210058973a72a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:12 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 07 Jul 2022 08:43:02 GMT
server
nginx
etag
W/"62c69c96-82de"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
expires
Sun, 07 Aug 2022 08:32:12 GMT
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4261f5b9b560c04a5b01559c45547e64f80f412e364d11520e2f8e70bdfc3978

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
image/png
client
wbidder2.com/offer/ 		0
0
client
wbidder2.com/offer/ 		0
0
client
wbidder2.com/offer/ 		0
0
newB1modal.png
read-the-news.online/pluginstuff/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://read-the-news.online/pluginstuff/newB1modal.png
Requested by
Host: read-the-news.online
URL: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
3f0014f83976d1cf838ba0bb0dd7b9150457ebc601c4f6840d8e16620c12ad5b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:12 GMT
last-modified
Fri, 14 May 2021 16:13:10 GMT
server
nginx
etag
"609ea196-2359"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
9049
expires
Sun, 07 Aug 2022 08:32:12 GMT
client
wbidder2.com/offer/ 		0
0
client
wbidder2.com/offer/ 		0
0
eclientclick
wbidder2.com/offer/ 		2 KB
738 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://wbidder2.com/offer/eclientclick?affid=onw_%2030555&subid=1041905-329088980-0&days=8&count=1&adult=undefined
Requested by
Host: read-the-news.online
URL: https://read-the-news.online/plugin/js/e-client.v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.129.23 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6bc8e08d30f3495b1658a1144c43f6db395cec4b0899b7d91770746ee16a7ba4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 08 Jul 2022 08:32:13 GMT
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
youtube-eclient.png
read-the-news.online/icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://read-the-news.online/icons/youtube-eclient.png
Requested by
Host: read-the-news.online
URL: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
44732c891c3fffbf3ec24e05f43fb59908ed9e467f35f424f71a45a649f78f01
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:12 GMT
last-modified
Tue, 15 Mar 2022 16:54:11 GMT
server
nginx
etag
"6230c4b3-57c"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
1404
expires
Sun, 07 Aug 2022 08:32:12 GMT
spinner.gif
read-the-news.online/flow-lp/porsche-1/img/ 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://read-the-news.online/flow-lp/porsche-1/img/spinner.gif
Requested by
Host: read-the-news.online
URL: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.145.147 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
7ffbc5613ad711543dc07ae92ea8a151ed27fa356f0a591181910f4270b2e908
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Fri, 08 Jul 2022 08:32:12 GMT
last-modified
Fri, 01 Nov 2019 13:26:09 GMT
server
nginx
etag
"5dbc3271-1c3fd"
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
content-length
115709
expires
Sun, 07 Aug 2022 08:32:12 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
whos.amung.us
URL
https://whos.amung.us/swidget/popmyads.png
Domain
wbidder2.com
URL
https://wbidder2.com/offer/client?affid=onw_%2030555&subid=1041905-329088980-0&days=8&count=1
Domain
wbidder2.com
URL
https://wbidder2.com/offer/client?affid=onw_%2030555&subid=1041905-329088980-0&days=8&count=1
Domain
wbidder2.com
URL
https://wbidder2.com/offer/client?affid=onw_%2030555&subid=1041905-329088980-0&days=8&count=1
Domain
wbidder2.com
URL
https://wbidder2.com/offer/client?affid=onw_%2030555&subid=1041905-329088980-0&days=8
Domain
wbidder2.com
URL
https://wbidder2.com/offer/client?affid=onw_%2030555&subid=1041905-329088980-0&days=8&count=5&adult=undefined

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _0x4950 function| _0xb303 function| asyncGeneratorStep function| _asyncToGenerator function| _slicedToArray function| _nonIterableRest function| _unsupportedIterableToArray function| _arrayLikeToArray function| _iterableToArrayLimit function| _arrayWithHoles object| _0x187e function| _0x1009 function| ownKeys function| _objectSpread function| _defineProperty function| getBidderUrl function| _0x3ab1 function| _0x2b02 function| eClient

7 Cookies

Domain/Path Name / Value
positivemime.com/ Name: uid15295
Value: 1272046807-20220708043208-861cddffbd4957f19f0d5fe31ad54027-
lynku.jukminung.com/ Name: AWSALB
Value: q2HiUvfBfcUfFI2x+zJKkv9gOkfRcTuKELv4t2V8I6ybrogC9rUdDeCrF5jyPQAdhwHEDwryBlFzCegOPmTv0cEJFCtb4CzgTodJsZvD4daYqzfNuQ7GyBsVjrKj
.jukminung.com/ Name: __cf_bm
Value: u3p9QFLRCyrR1mGOALR5RuQrItGnwF3Tdi6TaQuplog-1657269129-0-AZBXWbnrN1HCLV814v3sdABRg/G7Ws3sBfxW2KxQkKqSsVieF0cE9VQD54do+a+CkudD/IvoAAZB3wi0cvlJDnto2PbyIuvbJPpHAEyJAC8NzhHNZm3giyiVuJ7tKUl5lw==
popmyads.com/ Name: wGprrBLT
Value: 2
.go.ts-tracker.me/ Name: 15GIEAo
Value: 1
.go.ts-tracker.me/ Name: pc-cid
Value: af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708
.go.ts-tracker.me/ Name: pc-campaign
Value: 15GIEA

1 Console Messages

Source Level URL
Text
other error URL: https://read-the-news.online/lp/y-arrow/?cp=10&tag=%2030555&tag1=musicplayer&tag2=1041905-329088980-0&tag3=%2030555&tag4=dating&clickid=af3af7fa32fc07d0d8b62c208d7e26a0-4888-0708&device=Desktop&brand=Desktop&model=Desktop&country=DE&affid=%2030555&subid=1041905-329088980-0&ln=de&cid=16572691323117783976207928630224533&useragent={var:useragent}&ip=2a03:1b20:6:f011::8e&bv=Chrome%20103&as=pc&gf=12
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

23.us.goldwinds.xyz
cdn.addlnk.com
cola.labtrffc.com
go.ts-tracker.me
hardcopypassbook.co.uk
lynku.jukminung.com
popmyads.com
positivemime.com
read-the-news.online
redir.goldwinds.xyz
t1.goldensevenseas.net
wbidder2.com
whos.amung.us
www.linkonclick.com
wbidder2.com
whos.amung.us
142.93.240.225
213.227.129.23
213.227.145.147
23.235.251.114
2606:4700:3031::ac43:92ee
2606:4700:3033::6815:1446
2a03:b0c0:3:d0::1114:8001
2a06:98c1:3120::3
35.186.193.41
5.104.107.29
51.161.115.163
51.83.143.92
65.98.48.138
0c1ec20cebee238e4fa9aa825a6d5005a429fb7fcd3ef4c741c9e85e748adfc7
11ac0d0f7fa317560c48297c3878a380b05d6b311ccbd4aca9c2341778f5a95f
3e0c01a6c467139034e28e06b14cfe72288008d377ef4c02219210058973a72a
3f0014f83976d1cf838ba0bb0dd7b9150457ebc601c4f6840d8e16620c12ad5b
4261f5b9b560c04a5b01559c45547e64f80f412e364d11520e2f8e70bdfc3978
44732c891c3fffbf3ec24e05f43fb59908ed9e467f35f424f71a45a649f78f01
4fcf63aeecc00b000351d5b887fb4cc3dc9b6bc97cb7852734864852b7797226
545979148032e4670cd9d2ae31759b959266e1d46b46e9a35286afb43d294ddd
6bc8e08d30f3495b1658a1144c43f6db395cec4b0899b7d91770746ee16a7ba4
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
7ffbc5613ad711543dc07ae92ea8a151ed27fa356f0a591181910f4270b2e908
d3a7350f32ae624e1d340bbfe32400930c4b75e5c5860f65351d31a0ee4d8377
ea8d074475a237fc34ae2ed9415f0faa805968e5747b685873841dca68c9042a
fb955face53234bc1257e6daaa7727fe84a99be1e68fde1741a3cb5bed4ba677