urlscan.io logo urlscan.io
SecurityTrails logo

play.leadzuaf.com Open in urlscan Pro
217.13.124.96  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://xrpflix.xyz/
Effective URL: https://play.leadzuaf.com/red/?code=2KKE0ZC39KLK&a=6808375195510767813&pubid=240
Submission: On March 26 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 7 domains to perform 7 HTTP transactions. The main IP is 217.13.124.96, located in Spain and belongs to NEXICA-AS, ES. The main domain is play.leadzuaf.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 20th 2019. Valid for: a year.
This is the only time play.leadzuaf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 103.224.182.249 133618 (TRELLIAN-...)
1 4 103.224.182.206 133618 (TRELLIAN-...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 173.236.118.102 32475 (SINGLEHOP...)
1 217.13.124.96 24592 (NEXICA-AS)
1 217.13.124.74 24592 (NEXICA-AS)
7 5
1    103.224.182.249 (Australia)

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-182-249.above.com
xrpflix.xyz
4    103.224.182.206 (Australia)

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: bidr.trellian.com
bidr.trellian.com
1    2606:4700:3035::681c:f4a (United States)

ASN13335 (CLOUDFLARENET, US)
secure.clicktrade.org
1    2606:4700:3031::6818:6e52 (United States)

ASN13335 (CLOUDFLARENET, US)
secure.click2partner.com
2    173.236.118.102 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
click.affordableshape.com
1    217.13.124.96 (Spain)

ASN24592 (NEXICA-AS, ES)
PTR: unnamed.nexica.net
play.leadzuaf.com
1    217.13.124.74 (Spain)

ASN24592 (NEXICA-AS, ES)
PTR: unnamed.nexica.net
services.fast-push.com
Domain Requested by
4 bidr.trellian.com 1 redirects bidr.trellian.com
2 click.affordableshape.com 1 redirects
1 services.fast-push.com
1 play.leadzuaf.com click.affordableshape.com
1 secure.click2partner.com bidr.trellian.com
1 secure.clicktrade.org 1 redirects
1 xrpflix.xyz 1 redirects
7 7

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-03-24 -
2020-10-09		 7 months crt.sh
click.affordableshape.com
Let's Encrypt Authority X3		 2020-03-13 -
2020-06-11		 3 months crt.sh
leadzuin.com
Sectigo RSA Domain Validation Secure Server CA		 2019-05-20 -
2020-06-18		 a year crt.sh
services.fast-push.com
Let's Encrypt Authority X3		 2020-03-16 -
2020-06-14		 3 months crt.sh

This page contains 1 frames:

Frame: https://services.fast-push.com/index.html?formato=331kow4c240&a=1585198380mb24439285789&target=BE
Frame ID: AEA042E909A87CF93AD2A1A2948DA060
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://xrpflix.xyz/ HTTP 302
    http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNo... Page URL
  2. http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrade.org%2Findex.php%3Fkey%3Dz6lzicrucf3l... HTTP 302
    https://secure.clicktrade.org/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1636801621&sid=2020032615... HTTP 302
    https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campai... Page URL
  3. https://click.affordableshape.com/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2... Page URL
  4. https://click.affordableshape.com/proc.php?1144286aeb41b744aaf7c31266ab4a21cede3fbe HTTP 302
    https://play.leadzuaf.com/red/?code=2KKE0ZC39KLK&a=6808375195510767813&pubid=240 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Debian/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

57 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

5
IPs

3
Countries

7 kB
Transfer

12 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://xrpflix.xyz/ HTTP 302
    http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMgeadYy1y3Ddeu8lm%2Fr5bv6nIj3B5t%2FmhHECUPb9b2iHh%2FnSwGgf8jm26cTUX%2FnGIcXTgnqaqPdyJCnyV9qnEKqAptmFzjgjMk7qTu4kCqT2CnpSrJVDZuJM8bDqDnHNoUHVBGUtYgkFEDWugbvoGfTTFKIoNrygHXjaofR78JLDNH3k%2F7VGG0ZJU9ge%2FC3lSDyGfciYXImJ4ml6RG5s8NAV2S3hFfGTY6zubXCEDp3uw828SiMeufLag6%2FwYf3ED9bDSGEMChJDIC3gBOpY9T3iqTDXkdXrszRSKHeRlGH85ftnYQmB5Um%2F%2BSrj%2F7MJUMZTHI3JvUy2gSOtiocd7i%2FNqfeTaQ2AQD2tMUTtXRIkm50L%2BPPvI8Oeabm%2FL%2F9z2VBGXByHuuuiFRrVNKyoAKce7vZeoe%2ByaItBhtqNReTRxdML0n2E1Doe7fMy867pwSPq8wlQ%2FBJ20ck5iOAtNpyrBq6eHdKtKDYj63tZaz7oF7twCxHoS3frIh0Ce81fD8X5vv3pkXgn5BFR8cjEDhohlNK73ySKeSNRNEigqQj32cMRBO9pVWDm9QAOwSSLLwS5E%2FMi5huBHdJhYyL%2BM4D7%2Bp88Pm6FZ3r1zaL%2BTL61d6hbmFgxI2%2FZROsTxqLBM347Lv4q2z Page URL
  2. http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrade.org%2Findex.php%3Fkey%3Dz6lzicrucf3l6lfp558m%26cpv%3D0.005%26subid%3D1636801621%26sid%3D20200326155257bda7c1b813410d79bd&s=j HTTP 302
    https://secure.clicktrade.org/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1636801621&sid=20200326155257bda7c1b813410d79bd HTTP 302
    https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2&url_bnm_redirect=https://click.affordableshape.com/ Page URL
  3. https://click.affordableshape.com/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2 Page URL
  4. https://click.affordableshape.com/proc.php?1144286aeb41b744aaf7c31266ab4a21cede3fbe HTTP 302
    https://play.leadzuaf.com/red/?code=2KKE0ZC39KLK&a=6808375195510767813&pubid=240 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://xrpflix.xyz/ HTTP 302
  • http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMgeadYy1y3Ddeu8lm%2Fr5bv6nIj3B5t%2FmhHECUPb9b2iHh%2FnSwGgf8jm26cTUX%2FnGIcXTgnqaqPdyJCnyV9qnEKqAptmFzjgjMk7qTu4kCqT2CnpSrJVDZuJM8bDqDnHNoUHVBGUtYgkFEDWugbvoGfTTFKIoNrygHXjaofR78JLDNH3k%2F7VGG0ZJU9ge%2FC3lSDyGfciYXImJ4ml6RG5s8NAV2S3hFfGTY6zubXCEDp3uw828SiMeufLag6%2FwYf3ED9bDSGEMChJDIC3gBOpY9T3iqTDXkdXrszRSKHeRlGH85ftnYQmB5Um%2F%2BSrj%2F7MJUMZTHI3JvUy2gSOtiocd7i%2FNqfeTaQ2AQD2tMUTtXRIkm50L%2BPPvI8Oeabm%2FL%2F9z2VBGXByHuuuiFRrVNKyoAKce7vZeoe%2ByaItBhtqNReTRxdML0n2E1Doe7fMy867pwSPq8wlQ%2FBJ20ck5iOAtNpyrBq6eHdKtKDYj63tZaz7oF7twCxHoS3frIh0Ce81fD8X5vv3pkXgn5BFR8cjEDhohlNK73ySKeSNRNEigqQj32cMRBO9pVWDm9QAOwSSLLwS5E%2FMi5huBHdJhYyL%2BM4D7%2Bp88Pm6FZ3r1zaL%2BTL61d6hbmFgxI2%2FZROsTxqLBM347Lv4q2z
Request Chain 3
  • http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrade.org%2Findex.php%3Fkey%3Dz6lzicrucf3l6lfp558m%26cpv%3D0.005%26subid%3D1636801621%26sid%3D20200326155257bda7c1b813410d79bd&s=j HTTP 302
  • https://secure.clicktrade.org/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1636801621&sid=20200326155257bda7c1b813410d79bd HTTP 302
  • https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2&url_bnm_redirect=https://click.affordableshape.com/

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set r2.php
bidr.trellian.com/
Redirect Chain
  • http://xrpflix.xyz/
  • http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMge...
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMgeadYy1y3Ddeu8lm%2Fr5bv6nIj3B5t%2FmhHECUPb9b2iHh%2FnSwGgf8jm26cTUX%2FnGIcXTgnqaqPdyJCnyV9qnEKqAptmFzjgjMk7qTu4kCqT2CnpSrJVDZuJM8bDqDnHNoUHVBGUtYgkFEDWugbvoGfTTFKIoNrygHXjaofR78JLDNH3k%2F7VGG0ZJU9ge%2FC3lSDyGfciYXImJ4ml6RG5s8NAV2S3hFfGTY6zubXCEDp3uw828SiMeufLag6%2FwYf3ED9bDSGEMChJDIC3gBOpY9T3iqTDXkdXrszRSKHeRlGH85ftnYQmB5Um%2F%2BSrj%2F7MJUMZTHI3JvUy2gSOtiocd7i%2FNqfeTaQ2AQD2tMUTtXRIkm50L%2BPPvI8Oeabm%2FL%2F9z2VBGXByHuuuiFRrVNKyoAKce7vZeoe%2ByaItBhtqNReTRxdML0n2E1Doe7fMy867pwSPq8wlQ%2FBJ20ck5iOAtNpyrBq6eHdKtKDYj63tZaz7oF7twCxHoS3frIh0Ce81fD8X5vv3pkXgn5BFR8cjEDhohlNK73ySKeSNRNEigqQj32cMRBO9pVWDm9QAOwSSLLwS5E%2FMi5huBHdJhYyL%2BM4D7%2Bp88Pm6FZ3r1zaL%2BTL61d6hbmFgxI2%2FZROsTxqLBM347Lv4q2z
Protocol
HTTP/1.1
Server
103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
bidr.trellian.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
1d22b1bf77b2128065b15ade5b6002965e5036d33408c21cf7b14b117c687b51

Request headers

Host
bidr.trellian.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 26 Mar 2020 04:52:57 GMT
Server
Apache/2.4.25 (Debian)
Set-Cookie
__dsnsid=20200326155257bda7c1b813410d79bd; expires=Fri, 26-Mar-2021 04:52:57 GMT; Max-Age=31536000; path=/; domain=bidr.trellian.com
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1227
Connection
close
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 26 Mar 2020 04:52:57 GMT
Server
Apache/2.4.25 (Debian)
Set-Cookie
__tad=1585198377.6018622; expires=Sun, 24-Mar-2030 04:52:57 GMT; Max-Age=315360000
Location
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMgeadYy1y3Ddeu8lm%2Fr5bv6nIj3B5t%2FmhHECUPb9b2iHh%2FnSwGgf8jm26cTUX%2FnGIcXTgnqaqPdyJCnyV9qnEKqAptmFzjgjMk7qTu4kCqT2CnpSrJVDZuJM8bDqDnHNoUHVBGUtYgkFEDWugbvoGfTTFKIoNrygHXjaofR78JLDNH3k%2F7VGG0ZJU9ge%2FC3lSDyGfciYXImJ4ml6RG5s8NAV2S3hFfGTY6zubXCEDp3uw828SiMeufLag6%2FwYf3ED9bDSGEMChJDIC3gBOpY9T3iqTDXkdXrszRSKHeRlGH85ftnYQmB5Um%2F%2BSrj%2F7MJUMZTHI3JvUy2gSOtiocd7i%2FNqfeTaQ2AQD2tMUTtXRIkm50L%2BPPvI8Oeabm%2FL%2F9z2VBGXByHuuuiFRrVNKyoAKce7vZeoe%2ByaItBhtqNReTRxdML0n2E1Doe7fMy867pwSPq8wlQ%2FBJ20ck5iOAtNpyrBq6eHdKtKDYj63tZaz7oF7twCxHoS3frIh0Ce81fD8X5vv3pkXgn5BFR8cjEDhohlNK73ySKeSNRNEigqQj32cMRBO9pVWDm9QAOwSSLLwS5E%2FMi5huBHdJhYyL%2BM4D7%2Bp88Pm6FZ3r1zaL%2BTL61d6hbmFgxI2%2FZROsTxqLBM347Lv4q2z
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
jscheck.js
bidr.trellian.com/javascript/ 		858 B
701 B 		Script
General
Check archive.org
Download Go to
Full URL
http://bidr.trellian.com/javascript/jscheck.js
Requested by
Host: bidr.trellian.com
URL: http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMgeadYy1y3Ddeu8lm%2Fr5bv6nIj3B5t%2FmhHECUPb9b2iHh%2FnSwGgf8jm26cTUX%2FnGIcXTgnqaqPdyJCnyV9qnEKqAptmFzjgjMk7qTu4kCqT2CnpSrJVDZuJM8bDqDnHNoUHVBGUtYgkFEDWugbvoGfTTFKIoNrygHXjaofR78JLDNH3k%2F7VGG0ZJU9ge%2FC3lSDyGfciYXImJ4ml6RG5s8NAV2S3hFfGTY6zubXCEDp3uw828SiMeufLag6%2FwYf3ED9bDSGEMChJDIC3gBOpY9T3iqTDXkdXrszRSKHeRlGH85ftnYQmB5Um%2F%2BSrj%2F7MJUMZTHI3JvUy2gSOtiocd7i%2FNqfeTaQ2AQD2tMUTtXRIkm50L%2BPPvI8Oeabm%2FL%2F9z2VBGXByHuuuiFRrVNKyoAKce7vZeoe%2ByaItBhtqNReTRxdML0n2E1Doe7fMy867pwSPq8wlQ%2FBJ20ck5iOAtNpyrBq6eHdKtKDYj63tZaz7oF7twCxHoS3frIh0Ce81fD8X5vv3pkXgn5BFR8cjEDhohlNK73ySKeSNRNEigqQj32cMRBO9pVWDm9QAOwSSLLwS5E%2FMi5huBHdJhYyL%2BM4D7%2Bp88Pm6FZ3r1zaL%2BTL61d6hbmFgxI2%2FZROsTxqLBM347Lv4q2z
Protocol
HTTP/1.1
Server
103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
bidr.trellian.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
0766f527fcf931c99f93825401ea5d39f6cfe63b56bfd1050f9d1689a8266ab4

Request headers

Referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMgeadYy1y3Ddeu8lm%2Fr5bv6nIj3B5t%2FmhHECUPb9b2iHh%2FnSwGgf8jm26cTUX%2FnGIcXTgnqaqPdyJCnyV9qnEKqAptmFzjgjMk7qTu4kCqT2CnpSrJVDZuJM8bDqDnHNoUHVBGUtYgkFEDWugbvoGfTTFKIoNrygHXjaofR78JLDNH3k%2F7VGG0ZJU9ge%2FC3lSDyGfciYXImJ4ml6RG5s8NAV2S3hFfGTY6zubXCEDp3uw828SiMeufLag6%2FwYf3ED9bDSGEMChJDIC3gBOpY9T3iqTDXkdXrszRSKHeRlGH85ftnYQmB5Um%2F%2BSrj%2F7MJUMZTHI3JvUy2gSOtiocd7i%2FNqfeTaQ2AQD2tMUTtXRIkm50L%2BPPvI8Oeabm%2FL%2F9z2VBGXByHuuuiFRrVNKyoAKce7vZeoe%2ByaItBhtqNReTRxdML0n2E1Doe7fMy867pwSPq8wlQ%2FBJ20ck5iOAtNpyrBq6eHdKtKDYj63tZaz7oF7twCxHoS3frIh0Ce81fD8X5vv3pkXgn5BFR8cjEDhohlNK73ySKeSNRNEigqQj32cMRBO9pVWDm9QAOwSSLLwS5E%2FMi5huBHdJhYyL%2BM4D7%2Bp88Pm6FZ3r1zaL%2BTL61d6hbmFgxI2%2FZROsTxqLBM347Lv4q2z
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 26 Mar 2020 04:52:58 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Aug 2018 01:10:02 GMT
Server
Apache/2.4.25 (Debian)
ETag
"35a-572ce0dbb0b39-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
388
jscheck.php
bidr.trellian.com/ 		0
166 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://bidr.trellian.com/jscheck.php?enc=cF8L0S4UvzZFbF2sJTBoT6Zi5VbFjeetAgEBW%2BLIQ4uvknrSNvSpUX3Tric1Iz41YngspgBEmVv1XTjuGCFzvhC%2F3egGxe2ILdEpxfsVL5KHK%2F6C8ilgQfDZuFjLGEnHbZmByMKCD8p9wSLnp3pTiWx94Rqu3bQDUJi6QUj8XKqtJijp4ffwJdTFeTuBiwHdOPNh55sEa1eY4mgjt%2F7JXnZrJPADvvfiWYmwGMcy4mYaax0blvUxc3YWDT%2FpXAH5Wy9vsNw5hvfrxT93V44BdyRQQ%2FquJIWX4k23QFUHtYEmSPYEVsmF7hSDADp5E4dquOR0d6kIlmT3zLysa3vUK83E8HJbrICM82zjFXI%2BBPTM8h9KuvVqfDW0pM8F8GPSu5kZ%2FYjcKnebcMiAiE7jcvc3yDLzIM8YLxaLBfgw%2BIY0rG3kY%2BEVo7fPESAnDJU%2F%2BqbGAGxH%2BDp1I6eJ%2FH0WNrcRANFTCOcJQI3OEZbFGMPnx%2B35E2eYsELZLACNwoGlSUrost4Kerq%2By0Qo0Nz%2F1ZnrtzXcUoGcIeoCBEBthrrUoVrn7G3%2BhLib8rzFUxl%2FUqKk%2BksHwxA5wKnIOx1royxrSRky8nHfHKF6xhHU6dEe84thKKEEZ3ukFWXItt4YnSgFnFu9fUe%2Bc7Mj%2FoI9qFBAH23wlG9yUywYO7dATztVUJU4tXmxgfyq%2BDD3niis%2BnZmtqm911v8Nbo%2B85pbloRjw7zxe%2BNh4Gblm%2FG8dfnkmyTvAuxesCkR5HwbonIaX8VkN5TRuM6gMU3bi4FABVxWD9gROxu63dqutwCTBVZIvZcgyTh94V8p5%2Fp5ZyoAw6JzupSuEAv97Hn23iJsIAXL%2BtGVfMZkEmGPbx4K%2BjgsgvxuzwZYMGEIitt9o3%2BjwG4utvhjSxlb%2FOmbYMkbTGRxgPjBZalZ%2BMHIaBNnxTt4e1m2AseP8Q%3D%3D&rand=0.9280530556403013
Requested by
Host: bidr.trellian.com
URL: http://bidr.trellian.com/javascript/jscheck.js
Protocol
HTTP/1.1
Server
103.224.182.206 , Australia, ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU),
Reverse DNS
bidr.trellian.com
Software
Apache/2.4.25 (Debian) /
Resource Hash

Request headers

Referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMgeadYy1y3Ddeu8lm%2Fr5bv6nIj3B5t%2FmhHECUPb9b2iHh%2FnSwGgf8jm26cTUX%2FnGIcXTgnqaqPdyJCnyV9qnEKqAptmFzjgjMk7qTu4kCqT2CnpSrJVDZuJM8bDqDnHNoUHVBGUtYgkFEDWugbvoGfTTFKIoNrygHXjaofR78JLDNH3k%2F7VGG0ZJU9ge%2FC3lSDyGfciYXImJ4ml6RG5s8NAV2S3hFfGTY6zubXCEDp3uw828SiMeufLag6%2FwYf3ED9bDSGEMChJDIC3gBOpY9T3iqTDXkdXrszRSKHeRlGH85ftnYQmB5Um%2F%2BSrj%2F7MJUMZTHI3JvUy2gSOtiocd7i%2FNqfeTaQ2AQD2tMUTtXRIkm50L%2BPPvI8Oeabm%2FL%2F9z2VBGXByHuuuiFRrVNKyoAKce7vZeoe%2ByaItBhtqNReTRxdML0n2E1Doe7fMy867pwSPq8wlQ%2FBJ20ck5iOAtNpyrBq6eHdKtKDYj63tZaz7oF7twCxHoS3frIh0Ce81fD8X5vv3pkXgn5BFR8cjEDhohlNK73ySKeSNRNEigqQj32cMRBO9pVWDm9QAOwSSLLwS5E%2FMi5huBHdJhYyL%2BM4D7%2Bp88Pm6FZ3r1zaL%2BTL61d6hbmFgxI2%2FZROsTxqLBM347Lv4q2z
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 26 Mar 2020 04:52:58 GMT
Server
Apache/2.4.25 (Debian)
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
index.php
secure.click2partner.com/nlp/
Redirect Chain
  • http://bidr.trellian.com/r.php?u=https%3A%2F%2Fsecure.clicktrade.org%2Findex.php%3Fkey%3Dz6lzicrucf3l6lfp558m%26cpv%3D0.005%26subid%3D1636801621%26sid%3D20200326155257bda7c1b813410d79bd&s=j
  • https://secure.clicktrade.org/index.php?key=z6lzicrucf3l6lfp558m&cpv=0.005&subid=1636801621&sid=20200326155257bda7c1b813410d79bd
  • https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2&url_bnm_redirect=https://click.affordableshape.com/
174 B
438 B 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2&url_bnm_redirect=https://click.affordableshape.com/
Requested by
Host: bidr.trellian.com
URL: http://bidr.trellian.com/javascript/jscheck.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6818:6e52 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
075606168cc1b4faa7c36f03d36dd9a4bc38797c70b8a0cfe5a253667fb8472c

Request headers

:method
GET
:authority
secure.click2partner.com
:scheme
https
:path
/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2&url_bnm_redirect=https://click.affordableshape.com/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMgeadYy1y3Ddeu8lm%2Fr5bv6nIj3B5t%2FmhHECUPb9b2iHh%2FnSwGgf8jm26cTUX%2FnGIcXTgnqaqPdyJCnyV9qnEKqAptmFzjgjMk7qTu4kCqT2CnpSrJVDZuJM8bDqDnHNoUHVBGUtYgkFEDWugbvoGfTTFKIoNrygHXjaofR78JLDNH3k%2F7VGG0ZJU9ge%2FC3lSDyGfciYXImJ4ml6RG5s8NAV2S3hFfGTY6zubXCEDp3uw828SiMeufLag6%2FwYf3ED9bDSGEMChJDIC3gBOpY9T3iqTDXkdXrszRSKHeRlGH85ftnYQmB5Um%2F%2BSrj%2F7MJUMZTHI3JvUy2gSOtiocd7i%2FNqfeTaQ2AQD2tMUTtXRIkm50L%2BPPvI8Oeabm%2FL%2F9z2VBGXByHuuuiFRrVNKyoAKce7vZeoe%2ByaItBhtqNReTRxdML0n2E1Doe7fMy867pwSPq8wlQ%2FBJ20ck5iOAtNpyrBq6eHdKtKDYj63tZaz7oF7twCxHoS3frIh0Ce81fD8X5vv3pkXgn5BFR8cjEDhohlNK73ySKeSNRNEigqQj32cMRBO9pVWDm9QAOwSSLLwS5E%2FMi5huBHdJhYyL%2BM4D7%2Bp88Pm6FZ3r1zaL%2BTL61d6hbmFgxI2%2FZROsTxqLBM347Lv4q2z
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://bidr.trellian.com/r2.php?e=qzBy2CbrFCx2iAr9Vom1yO7ZKW%2Bnuy0XeKd%2FhqwR9%2BELWX%2BdghHdlbuACNoGxLRUhhV72JtzXAU0evYwfFJaq01sjR3uADDYbXFWLDqcjsszWQFxftE%2FKJ1DqEeFjuxOjchEuU7fIHsYYUp9ftAdnYMgeadYy1y3Ddeu8lm%2Fr5bv6nIj3B5t%2FmhHECUPb9b2iHh%2FnSwGgf8jm26cTUX%2FnGIcXTgnqaqPdyJCnyV9qnEKqAptmFzjgjMk7qTu4kCqT2CnpSrJVDZuJM8bDqDnHNoUHVBGUtYgkFEDWugbvoGfTTFKIoNrygHXjaofR78JLDNH3k%2F7VGG0ZJU9ge%2FC3lSDyGfciYXImJ4ml6RG5s8NAV2S3hFfGTY6zubXCEDp3uw828SiMeufLag6%2FwYf3ED9bDSGEMChJDIC3gBOpY9T3iqTDXkdXrszRSKHeRlGH85ftnYQmB5Um%2F%2BSrj%2F7MJUMZTHI3JvUy2gSOtiocd7i%2FNqfeTaQ2AQD2tMUTtXRIkm50L%2BPPvI8Oeabm%2FL%2F9z2VBGXByHuuuiFRrVNKyoAKce7vZeoe%2ByaItBhtqNReTRxdML0n2E1Doe7fMy867pwSPq8wlQ%2FBJ20ck5iOAtNpyrBq6eHdKtKDYj63tZaz7oF7twCxHoS3frIh0Ce81fD8X5vv3pkXgn5BFR8cjEDhohlNK73ySKeSNRNEigqQj32cMRBO9pVWDm9QAOwSSLLwS5E%2FMi5huBHdJhYyL%2BM4D7%2Bp88Pm6FZ3r1zaL%2BTL61d6hbmFgxI2%2FZROsTxqLBM347Lv4q2z

Response headers

status
200
date
Thu, 26 Mar 2020 04:52:59 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d9a850773432eeb4454f63030980fe8af1585198379; expires=Sat, 25-Apr-20 04:52:59 GMT; path=/; domain=.click2partner.com; HttpOnly; SameSite=Lax
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
579e43ef1a1d1f41-FRA
content-encoding
br

Redirect headers

status
302
date
Thu, 26 Mar 2020 04:52:59 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d15fc529d599af9b6c852903a13ba1f0c1585198379; expires=Sat, 25-Apr-20 04:52:59 GMT; path=/; domain=.clicktrade.org; HttpOnly; SameSite=Lax uclick=xs8wnt; expires=Fri, 27-Mar-2020 04:52:59 GMT; Max-Age=86400; path=/
location
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2&url_bnm_redirect=https://click.affordableshape.com/
strict-transport-security
max-age=31536000
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
579e43ece804dfd7-FRA
/
click.affordableshape.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://click.affordableshape.com/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.236.118.102 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
a680daef7b49ad0d263c088f7ed50794b5247dea791d84bea0f010078465bbf2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
click.affordableshape.com
:scheme
https
:path
/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2&url_bnm_redirect=https://click.affordableshape.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://secure.click2partner.com/nlp/index.php?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2&url_bnm_redirect=https://click.affordableshape.com/

Response headers

status
200
server
nginx
date
Thu, 26 Mar 2020 04:52:59 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=29c8677e220c3c68227302d2e6f97db2; expires=Fri, 26-Mar-2021 04:52:59 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
Primary Request Cookie set /
play.leadzuaf.com/red/
Redirect Chain
  • https://click.affordableshape.com/proc.php?1144286aeb41b744aaf7c31266ab4a21cede3fbe
  • https://play.leadzuaf.com/red/?code=2KKE0ZC39KLK&a=6808375195510767813&pubid=240
768 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://play.leadzuaf.com/red/?code=2KKE0ZC39KLK&a=6808375195510767813&pubid=240
Requested by
Host: click.affordableshape.com
URL: https://click.affordableshape.com/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.124.96 , Spain, ASN24592 (NEXICA-AS, ES),
Reverse DNS
unnamed.nexica.net
Software
Apache /
Resource Hash

Request headers

Host
play.leadzuaf.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://click.affordableshape.com/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://click.affordableshape.com/?utm_medium=ded4240ced7be1491cb7a15d25000683ea21df45&utm_campaign=smartlink2&cid=e9596xs8wntef2#

Response headers

Date
Thu, 26 Mar 2020 04:53:00 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
768
Connection
close
Server
Apache
P3P
CP="NOI ADM DEV COM NAV OUR STP"
Set-Cookie
leadzu_seen_1KOW=%5B%5D; expires=Thu, 26-Mar-2020 07:53:00 GMT; Max-Age=10800; path=%2F; domain=.leadzuaf.com; SameSite=None; secure; leadzu_seen_1KOW=%5B%5D; expires=Thu, 26-Mar-2020 07:53:00 GMT; Max-Age=10800; path=/; domain=.leadzuaf.com

Redirect headers

status
302
server
nginx
date
Thu, 26 Mar 2020 04:53:00 GMT
content-type
text/html; charset=UTF-8
location
https://play.leadzuaf.com/red/?code=2KKE0ZC39KLK&a=6808375195510767813&pubid=240
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
index.html
services.fast-push.com/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://services.fast-push.com/index.html?formato=331kow4c240&a=1585198380mb24439285789&target=BE
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
217.13.124.74 , Spain, ASN24592 (NEXICA-AS, ES),
Reverse DNS
unnamed.nexica.net
Software
Apache /
Resource Hash

Request headers

Host
services.fast-push.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://play.leadzuaf.com/red/?code=2KKE0ZC39KLK&a=6808375195510767813&pubid=240
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://play.leadzuaf.com/red/?code=2KKE0ZC39KLK&a=6808375195510767813&pubid=240

Response headers

Date
Thu, 26 Mar 2020 04:53:16 GMT
Server
Apache
Last-Modified
Wed, 19 Feb 2020 12:11:04 GMT
ETag
"5e0fa7-f8a4-59eecaeb7de82"
Accept-Ranges
bytes
Content-Length
63652
Connection
close
Content-Type
text/html

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

2 Cookies

Domain/Path Name / Value
.leadzuaf.com/ Name: leadzu_seen_1KOW
Value: %5B%5D
.leadzuaf.com/red Name: leadzu_seen_1KOW
Value: %5B%5D