urlscan.io logo urlscan.io
SecurityTrails logo

startd0wnload22x.com Open in urlscan Pro
188.72.236.34  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://click-v4.celxkpdir.com/click?i=LwvJPnrZ15o_0
Effective URL: https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_5vv5&s3=63c874075ad2dd00011f105f
Submission: On January 18 via manual from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 6 countries across 16 domains to perform 10 HTTP transactions. The main IP is 188.72.236.34, located in and belongs to . The main domain is startd0wnload22x.com.
TLS certificate: Issued by R3 on January 17th 2023. Valid for: 3 months.
This is the only time startd0wnload22x.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 198.134.116.17 27257 (WEBAIR-IN...)
2 2 51.161.115.163 16276 (OVH)
1 1 198.134.116.30 27257 (WEBAIR-IN...)
1 1 51.83.143.92 16276 (OVH)
2 4 2606:4700:e2:... 13335 (CLOUDFLAR...)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 23.23.100.235 14618 (AMAZON-AES)
2 2404:6800:400... 15169 (GOOGLE)
1 2 23.235.244.212 20454 (SSASN2)
1 94.237.103.119 202053 (UPCLOUD)
1 1 107.20.106.95 14618 (AMAZON-AES)
1 1 3.226.146.143 14618 (AMAZON-AES)
1 34.91.234.242 396982 (GOOGLE-CL...)
1 188.72.236.34 ()
10 8
1    198.134.116.17 (United States)

ASN27257 (WEBAIR-INTERNET, US)
click-v4.celxkpdir.com
2    51.161.115.163 (Canada)

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net
t3.lowtid.com
t1.blowingwnd.com
1    198.134.116.30 (United States)

ASN27257 (WEBAIR-INTERNET, US)
go.c4ptainn3lson.xyz
1    51.83.143.92 (France)

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu
ron.trffclb.com
4    2606:4700:e2::ac40:891b (United States)

ASN13335 (CLOUDFLARENET, US)
popmyads.com
2    2606:4700:10::6816:4aab (United States)

ASN13335 (CLOUDFLARENET, US)
whos.amung.us
widgets.amung.us
1    23.23.100.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-100-235.compute-1.amazonaws.com
pritha-ner.com
2    2404:6800:4004:826::200e (Australia)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    23.235.244.212 (Phoenix, United States)

ASN20454 (SSASN2, US)
prpops.com
1    94.237.103.119 (Finland)

ASN202053 (UPCLOUD, FI)
PTR: 94-237-103-119.de-fra1.upcloud.host
1d5e051bc65.traffic-c.com
1    107.20.106.95 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-106-95.compute-1.amazonaws.com
brko.admobe.com
1    3.226.146.143 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-146-143.compute-1.amazonaws.com
setupspeedyhighlyinfo-file.info
1    34.91.234.242 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 242.234.91.34.bc.googleusercontent.com
track.gositego.live
1    188.72.236.34 (None, )

ASN- ()
startd0wnload22x.com
Apex Domain
Subdomains		 Transfer
4 popmyads.com
popmyads.com — Cisco Umbrella Rank: 174033
3 KB
2 prpops.com
prpops.com — Cisco Umbrella Rank: 439866
19 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 22
20 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 15593
widgets.amung.us — Cisco Umbrella Rank: 15634
704 B
1 startd0wnload22x.com
startd0wnload22x.com
6 KB
1 gositego.live
track.gositego.live — Cisco Umbrella Rank: 270411
510 B
1 setupspeedyhighlyinfo-file.info
setupspeedyhighlyinfo-file.info
359 B
1 admobe.com
brko.admobe.com — Cisco Umbrella Rank: 597008
339 B
1 traffic-c.com
1d5e051bc65.traffic-c.com
1 KB
1 pritha-ner.com
pritha-ner.com — Cisco Umbrella Rank: 796609
621 B
1 trffclb.com
ron.trffclb.com — Cisco Umbrella Rank: 306945
294 B
1 blowingwnd.com
t1.blowingwnd.com — Cisco Umbrella Rank: 261341
306 B
1 c4ptainn3lson.xyz
go.c4ptainn3lson.xyz
267 B
1 lowtid.com
t3.lowtid.com — Cisco Umbrella Rank: 170389
367 B
1 celxkpdir.com
click-v4.celxkpdir.com — Cisco Umbrella Rank: 72644
240 B
0 xpprinx2.com Failed
xpprinx2.com Failed
10 16
Domain Requested by
4 popmyads.com 2 redirects
2 prpops.com 1 redirects popmyads.com
2 www.google-analytics.com popmyads.com
www.google-analytics.com
1 startd0wnload22x.com
1 track.gositego.live
1 setupspeedyhighlyinfo-file.info 1 redirects
1 brko.admobe.com 1 redirects
1 1d5e051bc65.traffic-c.com
1 pritha-ner.com 1 redirects
1 widgets.amung.us
1 whos.amung.us 1 redirects
1 ron.trffclb.com 1 redirects
1 t1.blowingwnd.com 1 redirects
1 go.c4ptainn3lson.xyz 1 redirects
1 t3.lowtid.com 1 redirects
1 click-v4.celxkpdir.com 1 redirects
0 xpprinx2.com Failed startd0wnload22x.com
10 17

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-03 -
2023-06-02		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
traffic-c.com
R3		 2022-12-09 -
2023-03-09		 3 months crt.sh
track.gositego.live
Sectigo RSA Domain Validation Secure Server CA		 2022-05-31 -
2023-05-28		 a year crt.sh
startd0wnload22x.com
R3		 2023-01-17 -
2023-04-17		 3 months crt.sh

This page contains 1 frames:

Frame: https://xpprinx2.com//565/?ip=31.204.145.172&utm_term=&utm_source=AAd0yGMPKgUAMVcCAEpQFwASAO7xJesA&utm_content=338447
Frame ID: 88322FE27D2CB56B54684467CF6E4CD6
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://click-v4.celxkpdir.com/click?i=LwvJPnrZ15o_0 HTTP 302
    https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=LwvJPnrZ15o_0&s=4... HTTP 302
    https://go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.nl.windows.ch... HTTP 302
    https://t1.blowingwnd.com/v.php?p=c:p7561zmdc76notiux&d=63a38fcb569f180e9d0810d1&s=491151.447785_garss... HTTP 302
    https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.447785_ga... HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  2. https://popmyads.com/gget HTTP 302
    http://pritha-ner.com/0646613550?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://... HTTP 302
    https://popmyads.com/return/30?clickid=4cdd6821-9780-11ed-92a5-1280cfb74907 Page URL
  3. https://popmyads.com/returngo/MTY3NDA4MTI4MlE2RjcwVFlSVjk2Mk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA... HTTP 302
    http://prpops.com/p/sjbi/direct/t:0646613550 Page URL
  4. http://prpops.com/p/sjbi/direct/t:0646613550?prc_c=1674081283&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOi... HTTP 302
    https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=34146... Page URL
  5. https://brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5xmmfqes3ez7x... HTTP 302
    https://setupspeedyhighlyinfo-file.info/IBfxOfZBi6eBbC-FgLQKTx-hYRRDiEvqJmJjAhBCi6Y?clck=5xmmfqes3ez7xqwev0fswg08c,1... HTTP 302
    https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=D8EXhz6yO6F0x2uOKaAy-jZ9hkcmDktT&sub2=5vv5 Page URL
  6. https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_5vv5&s3=63c874075ad... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

10
Requests

70 %
HTTPS

21 %
IPv6

16
Domains

17
Subdomains

8
IPs

6
Countries

49 kB
Transfer

108 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://click-v4.celxkpdir.com/click?i=LwvJPnrZ15o_0 HTTP 302
    https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=LwvJPnrZ15o_0&s=447785_garss.tv HTTP 302
    https://go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.nl.windows.chrome&query=447785_garss.tv&pub_clickid=63c873fe0f160431a528d65a HTTP 302
    https://t1.blowingwnd.com/v.php?p=c:p7561zmdc76notiux&d=63a38fcb569f180e9d0810d1&s=491151.447785_garss.tv&d2=t3.lowtid.com&s2=491151&d1=31 HTTP 302
    https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.447785_garss.tv HTTP 302
    https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
  2. https://popmyads.com/gget HTTP 302
    http://pritha-ner.com/0646613550?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP 302
    https://popmyads.com/return/30?clickid=4cdd6821-9780-11ed-92a5-1280cfb74907 Page URL
  3. https://popmyads.com/returngo/MTY3NDA4MTI4MlE2RjcwVFlSVjk2Mk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDkuMC41NDE0Ljc0IFNhZmFyaS81MzcuMzY=/30/1600x1200/8/4/0 HTTP 302
    http://prpops.com/p/sjbi/direct/t:0646613550 Page URL
  4. http://prpops.com/p/sjbi/direct/t:0646613550?prc_c=1674081283&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZVwvMTA5LjAuNTQxNC43NCBTYWZhcmlcLzUzNy4zNiJ9&prc_h=943104f29e91181961f21ddf4f55d1cea40bd71a0830daeed6db2e31b2974dbd&pr_tsid=06d7d14e1d1480f24caf05dd1c4e97a31e9ad2eb6669514039d5d4ca595d02c9&pr_tsids=fbc89021754964b6bd228ab864541484283882e49c3f2d9313d3129bc220b9ad HTTP 302
    https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=341461cc8f85e688bdc6c8269b66a31935e2f8158e28b74538b556f3962fc66b&sub_id=7753721&transaction_id=S26582623 Page URL
  5. https://brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5xmmfqes3ez7xqwev0fswg08c,16543677,5,4554&sid=4554 HTTP 302
    https://setupspeedyhighlyinfo-file.info/IBfxOfZBi6eBbC-FgLQKTx-hYRRDiEvqJmJjAhBCi6Y?clck=5xmmfqes3ez7xqwev0fswg08c,16543677,5,4554&sid=4554 HTTP 302
    https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=D8EXhz6yO6F0x2uOKaAy-jZ9hkcmDktT&sub2=5vv5 Page URL
  6. https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_5vv5&s3=63c874075ad2dd00011f105f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://click-v4.celxkpdir.com/click?i=LwvJPnrZ15o_0 HTTP 302
  • https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=LwvJPnrZ15o_0&s=447785_garss.tv HTTP 302
  • https://go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.nl.windows.chrome&query=447785_garss.tv&pub_clickid=63c873fe0f160431a528d65a HTTP 302
  • https://t1.blowingwnd.com/v.php?p=c:p7561zmdc76notiux&d=63a38fcb569f180e9d0810d1&s=491151.447785_garss.tv&d2=t3.lowtid.com&s2=491151&d1=31 HTTP 302
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.447785_garss.tv HTTP 302
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Request Chain 1
  • https://whos.amung.us/swidget/popmyads.png HTTP 307
  • https://widgets.amung.us/draw/?w=small&n=13900&c=ffc20e000000&p=left
Request Chain 2
  • https://popmyads.com/gget HTTP 302
  • http://pritha-ner.com/0646613550?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP 302
  • https://popmyads.com/return/30?clickid=4cdd6821-9780-11ed-92a5-1280cfb74907
Request Chain 4
  • https://popmyads.com/returngo/MTY3NDA4MTI4MlE2RjcwVFlSVjk2Mk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDkuMC41NDE0Ljc0IFNhZmFyaS81MzcuMzY=/30/1600x1200/8/4/0 HTTP 302
  • http://prpops.com/p/sjbi/direct/t:0646613550
Request Chain 6
  • http://prpops.com/p/sjbi/direct/t:0646613550?prc_c=1674081283&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZVwvMTA5LjAuNTQxNC43NCBTYWZhcmlcLzUzNy4zNiJ9&prc_h=943104f29e91181961f21ddf4f55d1cea40bd71a0830daeed6db2e31b2974dbd&pr_tsid=06d7d14e1d1480f24caf05dd1c4e97a31e9ad2eb6669514039d5d4ca595d02c9&pr_tsids=fbc89021754964b6bd228ab864541484283882e49c3f2d9313d3129bc220b9ad HTTP 302
  • https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=341461cc8f85e688bdc6c8269b66a31935e2f8158e28b74538b556f3962fc66b&sub_id=7753721&transaction_id=S26582623
Request Chain 7
  • https://brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5xmmfqes3ez7xqwev0fswg08c,16543677,5,4554&sid=4554 HTTP 302
  • https://setupspeedyhighlyinfo-file.info/IBfxOfZBi6eBbC-FgLQKTx-hYRRDiEvqJmJjAhBCi6Y?clck=5xmmfqes3ez7xqwev0fswg08c,16543677,5,4554&sid=4554 HTTP 302
  • https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=D8EXhz6yO6F0x2uOKaAy-jZ9hkcmDktT&sub2=5vv5

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
aHR0cDovL3RyYWZmaXgxMy5jb20=
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/
Redirect Chain
  • http://click-v4.celxkpdir.com/click?i=LwvJPnrZ15o_0
  • https://t3.lowtid.com/s.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=LwvJPnrZ15o_0&s=447785_garss.tv
  • https://go.c4ptainn3lson.xyz/redirect?feed=491151&url=t3.lowtid.com&subid=custom_123j1djb25.nl.windows.chrome&query=447785_garss.tv&pub_clickid=63c873fe0f160431a528d65a
  • https://t1.blowingwnd.com/v.php?p=c:p7561zmdc76notiux&d=63a38fcb569f180e9d0810d1&s=491151.447785_garss.tv&d2=t3.lowtid.com&s2=491151&d1=31
  • https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_491151.447785_garss.tv
  • https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:891b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
78bacca6df51af2b-NRT
content-encoding
br
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=UTF-8
date
Wed, 18 Jan 2023 22:34:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoY0eLlxwE9DH4UYrp0wjQ3y3nFX0d9NmPmlltMbUlQGnlSkCp0hSFaY0Bo7LJT8uCMu%2BQ5mhqO1g1RPFm%2F8wLgPmUgAXDV7xC82miD%2FdElKEL8XF3v0pYZQsl2ALHcwtnqIMujlUl2%2Fo6I%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
DENY
x-powered-by
PHP/7.1.33

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 18 Jan 2023 22:34:40 GMT
Location
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Raund
12uf2w0vxv-2v7
Round
11kgq037yu
Server
nginx
/
widgets.amung.us/draw/
Redirect Chain
  • https://whos.amung.us/swidget/popmyads.png
  • https://widgets.amung.us/draw/?w=small&n=13900&c=ffc20e000000&p=left
364 B
530 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.amung.us/draw/?w=small&n=13900&c=ffc20e000000&p=left
Protocol
H2
Server
2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://popmyads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 22:34:41 GMT
cf-cache-status
HIT
last-modified
Sat, 24 Dec 2022 05:24:47 GMT
server
cloudflare
age
2221794
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2678400
content-disposition
filename=wau-widget.png
cf-ray
78bacca98a15b009-NRT
expires
Sun, 25 Dec 2022 05:24:47 GMT

Redirect headers

location
https://widgets.amung.us/draw/?w=small&n=13900&c=ffc20e000000&p=left
date
Wed, 18 Jan 2023 22:34:41 GMT
cache-control
max-age=295
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
78bacca8897cb009-NRT
content-type
text/html; charset=UTF-8
30
popmyads.com/return/
Redirect Chain
  • https://popmyads.com/gget
  • http://pritha-ner.com/0646613550?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
  • https://popmyads.com/return/30?clickid=4cdd6821-9780-11ed-92a5-1280cfb74907
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://popmyads.com/return/30?clickid=4cdd6821-9780-11ed-92a5-1280cfb74907
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:891b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.1.33
Resource Hash

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://popmyads.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
78baccacef08e03d-NRT
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 18 Jan 2023 22:34:43 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eUPWsD6Gn9sUejbLlMaPok%2FOzCilcPWDeXGdBZs%2FzWtZncEP8MRbIbA016X6FfNChBoWZf4rJF5ciClNoVZtZETqTkrQ2Uois%2FO4XlD1oq%2F6TIfdimW%2FSZQvICHzsn1pGFh6vW1y2bqQBBM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.1.33

Redirect headers

Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
keep-alive
Content-Length
0
Date
Wed, 18 Jan 2023 22:34:41 GMT
Location
https://popmyads.com/return/30?clickid=4cdd6821-9780-11ed-92a5-1280cfb74907
Server
mhSgGqcB
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: popmyads.com
URL: https://popmyads.com/return/30?clickid=4cdd6821-9780-11ed-92a5-1280cfb74907
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://popmyads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 18 Jan 2023 22:03:51 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
1852
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20085
expires
Thu, 19 Jan 2023 00:03:51 GMT
t:0646613550
prpops.com/p/sjbi/direct/
Redirect Chain
  • https://popmyads.com/returngo/MTY3NDA4MTI4MlE2RjcwVFlSVjk2Mk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDkuMC41NDE0Ljc0IFN...
  • http://prpops.com/p/sjbi/direct/t:0646613550
50 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://prpops.com/p/sjbi/direct/t:0646613550
Requested by
Host: popmyads.com
URL: https://popmyads.com/return/30?clickid=4cdd6821-9780-11ed-92a5-1280cfb74907
Protocol
HTTP/1.1
Server
23.235.244.212 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software
nginx /
Resource Hash
24e6cf799df89b3c367d81937305fe25eab7a8d5d83de1f196e99c0d4af65dc0

Request headers

Referer
https://popmyads.com/return/30?clickid=4cdd6821-9780-11ed-92a5-1280cfb74907
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Accept-CH
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Device-Memory, RTT, ECT, Downlink
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate, no-transform
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 18 Jan 2023 22:34:43 GMT
Expires
Tue, 31 Dec 2013 23:59:59 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
78baccb2fc2fe03d-NRT
content-type
text/html; charset=UTF-8
date
Wed, 18 Jan 2023 22:34:43 GMT
location
http://prpops.com/p/sjbi/direct/t:0646613550
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVAzQmIwRUEzsX1b96rTW%2FXseJWi173b44RayC2W38KBmH24eJvRv6jkIrcJ5eIV0%2B3CxlKBDB%2F7QXFMa89Vrr8b8o5PEWuyfZLUZtEjbuliUORFD%2FKjODgLlXAP1lWxO8LbHjNeii7yuVQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.1.33
collect
www.google-analytics.com/j/ 		2 B
205 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=638629972&t=pageview&_s=1&dl=https%3A%2F%2Fpopmyads.com%2Freturn%2F30%3Fclickid%3D4cdd6821-9780-11ed-92a5-1280cfb74907&ul=en-us&de=UTF-8&dt=PopMyAds%20Redirecting...&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAACAAI~&jid=6845659&gjid=1015170357&cid=1295631719.1674081283&tid=UA-43135408-1&_gid=1093135203.1674081283&_r=1&_slc=1&z=1750813664
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://popmyads.com/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 22:34:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://popmyads.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
1d5e051bc65.traffic-c.com/
Redirect Chain
  • http://prpops.com/p/sjbi/direct/t:0646613550?prc_c=1674081283&prc_r=eyJIVFRQX1VTRVJfQUdFTlQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR...
  • https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=341461cc8f85e688bdc6c8269b66a31935e2f8158e28b74538b556f3962fc66b&sub_id=7753721&transaction_...
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=341461cc8f85e688bdc6c8269b66a31935e2f8158e28b74538b556f3962fc66b&sub_id=7753721&transaction_id=S26582623
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.237.103.119 , Finland, ASN202053 (UPCLOUD, FI),
Reverse DNS
94-237-103-119.de-fra1.upcloud.host
Software
/
Resource Hash
29bdfa59f0600a8b92556e6054c4e96976d3241b807b66241ffd51e151fecb61

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
http://prpops.com
Referer
http://prpops.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 18 Jan 2023 22:34:44 GMT
expires
Wed, 18 Jan 2023 22:34:44 GMT
last-modified
Wed, 18 Jan 2023 22:34:44 GMT
pragma
no-cache
vary
Accept-Encoding
x-robots-tag
noindex, nofollow

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate, no-transform
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 18 Jan 2023 22:34:43 GMT
Expires
Tue, 31 Dec 2013 23:59:59 GMT
Location
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=341461cc8f85e688bdc6c8269b66a31935e2f8158e28b74538b556f3962fc66b&sub_id=7753721&transaction_id=S26582623
Server
nginx
Transfer-Encoding
chunked
click
track.gositego.live/
Redirect Chain
  • https://brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5xmmfqes3ez7xqwev0fswg08c,16543677,5,4554&sid=4554
  • https://setupspeedyhighlyinfo-file.info/IBfxOfZBi6eBbC-FgLQKTx-hYRRDiEvqJmJjAhBCi6Y?clck=5xmmfqes3ez7xqwev0fswg08c,16543677,5,4554&sid=4554
  • https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=D8EXhz6yO6F0x2uOKaAy-jZ9hkcmDktT&sub2=5vv5
256 B
510 B 		Document
General
Check archive.org
Download Go to
Full URL
https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=D8EXhz6yO6F0x2uOKaAy-jZ9hkcmDktT&sub2=5vv5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.91.234.242 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.234.91.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
60feec4fb4c7b2ac9512ba82513b3e0d61d3bee227669b123b107488b0786240

Request headers

Referer
https://1d5e051bc65.traffic-c.com/?p=4554&media_type=mainstream&pi=04_MS_DP_TrafficCompany_cert&click_id=341461cc8f85e688bdc6c8269b66a31935e2f8158e28b74538b556f3962fc66b&sub_id=7753721&transaction_id=S26582623
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 18 Jan 2023 22:34:47 GMT
server
nginx
x-adjust-use-original-forwarded-for
1

Redirect headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
142
Content-Type
text/html
Date
Wed, 18 Jan 2023 22:34:46 GMT
Location
https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=D8EXhz6yO6F0x2uOKaAy-jZ9hkcmDktT&sub2=5vv5
Server
nginx
Primary Request GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921
startd0wnload22x.com/ 		5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://startd0wnload22x.com/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_5vv5&s3=63c874075ad2dd00011f105f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.72.236.34 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Wed, 18 Jan 2023 22:34:47 GMT
Server
nginx
Transfer-Encoding
chunked
/
xpprinx2.com//565/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
xpprinx2.com
URL
https://xpprinx2.com//565/?ip=31.204.145.172&utm_term=&utm_source=AAd0yGMPKgUAMVcCAEpQFwASAO7xJesA&utm_content=338447

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

12 Cookies

Domain/Path Name / Value
prpops.com/p/sjbi/direct Name: woa1quur7O
Value: e6f0b4a9fd9bed46984e81d09babe2c88f78244d9076e3858e6e893e71aae4af7ed9d41ddd0f5f5ec059c5039c6bca69f427d44d835e53a6dcd3d603591a5af7
prpops.com/p/sjbi/direct Name: biscuit_suus99w8
Value: 8147e4a4797e6cc6d7d3b18a4770c24738620755d6e70a6914f1f5028b3a752d
pritha-ner.com/ Name: 604f7b6f-0cd4-4d20-93c1-e91664c5b996
Value: 4ce04e5a-9780-11ed-92a5-1280cfb74907
.popmyads.com/ Name: _ga
Value: GA1.2.1295631719.1674081283
.popmyads.com/ Name: _gid
Value: GA1.2.1093135203.1674081283
.popmyads.com/ Name: _gat
Value: 1
.1d5e051bc65.traffic-c.com/ Name: rts-trck
Value: 1
.traffic-c.com/ Name: t-uuid
Value: 5xmmfqes7a9pvyfa28uo8g48o
.traffic-c.com/ Name: traffic-back
Value: ok
setupspeedyhighlyinfo-file.info/ Name: session
Value: D8EXhz6yO6F0x2uOKaAy-jZ9hkcmDktT
track.gositego.live/ Name: afclick
Value: 63c874075ad2dd00011f105f
track.gositego.live/ Name: afoffers
Value: {"17742":1674081287}

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options DENY