a.realsrv.com Open in urlscan Pro
2001:4de0:ac19::1:b:1a  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request iframe.php Show response a.realsrv.com/	4 KB 2 KB	96ms 25ms	Document text/html	2001:4de0:ac19::1:b:1a STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://a.realsrv.com/iframe.php?idzone=4453506&size=728x90 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash e359ff7857c4b8856ac2ce1a256f50c4e19b66908b616a028b17713e4129b3f9 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Accept-Ranges bytes Access-Control-Allow-Origin * * Cache-Control max-age=10800 Connection Keep-Alive Content-Encoding gzip Content-Length 1347 Content-Type text/html; charset=UTF-8 Date Mon, 11 Jul 2022 14:20:29 GMT Server nginx X-HW 1657549229.dop009.ml1.t,1657549229.cds219.ml1.shn,1657549229.dop009.ml1.t,1657549229.cds220.ml1.c
GET H/1.1	200 OK	ad-provider.js Show response a.realsrv.com/	107 KB 29 KB	24ms 24ms	Script application/javascript	2001:4de0:ac19::1:b:1a STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://a.realsrv.com/ad-provider.js Requested by Host: a.realsrv.com URL: https://a.realsrv.com/iframe.php?idzone=4453506&size=728x90 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash 6e41f8f7118e6ba32285534615c8175e9a6e3276df398b8639560bd78a77f881 Request headers accept-language it-IT,it;q=0.9 Referer https://a.realsrv.com/iframe.php?idzone=4453506&size=728x90 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Mon, 11 Jul 2022 14:20:29 GMT Content-Encoding gzip Server nginx etag W/"11d94b17e00ab79eef717f06f6d" X-HW 1657549229.dop009.ml1.t,1657549229.cds219.ml1.shn,1657549229.dop009.ml1.t,1657549229.cds220.ml1.c Content-Type application/javascript Access-Control-Allow-Origin *, * Cache-Control max-age=10800 Connection Keep-Alive Accept-Ranges bytes Content-Length 29606
POST H/1.1	200 OK	api.php Show response syndication.realsrv.com/v1/	875 B 1 KB	232ms 138ms	XHR application/json	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.realsrv.com/v1/api.php Requested by Host: a.realsrv.com URL: https://a.realsrv.com/ad-provider.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash c5fc018bbcced5457a1a896842d9ddc0a0fd743e67437901bebe4b3b68ef03e3 Request headers Referer https://a.realsrv.com/ accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Content-Type text/plain Response headers Date Mon, 11 Jul 2022 14:20:29 GMT Access-Control-Request-Method POST Server nginx Transfer-Encoding chunked Content-Type application/json Access-Control-Allow-Origin https://a.realsrv.com Access-Control-Allow-Credentials true Connection keep-alive Content-Encoding gzip Access-Control-Allow-Headers Authorization, Content-Type
GET H/1.1	200 OK	cimp.php Show response syndication.realsrv.com/	0 250 B	127ms 44ms	XHR text/html	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1QQW4DIQz8Sj+wyGMght4q5dJz2wewFNKVmqTaraIc/Ph6d6NqwIytsT2CiXkgGYAn0DPbyYrMDiE6sDiG6Ov7iwbo3D5PU19cvZ5N4hmsEmLgpBkxMWkI0Uc6aKRkehKrqiB5n8QKpKxkEBtlryPCKpSoH2/H7cJgMzndMxld11qmwTjd19Y0lkyx1ZpzLWOXmuoI4laLRduo647i5la+l/m2GaUdjqLZxcPCCg8JByQdsCc++Khf1+V3upz09nNR027Cqc/l3FT/O3eI4sGghUdvH9KkltY4dXjEnnzn7scqgj+xTvK7ZQEAAA== Requested by Host: a.realsrv.com URL: https://a.realsrv.com/ad-provider.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language it-IT,it;q=0.9 Referer https://a.realsrv.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Mon, 11 Jul 2022 14:20:30 GMT Content-Encoding gzip Server nginx Connection keep-alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H2	200	5f91d8ded66b3 Show response goodfungame.com/iframe/ Frame 8D9F	1 KB 1 KB	207ms 140ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://goodfungame.com/iframe/5f91d8ded66b3?iframe&ag_custom_domain=redgifs.com Requested by Host: a.realsrv.com URL: https://a.realsrv.com/ad-provider.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8438708a6395b728d016eef4d78b299b33b7a8c25c93b7b8541b17830572dc98 Request headers Referer https://a.realsrv.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 72922e1f7f95ba85-MXP content-encoding br content-type text/html date Mon, 11 Jul 2022 14:20:30 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qpk0JHlmJD8wTZr6XpvxHm9%2BZN9S42TsAyCYulsKgS%2FubfvZAgpHTwcHObVLjcPgdWXJ8L5NzsFEGfI%2BELK6MAfVG5gJSABIkxrbLBiALBoAusgZDberlMAsNNsUcsDOnjPMaMUoUlYdCZSmoCk%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	d6180bbc653bf8b5e97ecae9d762cd7b.jpg goodfungame.com/bnr/4/d61/80bbc6/ Frame 8D9F	12 KB 12 KB	138ms 137ms	Image image/jpeg	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://goodfungame.com/bnr/4/d61/80bbc6/d6180bbc653bf8b5e97ecae9d762cd7b.jpg Requested by Host: goodfungame.com URL: https://goodfungame.com/iframe/5f91d8ded66b3?iframe&ag_custom_domain=redgifs.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 810e906c5c5b9acbb56bed176873a08fe466597bde5e1c0865a5867ba566aed2 Request headers accept-language it-IT,it;q=0.9 Referer https://goodfungame.com/iframe/5f91d8ded66b3?iframe&ag_custom_domain=redgifs.com User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Mon, 11 Jul 2022 14:20:30 GMT cf-cache-status DYNAMIC last-modified Fri, 05 Nov 2021 12:56:12 GMT server cloudflare etag "618529ec-2f32" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yrTKwcF%2BiaWD%2BUvQEAgUv6C6RJIyK1MVTixd1oHJtBRr%2BmwAXfnisL4WxA5BLEicJCUHG47ocY%2FW40qBHulv5LquHS6O9OXBpYwDsyMgWDpLwYbq9b1mOe%2BxAc1CbzVhmrspa9zNZf2tqVytpfc%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=86400 accept-ranges bytes cf-ray 72922e2069c9ba85-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 12082 expires Tue, 12 Jul 2022 14:20:30 GMT
GET H2	206	d6180bbc653bf8b5e97ecae9d762cd7b.mp4 goodfungame.com/bnr/4/d61/80bbc6/ Frame 8D9F	568 KB 569 KB	145ms 145ms	Media video/mp4	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://goodfungame.com/bnr/4/d61/80bbc6/d6180bbc653bf8b5e97ecae9d762cd7b.mp4 Requested by Host: goodfungame.com URL: https://goodfungame.com/iframe/5f91d8ded66b3?iframe&ag_custom_domain=redgifs.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 26d787d4b94bafa6e1734175ec748949a2d049dbae10734ade31c9b707a572be Request headers Referer https://goodfungame.com/iframe/5f91d8ded66b3?iframe&ag_custom_domain=redgifs.com Accept-Encoding identity;q=1, *;q=0 accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Range bytes=0- Response headers date Mon, 11 Jul 2022 14:20:30 GMT cf-cache-status DYNAMIC last-modified Fri, 05 Nov 2021 12:56:12 GMT server cloudflare etag "618529ec-8df09" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9I8rcQiP7MUCXETbIbKQCLdNc3WhwnS2ei%2B%2B4JVJHMxDbxHbdPcysItgVZt3id495Vq64wxhmmOeRKjUudaErJID%2Fw8Aixz6JghgjXLikluwmOBl1sUebsK%2Fwk%2B4S2wx69hd80WI9v5qPrad0es%3D"}],"group":"cf-nel","max_age":604800} content-type video/mp4 Content-Range bytes 0-581384/581385 cf-ray 72922e2079e5ba85-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Content-Length 581385

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| URLToArray function| escapeHtml function| getAcceptedParams string| currentUrl object| pageParams string| adSub string| adSub2 string| adSub3 string| adTags string| adEl string| eventMethod function| eventer string| messageEvent object| insertAnchor object| insScript object| userData string| scrInfo object| AdProvider object| ExoLoader object| ExoSupport object| VastResolver function| instantiateViewability function| ExoAdsRefresh

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.goodfungame.com/	1970-01-20 04:27:15	Name: showed_14119_97917 Value: [2493048]
			.goodfungame.com/	1970-01-20 04:27:15	Name: c_117c111dd4dc017052f4b1c0b80afd01 Value: 1
			.goodfungame.com/	1970-01-20 04:27:15	Name: z_213e0dfc4e7fdfd98aec141f5a2d984b Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.realsrv.com
goodfungame.com
syndication.realsrv.com
2001:4de0:ac19::1:b:1a
2a06:98c1:3121::3
95.211.229.246
26d787d4b94bafa6e1734175ec748949a2d049dbae10734ade31c9b707a572be
6e41f8f7118e6ba32285534615c8175e9a6e3276df398b8639560bd78a77f881
810e906c5c5b9acbb56bed176873a08fe466597bde5e1c0865a5867ba566aed2
8438708a6395b728d016eef4d78b299b33b7a8c25c93b7b8541b17830572dc98
c5fc018bbcced5457a1a896842d9ddc0a0fd743e67437901bebe4b3b68ef03e3
e359ff7857c4b8856ac2ce1a256f50c4e19b66908b616a028b17713e4129b3f9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855