ps.popcash.net Open in urlscan Pro
54.205.43.136 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dbfgame.co.uk/2525066FE6607794mx637842685Ix16594kC2vYr173129KL
Effective URL:
http://ps.popcash.net/go/142/26196/
Submission: On February 02 via manual (February 2nd 2023, 1:16:11 am UTC) from US — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 6 countries across 15 domains to perform 17 HTTP transactions. The main IP is 54.205.43.136, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is ps.popcash.net. The Cisco Umbrella rank of the primary domain is 235250.

This is the only time ps.popcash.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	89.41.182.104 89.41.182.104	33911 (TENNET) (TENNET)
1	216.137.177.180 216.137.177.180	55293 (A2HOSTING) (A2HOSTING)
4	2606:4700:303... 2606:4700:3032::6815:1cae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3035::ac43:9efb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	65.60.58.179 65.60.58.179	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2 3	51.68.85.158 51.68.85.158	16276 (OVH) (OVH)
1 1	34.90.46.36 34.90.46.36	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	51.161.115.163 51.161.115.163	16276 (OVH) (OVH)
1 1	51.83.143.92 51.83.143.92	16276 (OVH) (OVH)
2 4	2606:4700:e6:... 2606:4700:e6::ac40:c806	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:10:... 2606:4700:10::ac43:88d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	52.7.54.238 52.7.54.238	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1 1	2606:4700:303... 2606:4700:3035::6815:3426	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	54.205.43.136 54.205.43.136	14618 (AMAZON-AES) (AMAZON-AES)
1	157.90.90.238 157.90.90.238	24940 (HETZNER-AS) (HETZNER-AS)
17	10

1 89.41.182.104 (Romania) 1 redirects

ASN33911 (TENNET, RO)
PTR: polnice.com

dbfgame.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.137.177.180 (United States)

ASN55293 (A2HOSTING, US)
PTR: server.katyam11.com

melodyepiphany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3032::6815:1cae (United States)

ASN13335 (CLOUDFLARENET, US)

lynku.jukminung.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::ac43:9efb (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.60.58.179 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

otto.sherlowcke.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.68.85.158 (France) 2 redirects

ASN16276 (OVH, FR)

www.turbotrck.art	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.90.46.36 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 36.46.90.34.bc.googleusercontent.com

admoustache.go2affise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.161.115.163 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net

t2.blowingwnd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.83.143.92 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu

ron.trffclb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e6::ac40:c806 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

popmyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:88d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.54.238 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-54-238.compute-1.amazonaws.com

pritha-ner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:3426 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.205.43.136 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-43-136.compute-1.amazonaws.com

ps.popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.90.90.238 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.90.157.clients.your-server.de

adeumssp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	popmyads.com 2 redirects popmyads.com — Cisco Umbrella Rank: 216344	3 KB
4	jukminung.com lynku.jukminung.com	26 KB
3	popcash.net 2 redirects popcash.net — Cisco Umbrella Rank: 21031 ps.popcash.net — Cisco Umbrella Rank: 235250	1 KB
3	turbotrck.art 2 redirects www.turbotrck.art	6 KB
3	sherlowcke.com otto.sherlowcke.com	7 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 21	20 KB
2	amung.us 1 redirects whos.amung.us — Cisco Umbrella Rank: 15937 widgets.amung.us — Cisco Umbrella Rank: 15031	705 B
1	adeumssp.com adeumssp.com — Cisco Umbrella Rank: 73548
1	pritha-ner.com 1 redirects pritha-ner.com — Cisco Umbrella Rank: 872141	495 B
1	trffclb.com 1 redirects ron.trffclb.com — Cisco Umbrella Rank: 343239	294 B
1	blowingwnd.com 1 redirects t2.blowingwnd.com	287 B
1	go2affise.com 1 redirects admoustache.go2affise.com	264 B
1	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 574313	1 KB
1	melodyepiphany.com melodyepiphany.com	450 B
1	dbfgame.co.uk 1 redirects dbfgame.co.uk	307 B
17	15

	Domain	Requested by
4	popmyads.com	2 redirects www.turbotrck.art
4	lynku.jukminung.com	melodyepiphany.com lynku.jukminung.com
3	www.turbotrck.art	2 redirects otto.sherlowcke.com
3	otto.sherlowcke.com	lynku.jukminung.com otto.sherlowcke.com
2	ps.popcash.net	1 redirects popmyads.com
2	www.google-analytics.com	popmyads.com www.google-analytics.com
1	adeumssp.com	ps.popcash.net
1	popcash.net	1 redirects
1	pritha-ner.com	1 redirects
1	widgets.amung.us
1	whos.amung.us	1 redirects
1	ron.trffclb.com	1 redirects
1	t2.blowingwnd.com	1 redirects
1	admoustache.go2affise.com	1 redirects
1	cdn.addlnk.com	lynku.jukminung.com
1	melodyepiphany.com
1	dbfgame.co.uk	1 redirects
17	17

This site contains no links.

Subject Issuer	Validity	Valid
melodyepiphany.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-15` - `2023-04-14`	a year	crt.sh
*.jukminung.com E1	`2023-01-20` - `2023-04-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-15` - `2023-05-15`	a year	crt.sh
otto.sherlowcke.com R3	`2022-11-24` - `2023-02-22`	3 months	crt.sh
www.turbotrck.art R3	`2022-12-30` - `2023-03-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
adeumssp.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-08` - `2023-06-08`	a year	crt.sh

This page contains 2 frames:

Frame: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Frame ID: 17E05C2DB943FC48E8D01D6BFC8EE857
Requests: 14 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675296000
Frame ID: F2FB3F8C20A902F18B15330B698607F0
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://dbfgame.co.uk/2525066FE6607794mx637842685Ix16594kC2vYr173129KL HTTP 302
https://melodyepiphany.com/176558087bc3355b800/17b-2525066-6607794-173129-16594-/637842685 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1321173378&pubid=690524 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream... Page URL
https://otto.sherlowcke.com/?utm_term=7195360995928178733&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
https://otto.sherlowcke.com/proc.php?5e62c7ea5ef0b211022d588e1c67400319fb1af9 Page URL
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website... Page URL
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website... HTTP 302
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website... HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330006e66f14ff84366275cab9ad4335... HTTP 302
https://t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=63db0eb546cce0000... HTTP 302
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503 HTTP 302
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
https://popmyads.com/gget HTTP 302
http://pritha-ner.com/0646613250?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://... HTTP 302
https://popmyads.com/return/30?clickid=17cb8a50-a297-11ed-90ac-124810d340cb Page URL
https://popmyads.com/returngo/MTY3NTMwMDUzNDZIMTkwcmx0V3daOE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA... HTTP 302
http://popcash.net/world/go/142/26196/ HTTP 301
http://ps.popcash.net/go/142/26196/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

17
Requests

88 %
HTTPS

38 %
IPv6

15
Domains

17
Subdomains

10
IPs

6
Countries

63 kB
Transfer

132 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dbfgame.co.uk/2525066FE6607794mx637842685Ix16594kC2vYr173129KL HTTP 302
https://melodyepiphany.com/176558087bc3355b800/17b-2525066-6607794-173129-16594-/637842685 Page URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1321173378&pubid=690524 Page URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=8d9ae3c1&cid=puba5b9246d305e4c5bbe9421e9e10a4681&2=690524 Page URL
https://otto.sherlowcke.com/?utm_term=7195360995928178733&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e673 Page URL
https://otto.sherlowcke.com/proc.php?5e62c7ea5ef0b211022d588e1c67400319fb1af9 Page URL
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e674 Page URL
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e674&eyeg=76fe3811e08ca4f435f65d104999591b&eyer=0.8576170443122093&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e674&eyeg=3&eyer=0.8576170443122093&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330006e66f14ff84366275cab9ad4335015740202-202302-flb*5564921-b2be6*M7195360995928178733*sl_5564921-b2be6*da0cd5465ce717b6e19d776d1b4695fa4fc56a93*13260-2bb46d20-8b84edfd*13260 HTTP 302
https://t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=63db0eb546cce000014affc0&s=503 HTTP 302
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503 HTTP 302
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20= Page URL
https://popmyads.com/gget HTTP 302
http://pritha-ner.com/0646613250?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP 302
https://popmyads.com/return/30?clickid=17cb8a50-a297-11ed-90ac-124810d340cb Page URL
https://popmyads.com/returngo/MTY3NTMwMDUzNDZIMTkwcmx0V3daOE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDkuMC41NDE0LjExOSBTYWZhcmkvNTM3LjM2/30/1600x1200/8/4/0 HTTP 302
http://popcash.net/world/go/142/26196/ HTTP 301
http://ps.popcash.net/go/142/26196/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://dbfgame.co.uk/2525066FE6607794mx637842685Ix16594kC2vYr173129KL HTTP 302
https://melodyepiphany.com/176558087bc3355b800/17b-2525066-6607794-173129-16594-/637842685

Request Chain 10

https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e674&eyeg=76fe3811e08ca4f435f65d104999591b&eyer=0.8576170443122093&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e674&eyeg=3&eyer=0.8576170443122093&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330006e66f14ff84366275cab9ad4335015740202-202302-flb*5564921-b2be6*M7195360995928178733*sl_5564921-b2be6*da0cd5465ce717b6e19d776d1b4695fa4fc56a93*13260-2bb46d20-8b84edfd*13260 HTTP 302
https://t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=63db0eb546cce000014affc0&s=503 HTTP 302
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503 HTTP 302
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

Request Chain 11

https://whos.amung.us/swidget/popmyads.png HTTP 307
https://widgets.amung.us/draw/?w=small&n=18500&c=ffc20e000000&p=left

Request Chain 12

https://popmyads.com/gget HTTP 302
http://pritha-ner.com/0646613250?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30 HTTP 302
https://popmyads.com/return/30?clickid=17cb8a50-a297-11ed-90ac-124810d340cb

Request Chain 15

http://ps.popcash.net/ad/ad?p=142&w=26196&t=693cafeaa92479d2&r=&vw=1600&vh=1200 HTTP 303
https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

637842685
melodyepiphany.com/176558087bc3355b800/17b-2525066-6607794-173129-16594-/
Redirect Chain

http://dbfgame.co.uk/2525066FE6607794mx637842685Ix16594kC2vYr173129KL
https://melodyepiphany.com/176558087bc3355b800/17b-2525066-6607794-173129-16594-/637842685

137 B
450 B

1231ms
284ms

Document
text/html

216.137.177.180
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://melodyepiphany.com/176558087bc3355b800/17b-2525066-6607794-173129-16594-/637842685
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 216.137.177.180 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS: server.katyam11.com
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Length: 137
Content-Type: text/html; charset=UTF-8
Date: Thu, 02 Feb 2023 01:15:31 GMT
Server: Apache

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 02 Feb 2023 01:15:30 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.6 (CentOS)
location: https://melodyepiphany.com/176558087bc3355b800/17b-2525066-6607794-173129-16594-/637842685

GET
H2 200 9e8aef8068 Show response
lynku.jukminung.com/rc/ 3 KB
2 KB 188ms
110ms Document
text/html 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1321173378&pubid=690524
Requested by: Host: melodyepiphany.com
URL: https://melodyepiphany.com/176558087bc3355b800/17b-2525066-6607794-173129-16594-/637842685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 661eeb09f3ece87af3dc2495bf343042723c396eb2206e9bef0e2032f2c0c9dc

Request headers

Referer: https://melodyepiphany.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 792f13843aa59055-FRA
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Thu, 02 Feb 2023 01:15:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MF9HshaQLbVesGjuKnCLTOJvTA4QlyDtqwpHF4Kl3j%2B1SmOVwQJc7uXfJZ3RgkOCeFaQF8v%2BJqP1l1rExESpP0%2Bu72D7FOI6aX%2BnGJmpvN4jHb9yltyunNr941aXXa3YM%2B1WihGuQzqHwECcQA2XHvnI"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

GET
H2 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 46ms
12ms Stylesheet
text/css 2606:4700:3035::ac43:9efb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1321173378&pubid=690524
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9efb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 01:15:32 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 72BQ43Z832DMHS8A
age: 1118
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b8nawOXLIPwmkKHw3w7cN0eqa5xjozgoelLtDhfQbKHoz6Q9hf%2FstSrzdUc8qKtsIwzqSFEw5MEifcwSPFvbeHvVaxX2CoeNMWsBJnxKutTdhap3q1zxTi5VNgbSK5kja6lvVxnTsUMfT%2BN5iA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 792f13852e2d9052-FRA

GET
H2 200 invisible.js Show response
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame F2FB 35 KB
14 KB 12ms
11ms Script
application/javascript 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675296000
Requested by: Host: melodyepiphany.com
URL: https://melodyepiphany.com/176558087bc3355b800/17b-2525066-6607794-173129-16594-/637842685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51321aca5564bea90404fa9b0d944f0dc53a65718d70a3ec925200c5806f93a7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 01:15:32 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AIyR4GYOD92QHTzG%2Fs0yrx9x49bQesojVdd2DrM6JnTm8XfdKIB0BT7z6aPP1o4Ku%2FSY7kTEvAFu%2BP1%2BWj81UtmQYFJCyUH0iVuerWUIxr%2FdCFB31TXBH%2BVPM%2FGl6C3UfZeRMNjlNWiqrXUIixglLxsH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 792f13855b1d9055-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame F2FB 20 KB
9 KB 12ms
12ms Other
application/javascript 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2023dedef5db69cbcb4c179cde19af6c6486d841cc47cf76b1488f33c3835b9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 01:15:32 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tkNOYrFBs6hsNF6%2BhZKHX2BB9K64HwnxUvfRvPAhv%2BAXBj6%2Fx4YdHm9V5IezWLKhSUQ3jhCrAMT8GNKnuxXdnIb4hjKZI1kcg2k1ayQ%2FHB4fRaBSg9y6l5VLwkGXhgfYyf2T4cxCC9vQQVINEiuByJN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 792f13857ec43a57-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 /
otto.sherlowcke.com/ 3 KB
2 KB 375ms
110ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=8d9ae3c1&cid=puba5b9246d305e4c5bbe9421e9e10a4681&2=690524

Requested by

Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1321173378&pubid=690524

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.2.0

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 01:15:32 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://otto.sherlowcke.com/?utm_term=7195360995928178733&ver=4viyaptcjo
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains
vary: Accept-Encoding
x-powered-by: PHP/8.2.0

POST
H3 200 792f13843aa59055
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame F2FB 2 B
676 B 25ms
25ms XHR
text/plain 2606:4700:3032::6815:1cae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/cv/result/792f13843aa59055
Requested by: Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675296000
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 02 Feb 2023 01:15:32 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V5W0kNjKWLWrtNtLcK42IcazVQ7Wrt%2FNcwHOmPDzxy5cc4rKYnuRVMzs90Zurnc4LXGUR%2B0tIozNXsV3agAfRpZNSEmDCfqAd9JZOKBxpV5Nhve8SaCRifdTjK%2BsOs5EHQTpvphWqa0IsSyf%2BLDS2yZ%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 792f13879ffc3a57-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
otto.sherlowcke.com/ 9 KB
3 KB 120ms
120ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/?utm_term=7195360995928178733&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e673

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=8d9ae3c1&cid=puba5b9246d305e4c5bbe9421e9e10a4681&2=690524

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.2.0

Resource Hash

78a45ce85883c021173e2f29161ea864248d92f99d0049218480c00dd6966de3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains

Request headers

Referer: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=8d9ae3c1&cid=puba5b9246d305e4c5bbe9421e9e10a4681&2=690524
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 02 Feb 2023 01:15:32 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains
vary: Accept-Encoding
x-powered-by: PHP/8.2.0

GET
H2 200 proc.php
otto.sherlowcke.com/ 4 KB
2 KB 110ms
110ms Document
text/html 65.60.58.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://otto.sherlowcke.com/proc.php?5e62c7ea5ef0b211022d588e1c67400319fb1af9

Requested by

Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_term=7195360995928178733&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e673

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/8.2.0

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains

Request headers

Referer: https://otto.sherlowcke.com/?utm_term=7195360995928178733&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e673
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 01:15:32 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubdomains
vary: Accept-Encoding
x-powered-by: PHP/8.2.0

GET
H/1.1 200
OK /
www.turbotrck.art/ 5 KB
5 KB 130ms
29ms Document
text/html 51.68.85.158
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e674
Requested by: Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/proc.php?5e62c7ea5ef0b211022d588e1c67400319fb1af9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.85.158 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://otto.sherlowcke.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-CH: Sec-CH-UA-Platform-Version
Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Thu, 02 Feb 2023 01:15:33 GMT
Transfer-Encoding: chunked

GET
H2

200

aHR0cDovL3RyYWZmaXgxMy5jb20=
popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/
Redirect Chain

https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbe...
https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbe...
https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=330006e66f14ff84366275cab9ad4335015740202-202302-flb*5564921-b2be6*M7195360995928178733*sl_5564921-b2be6*da0cd5465ce717...
https://t2.blowingwnd.com/l.php?p=c:o6450ylcdnn31butk&d=624e9ea3e8e2a8163b65d246&pid=63db0eb546cce000014affc0&s=503
https://ron.trffclb.com/f.php?p=c:9qopki6xwqp7b0yj1&d=603611c5b7eaf46891533240&s=ys_503
https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

2 KB
1 KB

59ms
27ms

Document
text/html

2606:4700:e6::ac40:c806
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=

Requested by

Host: www.turbotrck.art
URL: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e674

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:c806 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

Referer: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7195360995928178733&website=13260-2bb46d20-8b84edfd&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889bf8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf7f1f2f4f3f2eaeaeaedefe6eae4e674
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 792f138f580e9113-FRA
content-encoding: br
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 01:15:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ESyMhxV67mB3e%2FtxIrTNFN%2BjjbTX%2Brl7tiTn0Y9%2FRRcyjvwoYpss%2B0iXO4YnyuPhoBq8I54kLnw7CmOjR507MAXsavtZ819chccKyk9Miw1V7nbND7rlX5MHktcT5VRovrEloHHtdX9WOpM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: DENY
x-powered-by: PHP/7.1.33

Redirect headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 02 Feb 2023 01:15:33 GMT
Location: https://popmyads.com/serve/52264/64661/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgxMy5jb20=
Raund: 12uf2w0vxv-300
Round: 11kgq037yu
Server: nginx

GET
H2

200

/
widgets.amung.us/draw/
Redirect Chain

https://whos.amung.us/swidget/popmyads.png
https://widgets.amung.us/draw/?w=small&n=18500&c=ffc20e000000&p=left

365 B
531 B

33ms
19ms

Image
image/png

2606:4700:10::ac43:88d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.amung.us/draw/?w=small&n=18500&c=ffc20e000000&p=left
Protocol: H2
Server: 2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://popmyads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 01:15:33 GMT
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2023 06:08:50 GMT
server: cloudflare
age: 760003
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2678400
content-disposition: filename=wau-widget.png
cf-ray: 792f1390b8ad9be8-FRA
expires: Wed, 25 Jan 2023 06:08:50 GMT

Redirect headers

location: https://widgets.amung.us/draw/?w=small&n=18500&c=ffc20e000000&p=left
date: Thu, 02 Feb 2023 01:15:33 GMT
cache-control: max-age=295
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 792f138fc8159be8-FRA
content-type: text/html; charset=UTF-8

GET
H3

200

30
popmyads.com/return/
Redirect Chain

https://popmyads.com/gget
http://pritha-ner.com/0646613250?adTagId=20111650-aa5d-11e6-a4a9-0e855f2e0669&fallbackUrl=https://popmyads.com/return/30
https://popmyads.com/return/30?clickid=17cb8a50-a297-11ed-90ac-124810d340cb

1 KB
1 KB

40ms
39ms

Document
text/html

2606:4700:e6::ac40:c806
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popmyads.com/return/30?clickid=17cb8a50-a297-11ed-90ac-124810d340cb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e6::ac40:c806 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://popmyads.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 792f1392aba49150-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 01:15:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yU33L1I9vG%2BPfNgJUvZBQWpRtmtxleJbOmxYmnsuXmo2AaiqpMUMNDCfu4cZZ1M5YhPLRivlemSn5SgK7oHvVQ%2FFVCuZuuEkIfUO3W7MYIrAZlWE473v4coPU6psbTRZs2tlfsaJGcXPDzU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33

Redirect headers

Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Connection: keep-alive
Content-Length: 0
Date: Thu, 02 Feb 2023 01:15:34 GMT
Location: https://popmyads.com/return/30?clickid=17cb8a50-a297-11ed-90ac-124810d340cb
Server: YBoygoex
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'

GET
H2 200 analytics.js
www.google-analytics.com/ 49 KB
20 KB 121ms
37ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: popmyads.com
URL: https://popmyads.com/return/30?clickid=17cb8a50-a297-11ed-90ac-124810d340cb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://popmyads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 02 Feb 2023 00:13:15 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 3739
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 02 Feb 2023 02:13:15 GMT

GET
H/1.1

200
OK

Primary Request / Show response
ps.popcash.net/go/142/26196/
Redirect Chain

https://popmyads.com/returngo/MTY3NTMwMDUzNDZIMTkwcmx0V3daOE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDkuMC41NDE0LjExOSB...
http://popcash.net/world/go/142/26196/
http://ps.popcash.net/go/142/26196/

422 B
455 B

284ms
108ms

Document
text/html

54.205.43.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://ps.popcash.net/go/142/26196/
Requested by: Host: popmyads.com
URL: https://popmyads.com/return/30?clickid=17cb8a50-a297-11ed-90ac-124810d340cb
Protocol: HTTP/1.1
Server: 54.205.43.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-205-43-136.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a93256694cca16587cbf32e56427c03b83cb6a9a38edd4ac6ae23aae7d85e510

Request headers

Referer: https://popmyads.com/return/30?clickid=17cb8a50-a297-11ed-90ac-124810d340cb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Length: 267
Content-Type: text/html
Date: Thu, 02 Feb 2023 01:15:34 GMT
Server: nginx
Vary: Accept-Encoding

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 792f139379b09061-FRA
Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Thu, 02 Feb 2023 01:15:34 GMT
Location: http://ps.popcash.net/go/142/26196/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2FhCfhoqbTYOfsivZNMDjjdTsuggapKFPlfmLcPqPybF%2B7HTGgvph44haiUE1znPOzzVg13gVJIOgos1xfNtasNWuX2QGsKgjUYgj5VwEYoItqOBa1bQ%2BZMJvCeIgA%2BRqCjVDSbkZduP"}],"group":"cf-nel","max_age":604800}
Server: cloudflare

POST
H2 200 collect
www.google-analytics.com/j/ 2 B
205 B 45ms
45ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=712681121&t=pageview&_s=1&dl=https%3A%2F%2Fpopmyads.com%2Freturn%2F30%3Fclickid%3D17cb8a50-a297-11ed-90ac-124810d340cb&ul=en-us&de=UTF-8&dt=PopMyAds%20Redirecting...&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAACAAI~&jid=555311825&gjid=2018896357&cid=392736851.1675300534&tid=UA-43135408-1&_gid=1841503376.1675300534&_r=1&_slc=1&z=818965592

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://popmyads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 Feb 2023 01:15:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://popmyads.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

smart
adeumssp.com/
Redirect Chain

http://ps.popcash.net/ad/ad?p=142&w=26196&t=693cafeaa92479d2&r=&vw=1600&vh=1200
https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click

0
0

73ms
14ms

Document
text/plain

157.90.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click

Requested by

Host: ps.popcash.net
URL: http://ps.popcash.net/go/142/26196/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.90.90.238 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.238.90.90.157.clients.your-server.de

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: http://ps.popcash.net/go/142/26196/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Thu, 02 Feb 2023 01:15:35 GMT
strict-transport-security: max-age=15724800; includeSubDomains
x-content-type-options: nosniff

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 02 Feb 2023 01:15:35 GMT
Location: https://adeumssp.com/smart?p=CsxnKsUCG9yw6Ygyhidzm6oiJ2jrV4PSrgPJitGQya&s=adeum.click
Server: nginx

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange number| x number| y

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
melodyepiphany.com/	1970-01-20 10:04:52	Name: uid15295 Value: 1321173378-20230201201531-c1088813177ca3da6a61a07d783a4852-
lynku.jukminung.com/	1970-01-20 09:31:45	Name: AWSALB Value: LX9TgHwDsTY6NKCAyeiSLRqme5T+2y1g7qgZsZuuL2GEZCam5Yijt/YG/VwWfKMEZ9pXln2YFHjZX/AHTuIsP/KsKZnJU4Fa1ISmBe8zPDSbzEel9P/IQfDszxFD
.jukminung.com/	1970-01-20 09:21:42	Name: __cf_bm Value: 0f1ttt7tmQWCfegQucY_3x9WKwL3HlqFV1KwhqganVg-1675300532-0-AZ6jSZqrbtDTIbTaawjOl4dgD1Kll+U28Xk/D+3Fva2ba1saLAumBKbnV4ZVQL1i+OvOkCIVjzKHG7WLvcU6GGismyLCOit3gd0/pbQ3Juy6/5n4LQdf7piqXF0++FpvrVZ7fclwbtsgnctf/d6bzRo=
otto.sherlowcke.com/	1970-01-20 18:07:16	Name: u Value: 6980012130647bdf48bbfb86bbe09dbf
admoustache.go2affise.com/	1970-01-20 18:07:16	Name: afclick Value: 63db0eb546cce000014affc0
.popmyads.com/	1970-01-20 18:57:40	Name: _ga Value: GA1.2.392736851.1675300534
.popmyads.com/	1970-01-20 09:23:06	Name: _gid Value: GA1.2.1841503376.1675300534
.popmyads.com/	1970-01-20 09:21:40	Name: _gat Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adeumssp.com
admoustache.go2affise.com
cdn.addlnk.com
dbfgame.co.uk
lynku.jukminung.com
melodyepiphany.com
otto.sherlowcke.com
popcash.net
popmyads.com
pritha-ner.com
ps.popcash.net
ron.trffclb.com
t2.blowingwnd.com
whos.amung.us
widgets.amung.us
www.google-analytics.com
www.turbotrck.art
157.90.90.238
216.137.177.180
2606:4700:10::ac43:88d
2606:4700:3032::6815:1cae
2606:4700:3035::6815:3426
2606:4700:3035::ac43:9efb
2606:4700:e6::ac40:c806
2a00:1450:4001:80f::200e
34.90.46.36
51.161.115.163
51.68.85.158
51.83.143.92
52.7.54.238
54.205.43.136
65.60.58.179
89.41.182.104
51321aca5564bea90404fa9b0d944f0dc53a65718d70a3ec925200c5806f93a7
661eeb09f3ece87af3dc2495bf343042723c396eb2206e9bef0e2032f2c0c9dc
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
78a45ce85883c021173e2f29161ea864248d92f99d0049218480c00dd6966de3
a93256694cca16587cbf32e56427c03b83cb6a9a38edd4ac6ae23aae7d85e510
c2023dedef5db69cbcb4c179cde19af6c6486d841cc47cf76b1488f33c3835b9

ps.popcash.net Open in urlscan Pro 54.205.43.136 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

88 %HTTPS

38 %IPv6

15 Domains

17 Subdomains

10 IPs

6 Countries

63 kBTransfer

132 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

8 Cookies

Indicators

ps.popcash.net Open in urlscan Pro
54.205.43.136 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

88 %
HTTPS

38 %
IPv6

15
Domains

17
Subdomains

10
IPs

6
Countries

63 kB
Transfer

132 kB
Size

8
Cookies

17 HTTP transactions
0 data transactions