Submitted URL: http://prompt.cannabisrxdoc.com/wonderful
Effective URL: https://mtzenhigqg.com/mg55d04t9w?key=5e8b8280638e71e3643e70cfb1a2c49c
Submission: On March 01 via api from US

Summary

This website contacted 7 IPs in 3 countries across 9 domains to perform 9 HTTP transactions. The main IP is 198.134.112.243, located in Garden City, United States and belongs to WEBAIR-INTERNET, US. The main domain is mtzenhigqg.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 12th 2020. Valid for: 3 months.
This is the only time mtzenhigqg.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 184.168.131.241 26496 (AS-26496-...)
1 1 103.224.212.222 133618 (TRELLIAN-...)
1 4 103.224.182.206 133618 (TRELLIAN-...)
1 2 116.202.81.140 24940 (HETZNER-AS)
2 3 198.143.165.219 32475 (SINGLEHOP...)
1 205.147.93.131 393676 (ZENEDGE)
1 2 3.226.77.126 14618 (AMAZON-AES)
1 198.134.112.243 27257 (WEBAIR-IN...)
9 7
Domain Requested by
4 bidr.trellian.com 1 redirects bidr.trellian.com
3 click.amazingtechsavings.xyz 2 redirects
2 getad.xyz yltenim.com
1 mtzenhigqg.com getad.xyz
1 yltenim.com click.amazingtechsavings.xyz
1 secure.click2partner.com bidr.trellian.com
1 secure.clicktrkservices.com 1 redirects
1 nnlis.wausauultimate.com 1 redirects
1 prompt.cannabisrxdoc.com 1 redirects
9 9

This site contains links to these domains. Also see Links.

Domain
terraclicks.com
Subject Issuer Validity Valid
secure.click2partner.com
Let's Encrypt Authority X3
2020-02-08 -
2020-05-08
3 months crt.sh
click.amazingtechsavings.xyz
Let's Encrypt Authority X3
2020-01-15 -
2020-04-14
3 months crt.sh
yltenim.com
Let's Encrypt Authority X3
2020-02-21 -
2020-05-21
3 months crt.sh
mtzenhigqg.com
Let's Encrypt Authority X3
2020-01-12 -
2020-04-11
3 months crt.sh

This page contains 1 frames:

Primary Page: https://mtzenhigqg.com/mg55d04t9w?key=5e8b8280638e71e3643e70cfb1a2c49c
Frame ID: DAF6410F50F851FDCE156EE7DFC0B540
Requests: 9 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://prompt.cannabisrxdoc.com/wonderful HTTP 302
    http://nnlis.wausauultimate.com/wonderful HTTP 302
    http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%... Page URL
  2. http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrkservices.com%2Findex.php%3Fkey%3Dz6lzic... HTTP 302
    https://secure.clicktrkservices.com/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1027333381&sid=2020030123... HTTP 302
    https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campai... Page URL
  3. https://click.amazingtechsavings.xyz/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2... HTTP 302
    https://click.amazingtechsavings.xyz/?utm_term=6799221675293409523&clickverify=1 Page URL
  4. https://click.amazingtechsavings.xyz/proc.php?69537d93125641738723b625bf8061af329f7f3a HTTP 302
    https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_... Page URL
  5. http://getad.xyz/go/216668/456926 Page URL
  6. http://getad.xyz/ad/ad?p=216668&w=456926&t=04dff734ac7010d3&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmN... HTTP 303
    https://mtzenhigqg.com/mg55d04t9w?key=5e8b8280638e71e3643e70cfb1a2c49c Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Debian/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

44 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

7
IPs

3
Countries

9 kB
Transfer

13 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://prompt.cannabisrxdoc.com/wonderful HTTP 302
    http://nnlis.wausauultimate.com/wonderful HTTP 302
    http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWioOEzFeaxpjeOJQ%2Bp%2FyEL%2BdpyjG09fA%2FrcI7e3QSDDa2zc5TyuQ6fygzc1uOfA1K82DY0XHg8nBe3uVdaM4cHk2FLXnWaj0YFlKthweJrmCxpAGds%2FxzexhNYz27y6USaraSMdMqMP2A%2FUAQoOVUiDr3AoebzwwDgslp2LxFoKJGEx0H2VsI7jFXQ2aeDmx8W5O%2FNaFxTXCouk61FyBCo%2B6uOoMUjK%2Fw75esLObJ9uw0LPBHCPXB2DYazd9II%2B%2BAZF59avy%2B6nQyzYEhNkXDoUr2uqswByvLD%2BGrBruIw87%2FNnOr0ryKjOpTujO7I0RstbpAbkZF28b5XgOp7hPUmAp1dcBy%2FytFak1%2F3XlJMvrCxMOeCYUDRyDh2L3HNuPUHFYfw0Rr%2BtGBmHWiZXcg%2F69k%2BN8zaNtMfHUDzO1MwOErXXXygFKHZBFcHJHjLpaehlf1IHnOSzpPd5GztIHgaGFb9hvAjG1oh%2F%2F56Okt8IJLwNNKLI2UzezyeVfO54GRewNeBCcw%2BiLnjVkFGcuUVOB3xmId9fw9SRQZ%2BWQyGe%2BMz%2BBfPBrpqXWGxYN0RgSe04aU7MHA4IiWSyGpzXwKy8WeCxuUGnTX1FfeunfDo38woCef5H0RL2sHUlBwc6s0TrhuPt4ZnkONWUtGMlnJvI%2BLmvUbzhNwHkdVnTxJHSGILKlrOanoa1TP5rRzj9MLIKSNHd2OgA%2FznM%3D Page URL
  2. http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrkservices.com%2Findex.php%3Fkey%3Dz6lzicrucf3l6lfp558m%26cpv%3D0.005%26subid%3D1027333381%26sid%3D20200301235236eaad524d117ab65671&s=j HTTP 302
    https://secure.clicktrkservices.com/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1027333381&sid=20200301235236eaad524d117ab65671 HTTP 302
    https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f&url_bnm_redirect=https://click.amazingtechsavings.xyz/ Page URL
  3. https://click.amazingtechsavings.xyz/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f HTTP 302
    https://click.amazingtechsavings.xyz/?utm_term=6799221675293409523&clickverify=1 Page URL
  4. https://click.amazingtechsavings.xyz/proc.php?69537d93125641738723b625bf8061af329f7f3a HTTP 302
    https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6799221675293409523&ext1=240 Page URL
  5. http://getad.xyz/go/216668/456926 Page URL
  6. http://getad.xyz/ad/ad?p=216668&w=456926&t=04dff734ac7010d3&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmNvbSUyRg==&vw=1600&vh=1200 HTTP 303
    https://mtzenhigqg.com/mg55d04t9w?key=5e8b8280638e71e3643e70cfb1a2c49c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://prompt.cannabisrxdoc.com/wonderful HTTP 302
  • http://nnlis.wausauultimate.com/wonderful HTTP 302
  • http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWioOEzFeaxpjeOJQ%2Bp%2FyEL%2BdpyjG09fA%2FrcI7e3QSDDa2zc5TyuQ6fygzc1uOfA1K82DY0XHg8nBe3uVdaM4cHk2FLXnWaj0YFlKthweJrmCxpAGds%2FxzexhNYz27y6USaraSMdMqMP2A%2FUAQoOVUiDr3AoebzwwDgslp2LxFoKJGEx0H2VsI7jFXQ2aeDmx8W5O%2FNaFxTXCouk61FyBCo%2B6uOoMUjK%2Fw75esLObJ9uw0LPBHCPXB2DYazd9II%2B%2BAZF59avy%2B6nQyzYEhNkXDoUr2uqswByvLD%2BGrBruIw87%2FNnOr0ryKjOpTujO7I0RstbpAbkZF28b5XgOp7hPUmAp1dcBy%2FytFak1%2F3XlJMvrCxMOeCYUDRyDh2L3HNuPUHFYfw0Rr%2BtGBmHWiZXcg%2F69k%2BN8zaNtMfHUDzO1MwOErXXXygFKHZBFcHJHjLpaehlf1IHnOSzpPd5GztIHgaGFb9hvAjG1oh%2F%2F56Okt8IJLwNNKLI2UzezyeVfO54GRewNeBCcw%2BiLnjVkFGcuUVOB3xmId9fw9SRQZ%2BWQyGe%2BMz%2BBfPBrpqXWGxYN0RgSe04aU7MHA4IiWSyGpzXwKy8WeCxuUGnTX1FfeunfDo38woCef5H0RL2sHUlBwc6s0TrhuPt4ZnkONWUtGMlnJvI%2BLmvUbzhNwHkdVnTxJHSGILKlrOanoa1TP5rRzj9MLIKSNHd2OgA%2FznM%3D
Request Chain 3
  • http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrkservices.com%2Findex.php%3Fkey%3Dz6lzicrucf3l6lfp558m%26cpv%3D0.005%26subid%3D1027333381%26sid%3D20200301235236eaad524d117ab65671&s=j HTTP 302
  • https://secure.clicktrkservices.com/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1027333381&sid=20200301235236eaad524d117ab65671 HTTP 302
  • https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f&url_bnm_redirect=https://click.amazingtechsavings.xyz/
Request Chain 4
  • https://click.amazingtechsavings.xyz/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f HTTP 302
  • https://click.amazingtechsavings.xyz/?utm_term=6799221675293409523&clickverify=1
Request Chain 5
  • https://click.amazingtechsavings.xyz/proc.php?69537d93125641738723b625bf8061af329f7f3a HTTP 302
  • https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6799221675293409523&ext1=240

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set r2.php
bidr.trellian.com/
Redirect Chain
  • http://prompt.cannabisrxdoc.com/wonderful
  • http://nnlis.wausauultimate.com/wonderful
  • http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWio...
2 KB
2 KB
Document
General
Full URL
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWioOEzFeaxpjeOJQ%2Bp%2FyEL%2BdpyjG09fA%2FrcI7e3QSDDa2zc5TyuQ6fygzc1uOfA1K82DY0XHg8nBe3uVdaM4cHk2FLXnWaj0YFlKthweJrmCxpAGds%2FxzexhNYz27y6USaraSMdMqMP2A%2FUAQoOVUiDr3AoebzwwDgslp2LxFoKJGEx0H2VsI7jFXQ2aeDmx8W5O%2FNaFxTXCouk61FyBCo%2B6uOoMUjK%2Fw75esLObJ9uw0LPBHCPXB2DYazd9II%2B%2BAZF59avy%2B6nQyzYEhNkXDoUr2uqswByvLD%2BGrBruIw87%2FNnOr0ryKjOpTujO7I0RstbpAbkZF28b5XgOp7hPUmAp1dcBy%2FytFak1%2F3XlJMvrCxMOeCYUDRyDh2L3HNuPUHFYfw0Rr%2BtGBmHWiZXcg%2F69k%2BN8zaNtMfHUDzO1MwOErXXXygFKHZBFcHJHjLpaehlf1IHnOSzpPd5GztIHgaGFb9hvAjG1oh%2F%2F56Okt8IJLwNNKLI2UzezyeVfO54GRewNeBCcw%2BiLnjVkFGcuUVOB3xmId9fw9SRQZ%2BWQyGe%2BMz%2BBfPBrpqXWGxYN0RgSe04aU7MHA4IiWSyGpzXwKy8WeCxuUGnTX1FfeunfDo38woCef5H0RL2sHUlBwc6s0TrhuPt4ZnkONWUtGMlnJvI%2BLmvUbzhNwHkdVnTxJHSGILKlrOanoa1TP5rRzj9MLIKSNHd2OgA%2FznM%3D
Protocol
HTTP/1.1
Server
103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
bidr.trellian.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
85943dd2ac3db905fd812672143762d2be4818c6f13492796a87bdefa6986a98

Request headers

Host
bidr.trellian.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 01 Mar 2020 12:52:37 GMT
Server
Apache/2.4.25 (Debian)
Set-Cookie
__dsnsid=20200301235236eaad524d117ab65671; expires=Mon, 01-Mar-2021 12:52:37 GMT; Max-Age=31536000; path=/; domain=bidr.trellian.com
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1274
Connection
close
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sun, 01 Mar 2020 12:52:36 GMT
Server
Apache/2.4.25 (Debian)
Set-Cookie
__tad=1583067156.1365724; expires=Wed, 27-Feb-2030 12:52:36 GMT; Max-Age=315360000
Location
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWioOEzFeaxpjeOJQ%2Bp%2FyEL%2BdpyjG09fA%2FrcI7e3QSDDa2zc5TyuQ6fygzc1uOfA1K82DY0XHg8nBe3uVdaM4cHk2FLXnWaj0YFlKthweJrmCxpAGds%2FxzexhNYz27y6USaraSMdMqMP2A%2FUAQoOVUiDr3AoebzwwDgslp2LxFoKJGEx0H2VsI7jFXQ2aeDmx8W5O%2FNaFxTXCouk61FyBCo%2B6uOoMUjK%2Fw75esLObJ9uw0LPBHCPXB2DYazd9II%2B%2BAZF59avy%2B6nQyzYEhNkXDoUr2uqswByvLD%2BGrBruIw87%2FNnOr0ryKjOpTujO7I0RstbpAbkZF28b5XgOp7hPUmAp1dcBy%2FytFak1%2F3XlJMvrCxMOeCYUDRyDh2L3HNuPUHFYfw0Rr%2BtGBmHWiZXcg%2F69k%2BN8zaNtMfHUDzO1MwOErXXXygFKHZBFcHJHjLpaehlf1IHnOSzpPd5GztIHgaGFb9hvAjG1oh%2F%2F56Okt8IJLwNNKLI2UzezyeVfO54GRewNeBCcw%2BiLnjVkFGcuUVOB3xmId9fw9SRQZ%2BWQyGe%2BMz%2BBfPBrpqXWGxYN0RgSe04aU7MHA4IiWSyGpzXwKy8WeCxuUGnTX1FfeunfDo38woCef5H0RL2sHUlBwc6s0TrhuPt4ZnkONWUtGMlnJvI%2BLmvUbzhNwHkdVnTxJHSGILKlrOanoa1TP5rRzj9MLIKSNHd2OgA%2FznM%3D
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
jscheck.js
bidr.trellian.com/javascript/
858 B
701 B
Script
General
Full URL
http://bidr.trellian.com/javascript/jscheck.js
Requested by
Host: bidr.trellian.com
URL: http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWioOEzFeaxpjeOJQ%2Bp%2FyEL%2BdpyjG09fA%2FrcI7e3QSDDa2zc5TyuQ6fygzc1uOfA1K82DY0XHg8nBe3uVdaM4cHk2FLXnWaj0YFlKthweJrmCxpAGds%2FxzexhNYz27y6USaraSMdMqMP2A%2FUAQoOVUiDr3AoebzwwDgslp2LxFoKJGEx0H2VsI7jFXQ2aeDmx8W5O%2FNaFxTXCouk61FyBCo%2B6uOoMUjK%2Fw75esLObJ9uw0LPBHCPXB2DYazd9II%2B%2BAZF59avy%2B6nQyzYEhNkXDoUr2uqswByvLD%2BGrBruIw87%2FNnOr0ryKjOpTujO7I0RstbpAbkZF28b5XgOp7hPUmAp1dcBy%2FytFak1%2F3XlJMvrCxMOeCYUDRyDh2L3HNuPUHFYfw0Rr%2BtGBmHWiZXcg%2F69k%2BN8zaNtMfHUDzO1MwOErXXXygFKHZBFcHJHjLpaehlf1IHnOSzpPd5GztIHgaGFb9hvAjG1oh%2F%2F56Okt8IJLwNNKLI2UzezyeVfO54GRewNeBCcw%2BiLnjVkFGcuUVOB3xmId9fw9SRQZ%2BWQyGe%2BMz%2BBfPBrpqXWGxYN0RgSe04aU7MHA4IiWSyGpzXwKy8WeCxuUGnTX1FfeunfDo38woCef5H0RL2sHUlBwc6s0TrhuPt4ZnkONWUtGMlnJvI%2BLmvUbzhNwHkdVnTxJHSGILKlrOanoa1TP5rRzj9MLIKSNHd2OgA%2FznM%3D
Protocol
HTTP/1.1
Server
103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
bidr.trellian.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
0766f527fcf931c99f93825401ea5d39f6cfe63b56bfd1050f9d1689a8266ab4

Request headers

Referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWioOEzFeaxpjeOJQ%2Bp%2FyEL%2BdpyjG09fA%2FrcI7e3QSDDa2zc5TyuQ6fygzc1uOfA1K82DY0XHg8nBe3uVdaM4cHk2FLXnWaj0YFlKthweJrmCxpAGds%2FxzexhNYz27y6USaraSMdMqMP2A%2FUAQoOVUiDr3AoebzwwDgslp2LxFoKJGEx0H2VsI7jFXQ2aeDmx8W5O%2FNaFxTXCouk61FyBCo%2B6uOoMUjK%2Fw75esLObJ9uw0LPBHCPXB2DYazd9II%2B%2BAZF59avy%2B6nQyzYEhNkXDoUr2uqswByvLD%2BGrBruIw87%2FNnOr0ryKjOpTujO7I0RstbpAbkZF28b5XgOp7hPUmAp1dcBy%2FytFak1%2F3XlJMvrCxMOeCYUDRyDh2L3HNuPUHFYfw0Rr%2BtGBmHWiZXcg%2F69k%2BN8zaNtMfHUDzO1MwOErXXXygFKHZBFcHJHjLpaehlf1IHnOSzpPd5GztIHgaGFb9hvAjG1oh%2F%2F56Okt8IJLwNNKLI2UzezyeVfO54GRewNeBCcw%2BiLnjVkFGcuUVOB3xmId9fw9SRQZ%2BWQyGe%2BMz%2BBfPBrpqXWGxYN0RgSe04aU7MHA4IiWSyGpzXwKy8WeCxuUGnTX1FfeunfDo38woCef5H0RL2sHUlBwc6s0TrhuPt4ZnkONWUtGMlnJvI%2BLmvUbzhNwHkdVnTxJHSGILKlrOanoa1TP5rRzj9MLIKSNHd2OgA%2FznM%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 01 Mar 2020 12:52:37 GMT
Content-Encoding
gzip
Last-Modified
Wed, 12 Dec 2018 05:53:30 GMT
Server
Apache/2.4.25 (Debian)
ETag
"35a-57cccd155b974-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
388
jscheck.php
bidr.trellian.com/
0
166 B
XHR
General
Full URL
http://bidr.trellian.com/jscheck.php?enc=cF8L0S4UvzZFbF2sJTBoT7wGHIV1oBfxrO1e%2BzyN56nI3%2BPo%2BXJ55RUMxqHPOx%2F79HtsTnKHYx6SRWFrtKskSHmKE%2Ffu0U6Vcofp4YlA65ofTHkYcKPTCQIs1%2FQLHebo48gyNtfqxLjhwwHAo6lwqNTGRzASVtHtBKGIrsnsvZj0bL0IQqU1CoMkoZnT%2FG1KXzd1LK2Hn6UihPud%2BBriGFBdyqq5LANPYdxHufNBy%2B9tUJXZUYe6k3wEpPsIhWwckC58ESbKGn1yITT6wPWgCOSKSqnBMThd6mbZY6NHhYcjfxBAJzUZngsKNLeUllM28WpFde3SGyueFQlaMgtSe8AcUq0CV%2BRB2NjXVuqwKTj00qi1Q6y%2FxRSgm7BtCiNiNgmwWj40%2Bv4xOPe8sVw8LfgNQNoYdw7wMMUO9yM2kUvLyD5xglBu3TY8%2BZAAoUT2cudpoDxsNJ8%2BQFN8ZQDcBjlmn%2BV63xy9eMg9CH3tXVxNdHfar%2B45MHdX10oYAi0toQtNv3gyHBYmL11kqFGqITJCBp8qJLow%2BIOCGCkNetyNjOy3%2FcjsBjreOpUVmG53562jiPX%2FXaHxhktMBfHpjNq2NV5n%2F%2FxCTmQiDxvk5rufeoJSfObdDRJW4zgDsMoDGGjdl5qmgocv1EVrzWuqBaSc9a8yUs9JFMswN3zHWARKFTo7k0F%2BnTN9LU7eJMV6oKcWzJNmfYCzVm%2BLZkRXpQwkdKvx7xILT1jh6R5XOBY5PPl3pznQEdMNJ%2BX%2FytySCN68a6f6lHw8084wk5Q0D9YF4Zg1p9r%2Buj13OYFYZVsmwLFFL3FRynL6VU9%2FWG1L0Kf11sYsvSfWdtpFnFIoVM1aTCVLofN7%2FdhK0qlOu26jkllP2VL2%2BLt2pk5Pfr8GRc4Fd56WdfiwYSoEc5CwdG%2Fiv4NtbI8Bl%2B8%2FgYVgnhciVJ%2FHpbhhJ5%2BhxQa3Gh0XJJBmHXaM3LeRu5ENn%2ByoYyARvrU%2FZeo%2B99vvvPAdHlM%3D&rand=0.6254256594214522
Requested by
Host: bidr.trellian.com
URL: http://bidr.trellian.com/javascript/jscheck.js
Protocol
HTTP/1.1
Server
103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
bidr.trellian.com
Software
Apache/2.4.25 (Debian) /
Resource Hash

Request headers

Referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWioOEzFeaxpjeOJQ%2Bp%2FyEL%2BdpyjG09fA%2FrcI7e3QSDDa2zc5TyuQ6fygzc1uOfA1K82DY0XHg8nBe3uVdaM4cHk2FLXnWaj0YFlKthweJrmCxpAGds%2FxzexhNYz27y6USaraSMdMqMP2A%2FUAQoOVUiDr3AoebzwwDgslp2LxFoKJGEx0H2VsI7jFXQ2aeDmx8W5O%2FNaFxTXCouk61FyBCo%2B6uOoMUjK%2Fw75esLObJ9uw0LPBHCPXB2DYazd9II%2B%2BAZF59avy%2B6nQyzYEhNkXDoUr2uqswByvLD%2BGrBruIw87%2FNnOr0ryKjOpTujO7I0RstbpAbkZF28b5XgOp7hPUmAp1dcBy%2FytFak1%2F3XlJMvrCxMOeCYUDRyDh2L3HNuPUHFYfw0Rr%2BtGBmHWiZXcg%2F69k%2BN8zaNtMfHUDzO1MwOErXXXygFKHZBFcHJHjLpaehlf1IHnOSzpPd5GztIHgaGFb9hvAjG1oh%2F%2F56Okt8IJLwNNKLI2UzezyeVfO54GRewNeBCcw%2BiLnjVkFGcuUVOB3xmId9fw9SRQZ%2BWQyGe%2BMz%2BBfPBrpqXWGxYN0RgSe04aU7MHA4IiWSyGpzXwKy8WeCxuUGnTX1FfeunfDo38woCef5H0RL2sHUlBwc6s0TrhuPt4ZnkONWUtGMlnJvI%2BLmvUbzhNwHkdVnTxJHSGILKlrOanoa1TP5rRzj9MLIKSNHd2OgA%2FznM%3D
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 01 Mar 2020 12:52:38 GMT
Server
Apache/2.4.25 (Debian)
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
index.php
secure.click2partner.com/nlp/
Redirect Chain
  • http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrkservices.com%2Findex.php%3Fkey%3Dz6lzicrucf3l6lfp558m%26cpv%3D0.005%26subid%3D1027333381%26sid%3D20200301235236eaad524d117ab65671&s=j
  • https://secure.clicktrkservices.com/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1027333381&sid=20200301235236eaad524d117ab65671
  • https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f&url_bnm_redirect=https://click.amazingtechsavings.xyz/
179 B
298 B
Document
General
Full URL
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f&url_bnm_redirect=https://click.amazingtechsavings.xyz/
Requested by
Host: bidr.trellian.com
URL: http://bidr.trellian.com/javascript/jscheck.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
116.202.81.140 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.140.81.202.116.clients.your-server.de
Software
nginx/1.16.1 /
Resource Hash
3b5554a7700b4f8dd10fbbe3053e882244fc01f181291433ca4f1646143e1982
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
secure.click2partner.com
:scheme
https
:path
/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f&url_bnm_redirect=https://click.amazingtechsavings.xyz/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWioOEzFeaxpjeOJQ%2Bp%2FyEL%2BdpyjG09fA%2FrcI7e3QSDDa2zc5TyuQ6fygzc1uOfA1K82DY0XHg8nBe3uVdaM4cHk2FLXnWaj0YFlKthweJrmCxpAGds%2FxzexhNYz27y6USaraSMdMqMP2A%2FUAQoOVUiDr3AoebzwwDgslp2LxFoKJGEx0H2VsI7jFXQ2aeDmx8W5O%2FNaFxTXCouk61FyBCo%2B6uOoMUjK%2Fw75esLObJ9uw0LPBHCPXB2DYazd9II%2B%2BAZF59avy%2B6nQyzYEhNkXDoUr2uqswByvLD%2BGrBruIw87%2FNnOr0ryKjOpTujO7I0RstbpAbkZF28b5XgOp7hPUmAp1dcBy%2FytFak1%2F3XlJMvrCxMOeCYUDRyDh2L3HNuPUHFYfw0Rr%2BtGBmHWiZXcg%2F69k%2BN8zaNtMfHUDzO1MwOErXXXygFKHZBFcHJHjLpaehlf1IHnOSzpPd5GztIHgaGFb9hvAjG1oh%2F%2F56Okt8IJLwNNKLI2UzezyeVfO54GRewNeBCcw%2BiLnjVkFGcuUVOB3xmId9fw9SRQZ%2BWQyGe%2BMz%2BBfPBrpqXWGxYN0RgSe04aU7MHA4IiWSyGpzXwKy8WeCxuUGnTX1FfeunfDo38woCef5H0RL2sHUlBwc6s0TrhuPt4ZnkONWUtGMlnJvI%2BLmvUbzhNwHkdVnTxJHSGILKlrOanoa1TP5rRzj9MLIKSNHd2OgA%2FznM%3D
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yOqyxJs68zXDe7YVicxac4IVcTAfMnZ2BLEyGN4hYymDUi%2BzNVj6EvyPn7xXdylixIXWGCfgC%2FLNCMvVBxyUZuz9lDJSncCoLfAo7nsh1exD7voxJ4aiJ2SgTjmBPVfb6kAf4GcQWioOEzFeaxpjeOJQ%2Bp%2FyEL%2BdpyjG09fA%2FrcI7e3QSDDa2zc5TyuQ6fygzc1uOfA1K82DY0XHg8nBe3uVdaM4cHk2FLXnWaj0YFlKthweJrmCxpAGds%2FxzexhNYz27y6USaraSMdMqMP2A%2FUAQoOVUiDr3AoebzwwDgslp2LxFoKJGEx0H2VsI7jFXQ2aeDmx8W5O%2FNaFxTXCouk61FyBCo%2B6uOoMUjK%2Fw75esLObJ9uw0LPBHCPXB2DYazd9II%2B%2BAZF59avy%2B6nQyzYEhNkXDoUr2uqswByvLD%2BGrBruIw87%2FNnOr0ryKjOpTujO7I0RstbpAbkZF28b5XgOp7hPUmAp1dcBy%2FytFak1%2F3XlJMvrCxMOeCYUDRyDh2L3HNuPUHFYfw0Rr%2BtGBmHWiZXcg%2F69k%2BN8zaNtMfHUDzO1MwOErXXXygFKHZBFcHJHjLpaehlf1IHnOSzpPd5GztIHgaGFb9hvAjG1oh%2F%2F56Okt8IJLwNNKLI2UzezyeVfO54GRewNeBCcw%2BiLnjVkFGcuUVOB3xmId9fw9SRQZ%2BWQyGe%2BMz%2BBfPBrpqXWGxYN0RgSe04aU7MHA4IiWSyGpzXwKy8WeCxuUGnTX1FfeunfDo38woCef5H0RL2sHUlBwc6s0TrhuPt4ZnkONWUtGMlnJvI%2BLmvUbzhNwHkdVnTxJHSGILKlrOanoa1TP5rRzj9MLIKSNHd2OgA%2FznM%3D

Response headers

status
200
server
nginx/1.16.1
date
Sun, 01 Mar 2020 12:52:38 GMT
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=31536000
content-encoding
gzip

Redirect headers

status
302
server
nginx/1.16.1
date
Sun, 01 Mar 2020 12:52:38 GMT
content-type
text/html; charset=UTF-8
location
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f&url_bnm_redirect=https://click.amazingtechsavings.xyz/
set-cookie
uclick=irejocq5; expires=Mon, 02-Mar-2020 12:52:38 GMT; Max-Age=86400; path=/
strict-transport-security
max-age=31536000
/
click.amazingtechsavings.xyz/
Redirect Chain
  • https://click.amazingtechsavings.xyz/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f
  • https://click.amazingtechsavings.xyz/?utm_term=6799221675293409523&clickverify=1
5 KB
2 KB
Document
General
Full URL
https://click.amazingtechsavings.xyz/?utm_term=6799221675293409523&clickverify=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.219 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.3.4
Resource Hash
04cf5d49c262a1573f910c4bc9ad21dd8c0f08d82eba82f802bb00296e52803a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
click.amazingtechsavings.xyz
:scheme
https
:path
/?utm_term=6799221675293409523&clickverify=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f&url_bnm_redirect=https://click.amazingtechsavings.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
u=769471d598276321d26d75d7ee30bce8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=9ef1firejocq528f&url_bnm_redirect=https://click.amazingtechsavings.xyz/

Response headers

status
200
server
nginx
date
Sun, 01 Mar 2020 12:52:39 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip

Redirect headers

status
302
server
nginx
date
Sun, 01 Mar 2020 12:52:39 GMT
content-type
text/html; charset=UTF-8
location
https://click.amazingtechsavings.xyz/?utm_term=6799221675293409523&clickverify=1
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=769471d598276321d26d75d7ee30bce8; expires=Mon, 01-Mar-2021 12:52:39 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m
yltenim.com/nh4ea/ciqM/fC6c/
Redirect Chain
  • https://click.amazingtechsavings.xyz/proc.php?69537d93125641738723b625bf8061af329f7f3a
  • https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6799221675293409523&ext1=240
4 KB
4 KB
Document
General
Full URL
https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6799221675293409523&ext1=240
Requested by
Host: click.amazingtechsavings.xyz
URL: https://click.amazingtechsavings.xyz/?utm_term=6799221675293409523&clickverify=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.147.93.131 , United States, ASN393676 (ZENEDGE, US),
Reverse DNS
Software
ZENEDGE /
Resource Hash
4c57d9113c646335efe6600d71938167bb1545dcff70b2190c0399c616201700
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

:method
GET
:authority
yltenim.com
:scheme
https
:path
/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6799221675293409523&ext1=240
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://click.amazingtechsavings.xyz/?utm_term=6799221675293409523&clickverify=1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://click.amazingtechsavings.xyz/?utm_term=6799221675293409523&clickverify=1#

Response headers

status
200
content-type
text/html;charset=utf-8
expires
Sat, 26 Jul 1997 05:00:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
date
Sun, 01 Mar 2020 12:52:39 GMT
content-encoding
gzip
vary
Accept-Encoding Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0
x-cache-status
NOTCACHED
x-zen-fury
3715ec5f13c22e155506edf69c9dc4e10b722757
set-cookie
TR7A3jMiISYwstsFmTB2nnIHQbldWUy4oIejVz55dlg%3D=2a10765a8d0650e95eea40f1cddf951e_1583067159.6531; domain=yltenim.com; path=/; expires=Wed, 27-Feb-2030 12:52:39 UTC; Secure b5lq9eygwZllzl4luI4VBgQgNE5fCh5dQrQRotUx370%3D=1583067159.6571; domain=yltenim.com; path=/; expires=Wed, 27-Feb-2030 12:52:39 UTC; Secure vHgNpuORtFmyejMz%2Fu4SCq%2BJuUygP9Fo7yvtcHxZqjM%3D=WHlvZ1RKeTY5eW1UQkpKSmh1Sjl3UmlWM1B2MEdWblpaZTllbCtuR0gwaHNzVm5Rc1g2NWY4Yk5KQkVtbkU2Tg%3D%3D; domain=yltenim.com; path=/; expires=Wed, 27-Feb-2030 12:52:39 UTC; Secure 2a10765a8d0650e95eea40f1cddf951e_1583067159.6531_ck=ck1JbktjM2d5ZHdqZ0pMbmNTTC83bDFxSmdQaVRNRkJMVEpDZ01Cclk0UElIdkt6dGhLZjhqdjJ3bjFPUWl5VUVqaGJEVVZTNnhGb0owem54OTFpRkxleXMyQllSam5zdk0rTDk3aGN4MVo1V2FHTTlpSmpCelV5ejF0dldSbmFqSEg3N3U4blRza3VsbTYwYUFqOGE5UGd5VVVaaFlSTkFiTGMvakNqOUxZelBGTnNxL1VXdERTMWZTSkxqRXJIU0E4anV6UWdaNVlRWjFiNFlRKzJtOGRYWHZqZDR3c1ppZmhnajdEV3dhYzhHTVAvZzlkZzhxenRoSHg5bHV5Z3FCd0FZRTk2eitBSWdHOTBFTVFxS3F0VHd6L1dYbjdIbnhWTENndXdTZlRQbG9UaE8xVXQ0S1hadW0wNEpXOHRCZkgrMWNsTE1DYmhBUzh3blBRNFplOVlYdWZRV21zRjNTRG9CWWtja2NqRVlocXkvMVNYVy9HUkdHamUzWEM5b3prTWYzZmVXNDdEbFphczFGTmM5cWpudEtVSzFndVhzYVlIRXZlczNKTEJ3R3BBelVMdzhvbkYvL0piR0U3b1Z3TVNhaS9mN2VRZ0M3d2dxbC9ReGkvOFlmZGtHRkVUM2hzMTJmWDU2aUFBZHQ4MWcxMmE0QWk0ZjRvMHUwYTFmSEhzdFAvbHBiRjl6aWErc1JhekZiTnE3a21ueEhzMU5Odmw0K2tIVDRrby9JRGFCMlRFbi9nek5aNFNhUTlvb2xQZU1QK3VxVlh3a2xjMlZ5N3l1OWVDa2ExZG51ZSsxKzNiMStDZDQyK05ERmJhOFRqT05WQjR3bE8yYlY3dmRvMmV0aXdKNDEyc01aRW5DVE1BWUNtN1R5emhySkZvV01vejVmTWNhMXlrVnFNc29Kb0FlSWJLU1hBbkZEVkw3Ry9BTzVVUkloZ2lFR3FjaEFiTmFDYzY2elFWRzZ4TitLby9sbkN6eERFZGdrVTZTL2pxOTk1WUtHUHFtZkRrSllLUGxVbi9XWGRpY0FxMEJOL21uaXpnNHBYTHRjNVl1Um9IQ3Zzd3k1KzlhcnA2UTV4djRBMVhBSkdsNXFscDJ0ZTdSVnBJWlRybGxuN2ZDN1ZuQVJZN25kQUlGSGVpb2gwcFZ1SUxUS2ZpY1BZS0JwK3I3d0Z3YUNtZHJxbGJSdVNyZGV1SlJxUWFCY2dUbVhkNU95dU0wQmFTaEZ5YjJKd1JBK1RadmlacHp1dkZKZzYxVmJFcTVVV1FHQ2VhZGd1eHZuM2duVFdyR2txZzByOFFDY3dYaUpzY21PRmk0OXhKb0ozK0I5S2ZaeGtSc0FLYTRqUi9TWDMzYXBFYw%3D%3D; domain=yltenim.com; path=/; expires=Wed, 27-Feb-2030 12:52:39 UTC; Secure f%2BNxABd9BuS%2BD6mZ%2FBtNNoR%2BezmypWHgySeOvF3EM0s%3D=Nk1zNnpOL3pWVUdVMjY2a3NuU2VzWXZsbVhFQko4V0ZWenB3L3NlL0tWbVdUVHZEdDdkUWZwVHBiVDBPT3J1aDQrbXZISFdjRzBydHlaSHJvbWJGTnBUallxZUc1bjV0dFlWSXlmZWVQOFE9; domain=yltenim.com; path=/; expires=Sun, 01-Mar-2020 13:57:39 UTC; Secure SERVERID=sfc8; path=/
server
ZENEDGE
x-cdn
Served-By-Zenedge

Redirect headers

status
302
server
nginx
date
Sun, 01 Mar 2020 12:52:39 GMT
content-type
text/html; charset=UTF-8
location
https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6799221675293409523&ext1=240
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
456926
getad.xyz/go/216668/
0
0

456926
getad.xyz/go/216668/
466 B
517 B
Document
General
Full URL
http://getad.xyz/go/216668/456926
Requested by
Host: yltenim.com
URL: https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6799221675293409523&ext1=240
Protocol
HTTP/1.1
Server
3.226.77.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-77-126.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c73acf5ab220140fe3e3811ae395e1f760a5bd0559fb17e7c574eeb9f0d283cd

Request headers

Host
getad.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
https://yltenim.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://yltenim.com/

Response headers

Date
Sun, 01 Mar 2020 12:52:39 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx
Vary
Accept-Encoding
Content-Encoding
gzip
Primary Request Cookie set mg55d04t9w
mtzenhigqg.com/
Redirect Chain
  • http://getad.xyz/ad/ad?p=216668&w=456926&t=04dff734ac7010d3&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmNvbSUyRg==&vw=1600&vh=1200
  • https://mtzenhigqg.com/mg55d04t9w?key=5e8b8280638e71e3643e70cfb1a2c49c
103 B
515 B
Document
General
Full URL
https://mtzenhigqg.com/mg55d04t9w?key=5e8b8280638e71e3643e70cfb1a2c49c
Requested by
Host: getad.xyz
URL: http://getad.xyz/go/216668/456926
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.134.112.243 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash
ab030a8588ef9530d38a74d9e14b36ccdd792323af6352d4d5da9d19b9b95341
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

Host
mtzenhigqg.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
http://getad.xyz/go/216668/456926
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://getad.xyz/go/216668/456926

Response headers

Server
nginx/1.17.6
Date
Sun, 01 Mar 2020 12:52:41 GMT
Content-Type
text/html
Content-Length
103
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
u_pl=14393656; expires=Mon, 02 Mar 2020 12:52:41 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=0; includeSubdomains

Redirect headers

Date
Sun, 01 Mar 2020 12:52:40 GMT
Content-Type
text/html; charset=utf-8
Content-Length
97
Connection
keep-alive
Server
nginx
Location
https://mtzenhigqg.com/mg55d04t9w?key=5e8b8280638e71e3643e70cfb1a2c49c

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
getad.xyz
URL
http://getad.xyz/go/216668/456926?

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

1 Cookies

Domain/Path Name / Value
mtzenhigqg.com/ Name: u_pl
Value: 14393656