Submitted URL: http://dcapitalone.com/
Effective URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Submission: On February 28 via api from US

Summary

This website contacted 11 IPs in 6 countries across 13 domains to perform 21 HTTP transactions. The main IP is 2a05:d018:244:5200::ab, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is agxeg.lovechats.org.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 18th 2019. Valid for: 3 months.
This is the only time agxeg.lovechats.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 103.224.182.243 133618 (TRELLIAN-...)
1 4 103.224.182.206 133618 (TRELLIAN-...)
1 2 116.202.81.140 24940 (HETZNER-AS)
2 3 198.143.165.219 32475 (SINGLEHOP...)
1 205.147.93.131 393676 (ZENEDGE)
1 2 35.168.149.183 14618 (AMAZON-AES)
1 1 45.32.234.189 20473 (AS-CHOOPA)
1 2a05:d018:244... 16509 (AMAZON-02)
7 2.16.106.192 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2600:1f18:454... 14618 (AMAZON-AES)
21 11
Domain Requested by
7 cdn-aimi.akamaized.net agxeg.lovechats.org
4 bidr.trellian.com 1 redirects bidr.trellian.com
3 ads.traffichunt.com agxeg.lovechats.org
3 click.amazingtechsavings.xyz 2 redirects
2 getad.xyz yltenim.com
1 fonts.gstatic.com agxeg.lovechats.org
1 fonts.googleapis.com agxeg.lovechats.org
1 agxeg.lovechats.org getad.xyz
1 besweetlove.com 1 redirects
1 yltenim.com click.amazingtechsavings.xyz
1 secure.click2partner.com bidr.trellian.com
1 secure.clicktrkservices.com 1 redirects
1 dcapitalone.com 1 redirects
21 13

This site contains no links.

Subject Issuer Validity Valid
secure.click2partner.com
Let's Encrypt Authority X3
2020-02-08 -
2020-05-08
3 months crt.sh
click.amazingtechsavings.xyz
Let's Encrypt Authority X3
2020-01-15 -
2020-04-14
3 months crt.sh
yltenim.com
Let's Encrypt Authority X3
2020-02-21 -
2020-05-21
3 months crt.sh
*.lovechats.org
Let's Encrypt Authority X3
2019-12-18 -
2020-03-17
3 months crt.sh
a248.e.akamai.net
DigiCert Secure Site ECC CA-1
2019-08-13 -
2020-08-12
a year crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
*.google.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
*.traffichunt.com
Sectigo RSA Domain Validation Secure Server CA
2019-08-09 -
2020-08-18
a year crt.sh

This page contains 1 frames:

Primary Page: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Frame ID: 31CAFE7E66E030A2C099A2B848CB8331
Requests: 21 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://dcapitalone.com/ HTTP 302
    http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHA... Page URL
  2. http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrkservices.com%2Findex.php%3Fkey%3Dz6lzic... HTTP 302
    https://secure.clicktrkservices.com/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1919283807&sid=2020022900... HTTP 302
    https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campai... Page URL
  3. https://click.amazingtechsavings.xyz/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2... HTTP 302
    https://click.amazingtechsavings.xyz/?utm_term=6798486952417951865&clickverify=1 Page URL
  4. https://click.amazingtechsavings.xyz/proc.php?273c4792147c553c76fcb3087abfef75f9cbdcae HTTP 302
    https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_... Page URL
  5. http://getad.xyz/go/216668/456926 Page URL
  6. http://getad.xyz/ad/ad?p=216668&w=456926&t=fce3646c0bcc87e7&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmN... HTTP 303
    https://besweetlove.com/click.php?key=pdgjun0dncg2jnnfz6ce&clickid=76808791200&bid=0.00053&siteid=45... HTTP 302
    https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Debian/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

21
Requests

76 %
HTTPS

33 %
IPv6

13
Domains

13
Subdomains

11
IPs

6
Countries

1367 kB
Transfer

1512 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dcapitalone.com/ HTTP 302
    http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0rBrth8jWVqjT5gKsKJ9AxYU93%2FOKObxc8%2Fvb08WheBPOy5QRD4BlCUa2feZGKs6E7eIL1wd3F5rYjEA5%2Bmpp3fQGQtzFyFiK6Be2RxvMxn0vOyRo0O4nR9RSPDBBA2PqSlbiTKTlhWf6ZLs1VKotjL1PBPJZO9QBRlzlcZ4ZQnMHyOCjfKVswZ44jb1rKK1FfOg7ctuLLnxP2lUELEqMLY1W6VResC1qcdcP%2FX6pqhwfB9Ge1S5zOqVQWx9iTYvCwCcM865HV3t7aEg2XgsyjP9H4UYeMxD3tCDI2ihQnCaV0XGed3LY4m2XYz%2FwJQeYYZzUvp7sHaZEMW7VL9vHu%2BhEWyf4JHMksSbwqWU3%2BujhtqCKQWxdUkdFnIwHkN8%2FZ1WdX6ReKMwQK6bwbBCPs8X6byDSlw45OO80ud9N%2BxhoRBN6VGh%2Fz1IIAipi%2FDxl6JnDZDLvGOZL%2BuFFvhNDpz72s0VA8jGEQEcfcpArM%2FEd2QOJ%2B8EzoShQVMOlOg2MHbtkem19ht%2B0TsYvcexy6YXHEr5Wr9UhOxgiUVyQ3zMQMRiqiQ7VvVYuqdsiKJZoGxHZ31UYjVyEeSMZx87kPyk0%2FStyOrHVtVzGq5VOee3UibqsgMk0scFSUOdHOVmaLBz4aa2SRKOHnqnwtFWyrzQWUf2%2FtjW0Fv9VXa6EJxzffXD0462m58OKw%2Bj44BjPURH Page URL
  2. http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrkservices.com%2Findex.php%3Fkey%3Dz6lzicrucf3l6lfp558m%26cpv%3D0.005%26subid%3D1919283807%26sid%3D2020022900213001bd62d9b1c3ae1a25&s=j HTTP 302
    https://secure.clicktrkservices.com/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1919283807&sid=2020022900213001bd62d9b1c3ae1a25 HTTP 302
    https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc&url_bnm_redirect=https://click.amazingtechsavings.xyz/ Page URL
  3. https://click.amazingtechsavings.xyz/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc HTTP 302
    https://click.amazingtechsavings.xyz/?utm_term=6798486952417951865&clickverify=1 Page URL
  4. https://click.amazingtechsavings.xyz/proc.php?273c4792147c553c76fcb3087abfef75f9cbdcae HTTP 302
    https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6798486952417951865&ext1=240 Page URL
  5. http://getad.xyz/go/216668/456926 Page URL
  6. http://getad.xyz/ad/ad?p=216668&w=456926&t=fce3646c0bcc87e7&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmNvbSUyRg==&vw=1600&vh=1200 HTTP 303
    https://besweetlove.com/click.php?key=pdgjun0dncg2jnnfz6ce&clickid=76808791200&bid=0.00053&siteid=456926 HTTP 302
    https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://dcapitalone.com/ HTTP 302
  • http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0rBrth8jWVqjT5gKsKJ9AxYU93%2FOKObxc8%2Fvb08WheBPOy5QRD4BlCUa2feZGKs6E7eIL1wd3F5rYjEA5%2Bmpp3fQGQtzFyFiK6Be2RxvMxn0vOyRo0O4nR9RSPDBBA2PqSlbiTKTlhWf6ZLs1VKotjL1PBPJZO9QBRlzlcZ4ZQnMHyOCjfKVswZ44jb1rKK1FfOg7ctuLLnxP2lUELEqMLY1W6VResC1qcdcP%2FX6pqhwfB9Ge1S5zOqVQWx9iTYvCwCcM865HV3t7aEg2XgsyjP9H4UYeMxD3tCDI2ihQnCaV0XGed3LY4m2XYz%2FwJQeYYZzUvp7sHaZEMW7VL9vHu%2BhEWyf4JHMksSbwqWU3%2BujhtqCKQWxdUkdFnIwHkN8%2FZ1WdX6ReKMwQK6bwbBCPs8X6byDSlw45OO80ud9N%2BxhoRBN6VGh%2Fz1IIAipi%2FDxl6JnDZDLvGOZL%2BuFFvhNDpz72s0VA8jGEQEcfcpArM%2FEd2QOJ%2B8EzoShQVMOlOg2MHbtkem19ht%2B0TsYvcexy6YXHEr5Wr9UhOxgiUVyQ3zMQMRiqiQ7VvVYuqdsiKJZoGxHZ31UYjVyEeSMZx87kPyk0%2FStyOrHVtVzGq5VOee3UibqsgMk0scFSUOdHOVmaLBz4aa2SRKOHnqnwtFWyrzQWUf2%2FtjW0Fv9VXa6EJxzffXD0462m58OKw%2Bj44BjPURH
Request Chain 3
  • http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrkservices.com%2Findex.php%3Fkey%3Dz6lzicrucf3l6lfp558m%26cpv%3D0.005%26subid%3D1919283807%26sid%3D2020022900213001bd62d9b1c3ae1a25&s=j HTTP 302
  • https://secure.clicktrkservices.com/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1919283807&sid=2020022900213001bd62d9b1c3ae1a25 HTTP 302
  • https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc&url_bnm_redirect=https://click.amazingtechsavings.xyz/
Request Chain 4
  • https://click.amazingtechsavings.xyz/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc HTTP 302
  • https://click.amazingtechsavings.xyz/?utm_term=6798486952417951865&clickverify=1
Request Chain 5
  • https://click.amazingtechsavings.xyz/proc.php?273c4792147c553c76fcb3087abfef75f9cbdcae HTTP 302
  • https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6798486952417951865&ext1=240

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set r2.php
bidr.trellian.com/
Redirect Chain
  • http://dcapitalone.com/
  • http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0...
2 KB
2 KB
Document
General
Full URL
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0rBrth8jWVqjT5gKsKJ9AxYU93%2FOKObxc8%2Fvb08WheBPOy5QRD4BlCUa2feZGKs6E7eIL1wd3F5rYjEA5%2Bmpp3fQGQtzFyFiK6Be2RxvMxn0vOyRo0O4nR9RSPDBBA2PqSlbiTKTlhWf6ZLs1VKotjL1PBPJZO9QBRlzlcZ4ZQnMHyOCjfKVswZ44jb1rKK1FfOg7ctuLLnxP2lUELEqMLY1W6VResC1qcdcP%2FX6pqhwfB9Ge1S5zOqVQWx9iTYvCwCcM865HV3t7aEg2XgsyjP9H4UYeMxD3tCDI2ihQnCaV0XGed3LY4m2XYz%2FwJQeYYZzUvp7sHaZEMW7VL9vHu%2BhEWyf4JHMksSbwqWU3%2BujhtqCKQWxdUkdFnIwHkN8%2FZ1WdX6ReKMwQK6bwbBCPs8X6byDSlw45OO80ud9N%2BxhoRBN6VGh%2Fz1IIAipi%2FDxl6JnDZDLvGOZL%2BuFFvhNDpz72s0VA8jGEQEcfcpArM%2FEd2QOJ%2B8EzoShQVMOlOg2MHbtkem19ht%2B0TsYvcexy6YXHEr5Wr9UhOxgiUVyQ3zMQMRiqiQ7VvVYuqdsiKJZoGxHZ31UYjVyEeSMZx87kPyk0%2FStyOrHVtVzGq5VOee3UibqsgMk0scFSUOdHOVmaLBz4aa2SRKOHnqnwtFWyrzQWUf2%2FtjW0Fv9VXa6EJxzffXD0462m58OKw%2Bj44BjPURH
Protocol
HTTP/1.1
Server
103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
bidr.trellian.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
b5cb599656717546f2f976f1c75368abf7b243b8508a75d2153581183d08071f

Request headers

Host
bidr.trellian.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 13:21:31 GMT
Server
Apache/2.4.25 (Debian)
Set-Cookie
__dsnsid=2020022900213001bd62d9b1c3ae1a25; expires=Sat, 27-Feb-2021 13:21:31 GMT; Max-Age=31536000; path=/; domain=bidr.trellian.com
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1241
Connection
close
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Fri, 28 Feb 2020 13:21:30 GMT
Server
Apache/2.4.25 (Debian)
Set-Cookie
__tad=1582896090.1569141; expires=Mon, 25-Feb-2030 13:21:30 GMT; Max-Age=315360000
Location
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0rBrth8jWVqjT5gKsKJ9AxYU93%2FOKObxc8%2Fvb08WheBPOy5QRD4BlCUa2feZGKs6E7eIL1wd3F5rYjEA5%2Bmpp3fQGQtzFyFiK6Be2RxvMxn0vOyRo0O4nR9RSPDBBA2PqSlbiTKTlhWf6ZLs1VKotjL1PBPJZO9QBRlzlcZ4ZQnMHyOCjfKVswZ44jb1rKK1FfOg7ctuLLnxP2lUELEqMLY1W6VResC1qcdcP%2FX6pqhwfB9Ge1S5zOqVQWx9iTYvCwCcM865HV3t7aEg2XgsyjP9H4UYeMxD3tCDI2ihQnCaV0XGed3LY4m2XYz%2FwJQeYYZzUvp7sHaZEMW7VL9vHu%2BhEWyf4JHMksSbwqWU3%2BujhtqCKQWxdUkdFnIwHkN8%2FZ1WdX6ReKMwQK6bwbBCPs8X6byDSlw45OO80ud9N%2BxhoRBN6VGh%2Fz1IIAipi%2FDxl6JnDZDLvGOZL%2BuFFvhNDpz72s0VA8jGEQEcfcpArM%2FEd2QOJ%2B8EzoShQVMOlOg2MHbtkem19ht%2B0TsYvcexy6YXHEr5Wr9UhOxgiUVyQ3zMQMRiqiQ7VvVYuqdsiKJZoGxHZ31UYjVyEeSMZx87kPyk0%2FStyOrHVtVzGq5VOee3UibqsgMk0scFSUOdHOVmaLBz4aa2SRKOHnqnwtFWyrzQWUf2%2FtjW0Fv9VXa6EJxzffXD0462m58OKw%2Bj44BjPURH
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
jscheck.js
bidr.trellian.com/javascript/
858 B
701 B
Script
General
Full URL
http://bidr.trellian.com/javascript/jscheck.js
Requested by
Host: bidr.trellian.com
URL: http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0rBrth8jWVqjT5gKsKJ9AxYU93%2FOKObxc8%2Fvb08WheBPOy5QRD4BlCUa2feZGKs6E7eIL1wd3F5rYjEA5%2Bmpp3fQGQtzFyFiK6Be2RxvMxn0vOyRo0O4nR9RSPDBBA2PqSlbiTKTlhWf6ZLs1VKotjL1PBPJZO9QBRlzlcZ4ZQnMHyOCjfKVswZ44jb1rKK1FfOg7ctuLLnxP2lUELEqMLY1W6VResC1qcdcP%2FX6pqhwfB9Ge1S5zOqVQWx9iTYvCwCcM865HV3t7aEg2XgsyjP9H4UYeMxD3tCDI2ihQnCaV0XGed3LY4m2XYz%2FwJQeYYZzUvp7sHaZEMW7VL9vHu%2BhEWyf4JHMksSbwqWU3%2BujhtqCKQWxdUkdFnIwHkN8%2FZ1WdX6ReKMwQK6bwbBCPs8X6byDSlw45OO80ud9N%2BxhoRBN6VGh%2Fz1IIAipi%2FDxl6JnDZDLvGOZL%2BuFFvhNDpz72s0VA8jGEQEcfcpArM%2FEd2QOJ%2B8EzoShQVMOlOg2MHbtkem19ht%2B0TsYvcexy6YXHEr5Wr9UhOxgiUVyQ3zMQMRiqiQ7VvVYuqdsiKJZoGxHZ31UYjVyEeSMZx87kPyk0%2FStyOrHVtVzGq5VOee3UibqsgMk0scFSUOdHOVmaLBz4aa2SRKOHnqnwtFWyrzQWUf2%2FtjW0Fv9VXa6EJxzffXD0462m58OKw%2Bj44BjPURH
Protocol
HTTP/1.1
Server
103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
bidr.trellian.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
0766f527fcf931c99f93825401ea5d39f6cfe63b56bfd1050f9d1689a8266ab4

Request headers

Referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0rBrth8jWVqjT5gKsKJ9AxYU93%2FOKObxc8%2Fvb08WheBPOy5QRD4BlCUa2feZGKs6E7eIL1wd3F5rYjEA5%2Bmpp3fQGQtzFyFiK6Be2RxvMxn0vOyRo0O4nR9RSPDBBA2PqSlbiTKTlhWf6ZLs1VKotjL1PBPJZO9QBRlzlcZ4ZQnMHyOCjfKVswZ44jb1rKK1FfOg7ctuLLnxP2lUELEqMLY1W6VResC1qcdcP%2FX6pqhwfB9Ge1S5zOqVQWx9iTYvCwCcM865HV3t7aEg2XgsyjP9H4UYeMxD3tCDI2ihQnCaV0XGed3LY4m2XYz%2FwJQeYYZzUvp7sHaZEMW7VL9vHu%2BhEWyf4JHMksSbwqWU3%2BujhtqCKQWxdUkdFnIwHkN8%2FZ1WdX6ReKMwQK6bwbBCPs8X6byDSlw45OO80ud9N%2BxhoRBN6VGh%2Fz1IIAipi%2FDxl6JnDZDLvGOZL%2BuFFvhNDpz72s0VA8jGEQEcfcpArM%2FEd2QOJ%2B8EzoShQVMOlOg2MHbtkem19ht%2B0TsYvcexy6YXHEr5Wr9UhOxgiUVyQ3zMQMRiqiQ7VvVYuqdsiKJZoGxHZ31UYjVyEeSMZx87kPyk0%2FStyOrHVtVzGq5VOee3UibqsgMk0scFSUOdHOVmaLBz4aa2SRKOHnqnwtFWyrzQWUf2%2FtjW0Fv9VXa6EJxzffXD0462m58OKw%2Bj44BjPURH
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 13:21:31 GMT
Content-Encoding
gzip
Last-Modified
Wed, 12 Dec 2018 05:53:30 GMT
Server
Apache/2.4.25 (Debian)
ETag
"35a-57cccd155b974-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
388
jscheck.php
bidr.trellian.com/
0
166 B
XHR
General
Full URL
http://bidr.trellian.com/jscheck.php?enc=cF8L0S4UvzZFbF2sJTBoT0csGBK3ku1D%2F6ikQQO7yYpxC%2FoWJf7DBoeaT4cw4qtvYqiEoqJonLBnZMEAyOSY2e7L99kppaP%2FfJkN0YFUMP4bcahhezRjzW83YPdqAAFKrjsfiwfuWmkVzkFxzRqRIQGRaUFWpzkDSpk6OWejuAYTyyExaomWhUPp2xxNyCYQLoIxYETHLE4o5WR8DjonmSoRsYNHbIOFAXTMlZxqjSx8IbJoeqGM1gLbOsbJe6%2BzPvAh%2BCJMHPGt9KTvyl8pnkAGXcy5wkiLaEKJS2v8xmKmaLuDory1LUnbLBYmz%2BPdxLX8H%2BgPbmcHB%2BgGaYVXirWSjKP8bSfP7l9IHFDhI30CDhvUtpAq660pEQrCPuv2FsD%2F10ECO8IByiFLRI%2FaCh5ZcGZrTWKrzfoi7a8GRtLZj8UFsQMdIwWEUBQJxxihZojic5rcOrGg7rs3yQCgDQqPRQgFVx13PwM4yY8MziEV9gAiBLsY%2F9bbU12hd2gHxlSrUGy%2BQ0iyxOSqapePel%2FMW3x3syN%2FZy4elr1ZgOdbzqQRsdbbaeUzCRt96oMuTtoo8d2jnoJdOb%2F4ehqtZSR%2BoJr3JiQBPUFALVKi4uX%2FjhITmzErEebOyJavD8y57Mxsq3YC2PAnyGO3swzJjOAjKuj1sQsevedrkK9ruIcHggmxemvTMcMSrLTh%2F0cb%2BQF4p0C5rZ7wEQfkf03v7OgYuIa1piwbytbClWQhSKUZ%2BDiAjqmikGe%2B7UGOXafj4UgWJv9kmI9DQJGHvxR5laNIxQkCHHltDK49oIBJmNrG3XnpxFQABZV9vp7CRpkpkfNVc44olNxxM3osUKj2fo%2Fd4qfUy%2ByB%2B%2Ffogp79144jcEXkrB6IY9QCig%2FZPae9efRIUxu%2FwTqNdaJfjOeRoP5wEbQyjiFpauGtsHqxHZeiocDAIyXoeJSGESacGjHb5xDOXma5D8I%3D&rand=0.17435914755659643
Requested by
Host: bidr.trellian.com
URL: http://bidr.trellian.com/javascript/jscheck.js
Protocol
HTTP/1.1
Server
103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
bidr.trellian.com
Software
Apache/2.4.25 (Debian) /
Resource Hash

Request headers

Referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0rBrth8jWVqjT5gKsKJ9AxYU93%2FOKObxc8%2Fvb08WheBPOy5QRD4BlCUa2feZGKs6E7eIL1wd3F5rYjEA5%2Bmpp3fQGQtzFyFiK6Be2RxvMxn0vOyRo0O4nR9RSPDBBA2PqSlbiTKTlhWf6ZLs1VKotjL1PBPJZO9QBRlzlcZ4ZQnMHyOCjfKVswZ44jb1rKK1FfOg7ctuLLnxP2lUELEqMLY1W6VResC1qcdcP%2FX6pqhwfB9Ge1S5zOqVQWx9iTYvCwCcM865HV3t7aEg2XgsyjP9H4UYeMxD3tCDI2ihQnCaV0XGed3LY4m2XYz%2FwJQeYYZzUvp7sHaZEMW7VL9vHu%2BhEWyf4JHMksSbwqWU3%2BujhtqCKQWxdUkdFnIwHkN8%2FZ1WdX6ReKMwQK6bwbBCPs8X6byDSlw45OO80ud9N%2BxhoRBN6VGh%2Fz1IIAipi%2FDxl6JnDZDLvGOZL%2BuFFvhNDpz72s0VA8jGEQEcfcpArM%2FEd2QOJ%2B8EzoShQVMOlOg2MHbtkem19ht%2B0TsYvcexy6YXHEr5Wr9UhOxgiUVyQ3zMQMRiqiQ7VvVYuqdsiKJZoGxHZ31UYjVyEeSMZx87kPyk0%2FStyOrHVtVzGq5VOee3UibqsgMk0scFSUOdHOVmaLBz4aa2SRKOHnqnwtFWyrzQWUf2%2FtjW0Fv9VXa6EJxzffXD0462m58OKw%2Bj44BjPURH
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 28 Feb 2020 13:21:32 GMT
Server
Apache/2.4.25 (Debian)
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
index.php
secure.click2partner.com/nlp/
Redirect Chain
  • http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrkservices.com%2Findex.php%3Fkey%3Dz6lzicrucf3l6lfp558m%26cpv%3D0.005%26subid%3D1919283807%26sid%3D2020022900213001bd62d9b1c3ae1a25&s=j
  • https://secure.clicktrkservices.com/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1919283807&sid=2020022900213001bd62d9b1c3ae1a25
  • https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc&url_bnm_redirect=https://click.amazingtechsavings.xyz/
179 B
296 B
Document
General
Full URL
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc&url_bnm_redirect=https://click.amazingtechsavings.xyz/
Requested by
Host: bidr.trellian.com
URL: http://bidr.trellian.com/javascript/jscheck.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
116.202.81.140 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.140.81.202.116.clients.your-server.de
Software
nginx/1.16.1 /
Resource Hash
28fc8ba73f066dd013dbd0fc94fcb18eb6a0f6625297a9d383cc7dead0ce5c55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
secure.click2partner.com
:scheme
https
:path
/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc&url_bnm_redirect=https://click.amazingtechsavings.xyz/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0rBrth8jWVqjT5gKsKJ9AxYU93%2FOKObxc8%2Fvb08WheBPOy5QRD4BlCUa2feZGKs6E7eIL1wd3F5rYjEA5%2Bmpp3fQGQtzFyFiK6Be2RxvMxn0vOyRo0O4nR9RSPDBBA2PqSlbiTKTlhWf6ZLs1VKotjL1PBPJZO9QBRlzlcZ4ZQnMHyOCjfKVswZ44jb1rKK1FfOg7ctuLLnxP2lUELEqMLY1W6VResC1qcdcP%2FX6pqhwfB9Ge1S5zOqVQWx9iTYvCwCcM865HV3t7aEg2XgsyjP9H4UYeMxD3tCDI2ihQnCaV0XGed3LY4m2XYz%2FwJQeYYZzUvp7sHaZEMW7VL9vHu%2BhEWyf4JHMksSbwqWU3%2BujhtqCKQWxdUkdFnIwHkN8%2FZ1WdX6ReKMwQK6bwbBCPs8X6byDSlw45OO80ud9N%2BxhoRBN6VGh%2Fz1IIAipi%2FDxl6JnDZDLvGOZL%2BuFFvhNDpz72s0VA8jGEQEcfcpArM%2FEd2QOJ%2B8EzoShQVMOlOg2MHbtkem19ht%2B0TsYvcexy6YXHEr5Wr9UhOxgiUVyQ3zMQMRiqiQ7VvVYuqdsiKJZoGxHZ31UYjVyEeSMZx87kPyk0%2FStyOrHVtVzGq5VOee3UibqsgMk0scFSUOdHOVmaLBz4aa2SRKOHnqnwtFWyrzQWUf2%2FtjW0Fv9VXa6EJxzffXD0462m58OKw%2Bj44BjPURH
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yJWvf68bZnA5q9JYwuHttp7O6ZfR0cuFD4VKtp1hvRKcYHAmq7HtGAdlKS6tu1GUpuhikzrM7Fa0n8GT0%2BW%2FW3eJ9PvwR2ob1Vy55pPQwGzhfTp4W0GDyxDxYfc%2BXD0kcHHuA3WF0rBrth8jWVqjT5gKsKJ9AxYU93%2FOKObxc8%2Fvb08WheBPOy5QRD4BlCUa2feZGKs6E7eIL1wd3F5rYjEA5%2Bmpp3fQGQtzFyFiK6Be2RxvMxn0vOyRo0O4nR9RSPDBBA2PqSlbiTKTlhWf6ZLs1VKotjL1PBPJZO9QBRlzlcZ4ZQnMHyOCjfKVswZ44jb1rKK1FfOg7ctuLLnxP2lUELEqMLY1W6VResC1qcdcP%2FX6pqhwfB9Ge1S5zOqVQWx9iTYvCwCcM865HV3t7aEg2XgsyjP9H4UYeMxD3tCDI2ihQnCaV0XGed3LY4m2XYz%2FwJQeYYZzUvp7sHaZEMW7VL9vHu%2BhEWyf4JHMksSbwqWU3%2BujhtqCKQWxdUkdFnIwHkN8%2FZ1WdX6ReKMwQK6bwbBCPs8X6byDSlw45OO80ud9N%2BxhoRBN6VGh%2Fz1IIAipi%2FDxl6JnDZDLvGOZL%2BuFFvhNDpz72s0VA8jGEQEcfcpArM%2FEd2QOJ%2B8EzoShQVMOlOg2MHbtkem19ht%2B0TsYvcexy6YXHEr5Wr9UhOxgiUVyQ3zMQMRiqiQ7VvVYuqdsiKJZoGxHZ31UYjVyEeSMZx87kPyk0%2FStyOrHVtVzGq5VOee3UibqsgMk0scFSUOdHOVmaLBz4aa2SRKOHnqnwtFWyrzQWUf2%2FtjW0Fv9VXa6EJxzffXD0462m58OKw%2Bj44BjPURH

Response headers

status
200
server
nginx/1.16.1
date
Fri, 28 Feb 2020 13:21:32 GMT
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=31536000
content-encoding
gzip

Redirect headers

status
302
server
nginx/1.16.1
date
Fri, 28 Feb 2020 13:21:32 GMT
content-type
text/html; charset=UTF-8
location
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc&url_bnm_redirect=https://click.amazingtechsavings.xyz/
set-cookie
uclick=irmyhee8; expires=Sat, 29-Feb-2020 13:21:32 GMT; Max-Age=86400; path=/
strict-transport-security
max-age=31536000
/
click.amazingtechsavings.xyz/
Redirect Chain
  • https://click.amazingtechsavings.xyz/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc
  • https://click.amazingtechsavings.xyz/?utm_term=6798486952417951865&clickverify=1
5 KB
2 KB
Document
General
Full URL
https://click.amazingtechsavings.xyz/?utm_term=6798486952417951865&clickverify=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.219 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.3.4
Resource Hash
fc84bf16dce1ed2525d1f0ab1cd6416c09362ab102c33cc0e24b915b3fae8ba1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
click.amazingtechsavings.xyz
:scheme
https
:path
/?utm_term=6798486952417951865&clickverify=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc&url_bnm_redirect=https://click.amazingtechsavings.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
u=637c122df7ceda5a86c6b15fb37cdced
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=daddairmyhee84dc&url_bnm_redirect=https://click.amazingtechsavings.xyz/

Response headers

status
200
server
nginx
date
Fri, 28 Feb 2020 13:21:33 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip

Redirect headers

status
302
server
nginx
date
Fri, 28 Feb 2020 13:21:33 GMT
content-type
text/html; charset=UTF-8
location
https://click.amazingtechsavings.xyz/?utm_term=6798486952417951865&clickverify=1
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=637c122df7ceda5a86c6b15fb37cdced; expires=Sat, 27-Feb-2021 13:21:33 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m
yltenim.com/nh4ea/ciqM/fC6c/
Redirect Chain
  • https://click.amazingtechsavings.xyz/proc.php?273c4792147c553c76fcb3087abfef75f9cbdcae
  • https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6798486952417951865&ext1=240
4 KB
4 KB
Document
General
Full URL
https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6798486952417951865&ext1=240
Requested by
Host: click.amazingtechsavings.xyz
URL: https://click.amazingtechsavings.xyz/?utm_term=6798486952417951865&clickverify=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.147.93.131 , United States, ASN393676 (ZENEDGE, US),
Reverse DNS
Software
ZENEDGE /
Resource Hash
3f55cceb94344229dfb35de1786d50b34873ad1e806beae1a03095a35d0e8215
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

:method
GET
:authority
yltenim.com
:scheme
https
:path
/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6798486952417951865&ext1=240
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://click.amazingtechsavings.xyz/?utm_term=6798486952417951865&clickverify=1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://click.amazingtechsavings.xyz/?utm_term=6798486952417951865&clickverify=1#

Response headers

status
200
content-type
text/html;charset=utf-8
expires
Sat, 26 Jul 1997 05:00:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
date
Fri, 28 Feb 2020 13:21:33 GMT
content-encoding
gzip
vary
Accept-Encoding Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0
x-cache-status
NOTCACHED
x-zen-fury
06a5f858f217d50f6795985e115098b233a03a92
set-cookie
TR7A3jMiISYwstsFmTB2nnIHQbldWUy4oIejVz55dlg%3D=cc8912c9e1e77daae2ba11722ebd183e_1582896093.4836; domain=yltenim.com; path=/; expires=Mon, 25-Feb-2030 13:21:33 UTC; Secure b5lq9eygwZllzl4luI4VBgQgNE5fCh5dQrQRotUx370%3D=1582896093.4863; domain=yltenim.com; path=/; expires=Mon, 25-Feb-2030 13:21:33 UTC; Secure vHgNpuORtFmyejMz%2Fu4SCq%2BJuUygP9Fo7yvtcHxZqjM%3D=WHlvZ1RKeTY5eW1UQkpKSmh1Sjl3ZmlDNU5SWndES2VMVU00U1A4U3ByRGZ1T040ZWt3NmFuODl5eTVWYlJvdA%3D%3D; domain=yltenim.com; path=/; expires=Mon, 25-Feb-2030 13:21:33 UTC; Secure cc8912c9e1e77daae2ba11722ebd183e_1582896093.4836_ck=ck1JbktjM2d5ZHdqZ0pMbmNTTC83bDFxSmdQaVRNRkJMVEpDZ01Cclk0UElIdkt6dGhLZjhqdjJ3bjFPUWl5VUVqaGJEVVZTNnhGb0owem54OTFpRkxxa3BtakJtSmFIQWdoZ3NDY0YwL05HbnE0Q01ObnViaXk5NFZHRmtMY0pNc3dWeXVRaHIxeXQ2cG85QjZBVmdTNXBtM1BqVWgrOVZQbjJMN3c3YVdLOE0rdnVMck9MejkyVW1nU1k4bnFHYmIxQmRHRGZsWlB1ZzlWVXM1SklZRlpKOFhHRDFqWFdDWVQ1aU5CeDVZSzdScjhBNjI5anhMUkxQZXpaZkprQkdHSUxqT2VQU1hUU0UwSitQbVJyVW9sNnlQeXJJUDBNOW04emwrVCt5aXVjQWtVQ01jdzVrTm9IaWpJakJOUHVKcjVBM0JZcHJhSnZiVmZMU2wwRDhYOE5aNExqQTByUnhTWVgvbERaWXZhQm1lcUU1ellqNkFyY1RCbS83aXVZZXdWanNCNXFwTXFyRWpqYTdzTytwa2l0NnQ4NnFMWXE5VU9QVXdTaHBzanN0Zjg3U2dxL2szQkNhNVBNak1kdU40Y2t2cXhMN2RzUmo4SzIwSnZvRkwzTkVMTW8zeVRHbVdzUVQ5L3lScW9lVXFnZURLdkZjWmJUd3Z5WGdQSU5lZFdUV3ZZOGh2WnU2NmwvbGdYa1QzMzQwQUlCeUVkYSs3eG9aelBNbFNVUHcwNXhPZmgzWUVvcDlZczNGRnl5ckE0N2ZDRjRaZ0tqY1hCSTVFVlhyRnJJR0kvczEyK1YwNnpGNXlMV3hvWDdjU1RxaVBjSk1WNGJGUTVjOTBuVmI1TVhDeXl5TkNpS2I5eFlpamxuQ0dHSm9mQ1piUm45ODNtQUQweFRVbDJrS2RObTlpRGR5cy9KRExZR2EyZmIzaUIzdDNkamlOSDd5bEphdjFXZTg1ZFlHNlUzdTZGcE5SQ0NFL2FuNjV0TGlGdHFVSVVVUlMyL1l5VTVVMklmanZnUlhicVV0K2NrMXZmMHY1S2w5bUVuQXh4T2h3OUZ0clZEL1JBZ1l3Nk5RZlBTZSt4b1dxbC9BR2RWc3hwcDlBSDdnRFBVbGtiVTlmY0ozb0J6REdmc1ZDQzh1Qmh1WFM1WkhPL2lXVkhVZlZIZnc3Q3EycHBkTCtrNWEvZmduVjN3a29rS05JWnIzSU1IV2IwdlI4RFJLWkZwd2x5VHJXNWM1NEtwWDNRTkNYSUFYUXl1cTZwb3YrSlI3cG1LbVFUTkRJcWJMZ3YxOEVXWWpjaFd2eHBOZ0NValF3dVhaUjdLU0RGWmhUT25uOFl2N0RLZE85TVFJMGpPSnI2cA%3D%3D; domain=yltenim.com; path=/; expires=Mon, 25-Feb-2030 13:21:33 UTC; Secure f%2BNxABd9BuS%2BD6mZ%2FBtNNoR%2BezmypWHgySeOvF3EM0s%3D=S0ppMjNOMFphMENqNktoOExPdEs5MkYzdktTZ2Nmekp6Y1YzT0MvcENrMlVzcEw3SFh3aTRoQ2JDTFZnWGpqV2pWMHpjeDgwdHJuUTN0VjJTMzB2RUdmcTJyZitiOE1yRXFYZ3RjaEtRVmc9; domain=yltenim.com; path=/; expires=Fri, 28-Feb-2020 14:26:33 UTC; Secure SERVERID=sfc40; path=/
server
ZENEDGE
x-cdn
Served-By-Zenedge

Redirect headers

status
302
server
nginx
date
Fri, 28 Feb 2020 13:21:33 GMT
content-type
text/html; charset=UTF-8
location
https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6798486952417951865&ext1=240
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
456926
getad.xyz/go/216668/
0
0

456926
getad.xyz/go/216668/
466 B
516 B
Document
General
Full URL
http://getad.xyz/go/216668/456926
Requested by
Host: yltenim.com
URL: https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6798486952417951865&ext1=240
Protocol
HTTP/1.1
Server
35.168.149.183 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-168-149-183.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c7bc68b63fd8a5c3ddd213a221c4b91e72af631bd1bc94a0c01e27901f678eb5

Request headers

Host
getad.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
https://yltenim.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://yltenim.com/

Response headers

Date
Fri, 28 Feb 2020 13:21:34 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx
Vary
Accept-Encoding
Content-Encoding
gzip
Primary Request c44213fa2bf7a303
agxeg.lovechats.org/c/
Redirect Chain
  • http://getad.xyz/ad/ad?p=216668&w=456926&t=fce3646c0bcc87e7&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmNvbSUyRg==&vw=1600&vh=1200
  • https://besweetlove.com/click.php?key=pdgjun0dncg2jnnfz6ce&clickid=76808791200&bid=0.00053&siteid=456926
  • https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
7 KB
3 KB
Document
General
Full URL
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Requested by
Host: getad.xyz
URL: http://getad.xyz/go/216668/456926
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:244:5200::ab Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e995207b3707f6c7314e208ac7cd8ffc3b6da917e40eb8dc7aae738ca42adfc0

Request headers

:method
GET
:authority
agxeg.lovechats.org
:scheme
https
:path
/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
http://getad.xyz/go/216668/456926
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://getad.xyz/go/216668/456926

Response headers

status
200
server
nginx
date
Fri, 28 Feb 2020 13:21:34 GMT
content-type
text/html; charset=UTF-8
set-cookie
unique_2702767=unique_2702767; expires=Sat, 29-Feb-2020 13:21:34 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5e5240853af04187753300; expires=Sat, 29-Feb-2020 13:21:34 GMT; Max-Age=86400; path=/; HttpOnly unique_2702767=unique_2702767; expires=Sat, 29-Feb-2020 13:21:34 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5e5240853af04187753300; expires=Sat, 29-Feb-2020 13:21:34 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=125259_21203_88504; expires=Sun, 29-Mar-2020 13:21:34 GMT; Max-Age=2592000; path=/; HttpOnly unique_2702767=unique_2702767; expires=Sat, 29-Feb-2020 13:21:34 GMT; Max-Age=86400; path=/; HttpOnly unique_id=5e5240853af04187753300; expires=Sat, 29-Feb-2020 13:21:34 GMT; Max-Age=86400; path=/; HttpOnly scriptHash=125259_21203_88504; expires=Sun, 29-Mar-2020 13:21:34 GMT; Max-Age=2592000; path=/; HttpOnly
content-encoding
gzip

Redirect headers

status
302
server
nginx/1.16.1
date
Fri, 28 Feb 2020 13:21:34 GMT
content-type
text/html; charset=UTF-8
location
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
set-cookie
uclick=j2g6ktdz; expires=Sat, 29-Feb-2020 13:21:34 GMT; Max-Age=86400; path=/
strict-transport-security
max-age=31536000
main.css
cdn-aimi.akamaized.net/landings/182468/1582118895/css/
9 KB
2 KB
Stylesheet
General
Full URL
https://cdn-aimi.akamaized.net/landings/182468/1582118895/css/main.css?1582118895
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.106.192 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-106-192.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e61a0986081cc47317ba0b1dcd059abf4886d974621258cee3a45d2405fe774a

Request headers

Referer
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 28 Feb 2020 13:21:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Feb 2020 13:28:18 GMT
Server
AmazonS3
x-amz-request-id
1226AA3E2F745004
ETag
"eb8bff4bedebbb31a9741c45d78fb972"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Alt-Svc
quic=":443"; v="44,43,39,46"; ma=93600
Content-Length
2058
x-amz-id-2
aoV4lrKAwMyN6zHZLKUzdquKeAYoQflWmJUCNFa5CRfW+7h5ouYxvXMSyu0d1GiEUIW+oNDkUec=
jquery.min.js
cdn-aimi.akamaized.net/landings/182468/1582118895/js/
84 KB
30 KB
Script
General
Full URL
https://cdn-aimi.akamaized.net/landings/182468/1582118895/js/jquery.min.js?1582118895
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.106.192 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-106-192.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 28 Feb 2020 13:21:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Feb 2020 13:28:18 GMT
Server
AmazonS3
x-amz-request-id
6848C41CB165CB7B
ETag
"2f6b11a7e914718e0290410e85366fe9"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Alt-Svc
quic=":443"; v="44,43,39,46"; ma=93600
Content-Length
29855
x-amz-id-2
sILopMto8g4a+pDu3SSTf4lQRaI3K767j/8MbHXNWPmKEBJOPxm5YPlN8hKlL47KQ6bvyk6hkeI=
jquery.validate.min.js
cdn-aimi.akamaized.net/landings/182468/1582118895/js/
24 KB
8 KB
Script
General
Full URL
https://cdn-aimi.akamaized.net/landings/182468/1582118895/js/jquery.validate.min.js?1582118895
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.106.192 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-106-192.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
6eefc13f4d9832e74173dea423bca495ceb7f4cbb888a19434d71a9bc0f69cb7

Request headers

Referer
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 28 Feb 2020 13:21:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Feb 2020 13:28:18 GMT
Server
AmazonS3
x-amz-request-id
5C89DCD80F703544
ETag
"23d73c6bd6cbea8f06d0cc227896a827"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Alt-Svc
quic=":443"; v="44,43,39,46"; ma=93600
Content-Length
7815
x-amz-id-2
5WQb1WQPxjEPPGZhiZVjDtRTRIYe1i9ckRhlkGhGyZZoL030sDBtmyj9NMec+AEUSQkvZaf3PVI=
translates.js
cdn-aimi.akamaized.net/landings/182468/1582118895/js/
61 KB
18 KB
Script
General
Full URL
https://cdn-aimi.akamaized.net/landings/182468/1582118895/js/translates.js?1582118895
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.106.192 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-106-192.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7bcebe0770f567353b327f616906376b005034c5a636937db52b9bfd3d7e579a

Request headers

Referer
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 28 Feb 2020 13:21:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Feb 2020 13:28:18 GMT
Server
AmazonS3
x-amz-request-id
58E5BF09CE7A79E0
ETag
"6ff8e317c748b69b1db5d327e0745dca"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Alt-Svc
quic=":443"; v="44,43,39,46"; ma=93600
Content-Length
18237
x-amz-id-2
5djl/Pegdo2iaCDekODQ8r5B66c+vo/Vec3D7rZBX2rI08u8+80Wkb4zEYhQhdAJO0xWd7/lJ8s=
messages.js
cdn-aimi.akamaized.net/landings/182468/1582118895/js/
17 KB
6 KB
Script
General
Full URL
https://cdn-aimi.akamaized.net/landings/182468/1582118895/js/messages.js?1582118895
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.106.192 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-106-192.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
ccab67814770bb93678a8ba75cacb0f15f3b01ad181e632732964feaee33d000

Request headers

Referer
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 28 Feb 2020 13:21:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Feb 2020 13:28:18 GMT
Server
AmazonS3
x-amz-request-id
CA7A22E3FED2BCF1
ETag
"c4837bce113f15c0984898b3720641eb"
Vary
Accept-Encoding
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Alt-Svc
quic=":443"; v="44,43,39,46"; ma=93600
Content-Length
5157
x-amz-id-2
GYq3EVh5qfziRxVZL5sLA3Kwby+G3LndmW+yGmWSK4RfeJEjZ+1fVYA+Aaej0xwlVQbwWOCYTu4=
css
fonts.googleapis.com/
8 KB
838 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Montserrat:400,500,600,700&display=swap
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
96be2ac71897aa8677e8b3d408c487f856ed2a3a9e2f294d6e252c7f71b3cc95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 13:21:35 GMT
server
ESF
date
Fri, 28 Feb 2020 13:21:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 28 Feb 2020 13:21:35 GMT
1.jpeg
cdn-aimi.akamaized.net/landings/182468/1582118895/images/
620 KB
620 KB
Image
General
Full URL
https://cdn-aimi.akamaized.net/landings/182468/1582118895/images/1.jpeg
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.106.192 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-106-192.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a51f5864488b232f84f164b20c0ec0e831a52f476b6a45ef4790e2045cd398ee

Request headers

Referer
https://cdn-aimi.akamaized.net/landings/182468/1582118895/css/main.css?1582118895
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 28 Feb 2020 13:21:35 GMT
Last-Modified
Wed, 19 Feb 2020 13:28:17 GMT
Server
AmazonS3
x-amz-request-id
B454BB2462EE7920
ETag
"594ae7a43794a976759f28efe9a3ad93"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Alt-Svc
quic=":443"; v="44,43,39,46"; ma=93600
Content-Length
634896
x-amz-id-2
YeFkkEjk6LyUpl431c97skPHATl6HEikSKn3Z8FHlMABNpybeze/w41Y3ur+JE8CYxHM8gUAitM=
2.jpeg
cdn-aimi.akamaized.net/landings/182468/1582118895/images/
655 KB
656 KB
Image
General
Full URL
https://cdn-aimi.akamaized.net/landings/182468/1582118895/images/2.jpeg
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.106.192 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-106-192.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f6fb0299840e4bdb05d7fa4447b794807e5dd8730146d255c28f5b0f18b96f44

Request headers

Referer
https://cdn-aimi.akamaized.net/landings/182468/1582118895/css/main.css?1582118895
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 28 Feb 2020 13:21:35 GMT
Last-Modified
Wed, 19 Feb 2020 13:28:17 GMT
Server
AmazonS3
x-amz-request-id
0CE90351C0D1F5D5
ETag
"3fcebf2dcedf9d605c9b29e43645c885"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Alt-Svc
quic=":443"; v="44,43,39,46"; ma=93600
Content-Length
671015
x-amz-id-2
gSUcLBONKlT0OsD7WXEGibj6HWjG6H73z0WVNJSMwPmzgu3MFL9Cj8yEzmgmLMms9fvsRIiZ2GE=
JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v14/
13 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Montserrat:400,500,600,700&display=swap
Origin
https://agxeg.lovechats.org
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 03 Feb 2020 23:17:21 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:46:48 GMT
server
sffe
age
2124254
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
13708
x-xss-protection
0
expires
Tue, 02 Feb 2021 23:17:21 GMT
check
ads.traffichunt.com/profile/
20 B
194 B
Script
General
Full URL
https://ads.traffichunt.com/profile/check?pid=TH&pxl=206
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:454c:f510:aac4:1a2d:3bb9:a21e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
5e0431e5c906bfa9c9a9aa40598b628aa6bf4a87de86a002930ea27bda013295

Request headers

Referer
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

status
200
date
Fri, 28 Feb 2020 13:21:35 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
content-type
application/javascript;charset=ISO-8859-1
check
ads.traffichunt.com/profile/
20 B
194 B
Script
General
Full URL
https://ads.traffichunt.com/profile/check?pid=TH&pxl=247
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:454c:f510:aac4:1a2d:3bb9:a21e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
5e0431e5c906bfa9c9a9aa40598b628aa6bf4a87de86a002930ea27bda013295

Request headers

Referer
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=backuser&s5=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

status
200
date
Fri, 28 Feb 2020 13:21:35 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
content-type
application/javascript;charset=ISO-8859-1
check
ads.traffichunt.com/profile/
20 B
194 B
Script
General
Full URL
https://ads.traffichunt.com/profile/check?pid=TH&pxl=540
Requested by
Host: agxeg.lovechats.org
URL: https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:454c:f510:aac4:1a2d:3bb9:a21e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
5e0431e5c906bfa9c9a9aa40598b628aa6bf4a87de86a002930ea27bda013295

Request headers

Referer
https://agxeg.lovechats.org/c/c44213fa2bf7a303?s1=21203&s2=88504&s3=backuser&s5=456926&click_id=59d55j2g6ktdz765&j1=1&j3=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

status
200
date
Fri, 28 Feb 2020 13:21:35 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
content-type
application/javascript;charset=ISO-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
getad.xyz
URL
http://getad.xyz/go/216668/456926?

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| langs object| validateMgs number| chromeVersion boolean| exit boolean| dmp_res

3 Cookies

Domain/Path Name / Value
agxeg.lovechats.org/ Name: scriptHash
Value: 125259_21203_88504
agxeg.lovechats.org/ Name: unique_id
Value: 5e5240853af04187753300
agxeg.lovechats.org/ Name: unique_2702767
Value: unique_2702767

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.traffichunt.com
agxeg.lovechats.org
besweetlove.com
bidr.trellian.com
cdn-aimi.akamaized.net
click.amazingtechsavings.xyz
dcapitalone.com
fonts.googleapis.com
fonts.gstatic.com
getad.xyz
secure.click2partner.com
secure.clicktrkservices.com
yltenim.com
getad.xyz
103.224.182.206
103.224.182.243
116.202.81.140
198.143.165.219
2.16.106.192
205.147.93.131
2600:1f18:454c:f510:aac4:1a2d:3bb9:a21e
2a00:1450:4001:814::2003
2a00:1450:4001:821::200a
2a05:d018:244:5200::ab
35.168.149.183
45.32.234.189
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0766f527fcf931c99f93825401ea5d39f6cfe63b56bfd1050f9d1689a8266ab4
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
28fc8ba73f066dd013dbd0fc94fcb18eb6a0f6625297a9d383cc7dead0ce5c55
3f55cceb94344229dfb35de1786d50b34873ad1e806beae1a03095a35d0e8215
5e0431e5c906bfa9c9a9aa40598b628aa6bf4a87de86a002930ea27bda013295
6eefc13f4d9832e74173dea423bca495ceb7f4cbb888a19434d71a9bc0f69cb7
7bcebe0770f567353b327f616906376b005034c5a636937db52b9bfd3d7e579a
96be2ac71897aa8677e8b3d408c487f856ed2a3a9e2f294d6e252c7f71b3cc95
a51f5864488b232f84f164b20c0ec0e831a52f476b6a45ef4790e2045cd398ee
b5cb599656717546f2f976f1c75368abf7b243b8508a75d2153581183d08071f
c7bc68b63fd8a5c3ddd213a221c4b91e72af631bd1bc94a0c01e27901f678eb5
ccab67814770bb93678a8ba75cacb0f15f3b01ad181e632732964feaee33d000
e61a0986081cc47317ba0b1dcd059abf4886d974621258cee3a45d2405fe774a
e995207b3707f6c7314e208ac7cd8ffc3b6da917e40eb8dc7aae738ca42adfc0
f6fb0299840e4bdb05d7fa4447b794807e5dd8730146d255c28f5b0f18b96f44
fc84bf16dce1ed2525d1f0ab1cd6416c09362ab102c33cc0e24b915b3fae8ba1