urlscan.io logo urlscan.io
SecurityTrails logo

www.profitablegate.com Open in urlscan Pro
192.243.59.13  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://125f5ea5bac8.trccmpnsl.com/
Effective URL: https://www.profitablegate.com/tr7jtd00z?key=e89d2a801428d8f0da5ba964db4fe345
Submission: On January 13 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 8 HTTP transactions. The main IP is 192.243.59.13, located in Ashburn, United States and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is www.profitablegate.com.
TLS certificate: Issued by R3 on December 20th 2020. Valid for: 3 months.
This is the only time www.profitablegate.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 178.63.30.126 24940 (HETZNER-AS)
1 3 173.236.118.102 32475 (SINGLEHOP...)
1 1 172.67.183.40 13335 (CLOUDFLAR...)
1 172.64.165.30 13335 (CLOUDFLAR...)
1 172.64.135.28 13335 (CLOUDFLAR...)
1 2 52.201.162.15 14618 (AMAZON-AES)
1 185.78.22.41 48434 (TEBYAN)
1 192.243.59.13 39572 (ADVANCEDH...)
8 7
1    178.63.30.126 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.126.30.63.178.clients.your-server.de
125f5ea5bac8.trccmpnsl.com
3    173.236.118.102 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
offer.reallyspcials.com
1    172.67.183.40 (United States)

ASN13335 (CLOUDFLARENET, US)
tracking.armorads.com
1    172.64.165.30 (United States)

ASN13335 (CLOUDFLARENET, US)
bercioles.com
1    172.64.135.28 (United States)

ASN13335 (CLOUDFLARENET, US)
poqueras.com
2    52.201.162.15 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-162-15.compute-1.amazonaws.com
tare.pro
1    185.78.22.41 (Iran, Islamic Republic Of)

ASN48434 (TEBYAN, IR)
PTR: fwx.srv57.irwebspace.com
www.musict.ir
1    192.243.59.13 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
www.profitablegate.com
Domain Requested by
3 offer.reallyspcials.com 1 redirects offer.reallyspcials.com
2 tare.pro 1 redirects poqueras.com
1 www.profitablegate.com www.musict.ir
1 www.musict.ir tare.pro
1 poqueras.com bercioles.com
1 bercioles.com offer.reallyspcials.com
1 tracking.armorads.com 1 redirects
1 125f5ea5bac8.trccmpnsl.com
8 8

This site contains links to these domains. Also see Links.

Domain
terraclicks.com
Subject Issuer Validity Valid
offer.reallyspcials.com
R3		 2021-01-06 -
2021-04-06		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-11-10 -
2021-11-09		 a year crt.sh
musict.ir
R3		 2021-01-04 -
2021-04-04		 3 months crt.sh
profitablegate.com
R3		 2020-12-20 -
2021-03-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.profitablegate.com/tr7jtd00z?key=e89d2a801428d8f0da5ba964db4fe345
Frame ID: 81EED22D112FE632367DCCAB50C84BAF
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://125f5ea5bac8.trccmpnsl.com/ Page URL
  2. https://offer.reallyspcials.com/?utm_medium=ffbd3b3e7d98aa80b0eb348fe740f2ae73633979&1=&cid=5pipqqpzq753udv2... Page URL
  3. https://offer.reallyspcials.com/?utm_term=6917213317496832422&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
  4. https://offer.reallyspcials.com/proc.php?4bc4342106cb4774c05ac186398def9ef6297086 HTTP 302
    http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6917213317496832422&sub2=13611&su... HTTP 302
    http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=4&clk=5ffee... Page URL
  5. https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
  6. http://tare.pro/go/216668/575137?wnw=true Page URL
  7. http://tare.pro/ad/ad?p=216668&w=575137&t=5b4c3cbefb852b5c&r=aHR0cHMlM0ElMkYlMkZwb3F1ZXJhcy5... HTTP 303
    https://www.musict.ir/direct-to-ads.html Page URL
  8. https://www.profitablegate.com/tr7jtd00z?key=e89d2a801428d8f0da5ba964db4fe345 Page URL

Page Statistics

8
Requests

63 %
HTTPS

0 %
IPv6

8
Domains

8
Subdomains

7
IPs

3
Countries

10 kB
Transfer

16 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://125f5ea5bac8.trccmpnsl.com/ Page URL
  2. https://offer.reallyspcials.com/?utm_medium=ffbd3b3e7d98aa80b0eb348fe740f2ae73633979&1=&cid=5pipqqpzq753udv23gmck0gck,15415239,5, Page URL
  3. https://offer.reallyspcials.com/?utm_term=6917213317496832422&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e Page URL
  4. https://offer.reallyspcials.com/proc.php?4bc4342106cb4774c05ac186398def9ef6297086 HTTP 302
    http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6917213317496832422&sub2=13611&sub3=13611-6c92e2dz HTTP 302
    http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=4&clk=5ffee0de685bfd000101d9ea Page URL
  5. https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
  6. http://tare.pro/go/216668/575137?wnw=true Page URL
  7. http://tare.pro/ad/ad?p=216668&w=575137&t=5b4c3cbefb852b5c&r=aHR0cHMlM0ElMkYlMkZwb3F1ZXJhcy5jb20lMkY=&vw=1600&vh=1200 HTTP 303
    https://www.musict.ir/direct-to-ads.html Page URL
  8. https://www.profitablegate.com/tr7jtd00z?key=e89d2a801428d8f0da5ba964db4fe345 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://offer.reallyspcials.com/proc.php?4bc4342106cb4774c05ac186398def9ef6297086 HTTP 302
  • http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6917213317496832422&sub2=13611&sub3=13611-6c92e2dz HTTP 302
  • http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=4&clk=5ffee0de685bfd000101d9ea
Request Chain 6
  • http://tare.pro/ad/ad?p=216668&w=575137&t=5b4c3cbefb852b5c&r=aHR0cHMlM0ElMkYlMkZwb3F1ZXJhcy5jb20lMkY=&vw=1600&vh=1200 HTTP 303
  • https://www.musict.ir/direct-to-ads.html

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
125f5ea5bac8.trccmpnsl.com/ 		839 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://125f5ea5bac8.trccmpnsl.com/
Protocol
HTTP/1.1
Server
178.63.30.126 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.126.30.63.178.clients.your-server.de
Software
/
Resource Hash
e480f54ef27cd1c05de9ff9dfdc788f8615cab6d95afcbb7d3ae31b8b51d84bb

Request headers

Host
125f5ea5bac8.trccmpnsl.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 12:00:29 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Vary
Accept-Encoding
Set-Cookie
t-uuid=5pipqqq08aecqu274pi0cg0k4; expires=Mon, 13-Jan-2031 12:00:29 GMT; Max-Age=315532800; path=/; domain=.trccmpnsl.com traffic-visited-offers=%7C%7C156358%7Cunspecified; expires=Thu, 14-Jan-2021 12:00:29 GMT; Max-Age=86400; path=/; domain=.trccmpnsl.com traffic-back=ok; expires=Wed, 13-Jan-2021 12:00:59 GMT; Max-Age=30; path=/; domain=.trccmpnsl.com rts-trck=1; expires=Wed, 13-Jan-2021 12:10:29 GMT; Max-Age=600; path=/; domain=125f5ea5bac8.trccmpnsl.com
Last-Modified
Wed, 13 Jan 2021 12:00:29 GMT
Expires
Wed, 13 Jan 2021 12:00:29 GMT
Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma
no-cache
X-Robots-Tag
noindex, nofollow
Content-Encoding
gzip
/
offer.reallyspcials.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offer.reallyspcials.com/?utm_medium=ffbd3b3e7d98aa80b0eb348fe740f2ae73633979&1=&cid=5pipqqpzq753udv23gmck0gck,15415239,5,
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.236.118.102 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
3170de32eb9d662df35728ae96d4b4552039cbc407b7f8d0d6ad30e1e363c3ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
offer.reallyspcials.com
:scheme
https
:path
/?utm_medium=ffbd3b3e7d98aa80b0eb348fe740f2ae73633979&1=&cid=5pipqqpzq753udv23gmck0gck,15415239,5,
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://125f5ea5bac8.trccmpnsl.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://125f5ea5bac8.trccmpnsl.com/

Response headers

server
nginx
date
Wed, 13 Jan 2021 12:00:29 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=554cf21a518891928b7b780af4f28250; expires=Thu, 13-Jan-2022 12:00:29 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
/
offer.reallyspcials.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offer.reallyspcials.com/?utm_term=6917213317496832422&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Requested by
Host: offer.reallyspcials.com
URL: https://offer.reallyspcials.com/?utm_medium=ffbd3b3e7d98aa80b0eb348fe740f2ae73633979&1=&cid=5pipqqpzq753udv23gmck0gck,15415239,5,
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.236.118.102 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
ca6ded6564241cc171935c308fbbcf16324a954970ff9b28d40b2920d07faadd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
offer.reallyspcials.com
:scheme
https
:path
/?utm_term=6917213317496832422&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://offer.reallyspcials.com/?utm_medium=ffbd3b3e7d98aa80b0eb348fe740f2ae73633979&1=&cid=5pipqqpzq753udv23gmck0gck,15415239,5,
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
u=554cf21a518891928b7b780af4f28250
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://offer.reallyspcials.com/?utm_medium=ffbd3b3e7d98aa80b0eb348fe740f2ae73633979&1=&cid=5pipqqpzq753udv23gmck0gck,15415239,5,

Response headers

server
nginx
date
Wed, 13 Jan 2021 12:00:29 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
Cookie set redirect
bercioles.com/
Redirect Chain
  • https://offer.reallyspcials.com/proc.php?4bc4342106cb4774c05ac186398def9ef6297086
  • http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6917213317496832422&sub2=13611&sub3=13611-6c92e2dz
  • http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=4&clk=5ffee0de685bfd000101d9ea
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=4&clk=5ffee0de685bfd000101d9ea
Requested by
Host: offer.reallyspcials.com
URL: https://offer.reallyspcials.com/?utm_term=6917213317496832422&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Protocol
HTTP/1.1
Server
172.64.165.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
243fe0efd2bb54db1adf06772d23b863e44d03ae3f54351bd61b3735d3f6ca10

Request headers

Host
bercioles.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://offer.reallyspcials.com/?utm_term=6917213317496832422&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e#

Response headers

Date
Wed, 13 Jan 2021 12:00:30 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=dd30d67b6763024071d0306d0d18973191610539230; expires=Fri, 12-Feb-21 12:00:30 GMT; path=/; domain=.bercioles.com; HttpOnly; SameSite=Lax
referrer-policy
origin
vary
accept-encoding
CF-Cache-Status
DYNAMIC
cf-request-id
079d377bfe00004a8580098000000001
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=H6mrtxFBy4bLHtIcvp%2B4qGytx%2Fb1PdivpLq0UpIAmMHbazpNSSLWhOa5DuxfUY6W8dND2jlDyHsBWbQ9DnYMGZW3J9wYJsf5NJRtEn91"}],"group":"cf-nel","max_age":604800}
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
610ef50cce344a85-FRA
Content-Encoding
gzip

Redirect headers

Date
Wed, 13 Jan 2021 12:00:30 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d4f018c824364a2f17e9b3b534e1511151610539230; expires=Fri, 12-Feb-21 12:00:30 GMT; path=/; domain=.armorads.com; HttpOnly; SameSite=Lax afclick=5ffee0de685bfd000101d9ea; Expires=Thu, 13 Jan 2022 12:00:30 GMT; Secure; SameSite=None
Location
http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=4&clk=5ffee0de685bfd000101d9ea
Referer
Referrer-Policy
no-referrer
CF-Cache-Status
DYNAMIC
cf-request-id
079d377b4f000010c5a0966000000001
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kJtJ1PxaFHu99bNtJQGU%2BQQdZesf727C8K223MBCcs%2F8NwJJJg7pGV%2B2ysb5cv5cXJSKx7b7QfAw62aqp7chP7wHCZYOrdlWpkwdW49vdOiySKqhE%2BE%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
610ef50bba8110c5-CPH
slope
poqueras.com/noid/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Requested by
Host: bercioles.com
URL: http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=4&clk=5ffee0de685bfd000101d9ea
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.135.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
poqueras.com
:scheme
https
:path
/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://bercioles.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://bercioles.com/

Response headers

date
Wed, 13 Jan 2021 12:00:30 GMT
content-type
text/html;charset=ISO-8859-1
set-cookie
__cfduid=d318e09cc86fce07c0aba8688f5f616211610539230; expires=Fri, 12-Feb-21 12:00:30 GMT; path=/; domain=.poqueras.com; HttpOnly; SameSite=Lax
referrer-policy
origin
cache-control
no-store, no-cache
vary
Accept-Encoding
cf-cache-status
DYNAMIC
cf-request-id
079d377cfb00004a80468a1000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hMcI%2Fumar0vwMwvk4cNqh4KXnAs7gj8fHaJs1D8%2FnuF%2BY5r7f5%2BpvWnfVuNPUYfthQjDKiVfxAtGK79KjbhH8v3RCP01JbmSWuNRT9s%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
610ef50e58164a80-FRA
content-encoding
br
575137
tare.pro/go/216668/ 		466 B
494 B 		Document
General
Check archive.org
Download Go to
Full URL
http://tare.pro/go/216668/575137?wnw=true
Requested by
Host: poqueras.com
URL: https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Protocol
HTTP/1.1
Server
52.201.162.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-162-15.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8d2ba65bd0eaf1ef9950ba88fd3e0bcfdb568bae750256720b5f0f4fda50ad3a

Request headers

Host
tare.pro
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
https://poqueras.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://poqueras.com/

Response headers

Content-Encoding
gzip
Content-Type
text/html
Date
Wed, 13 Jan 2021 12:00:30 GMT
Server
nginx
Vary
Accept-Encoding
Content-Length
306
Connection
keep-alive
direct-to-ads.html
www.musict.ir/
Redirect Chain
  • http://tare.pro/ad/ad?p=216668&w=575137&t=5b4c3cbefb852b5c&r=aHR0cHMlM0ElMkYlMkZwb3F1ZXJhcy5jb20lMkY=&vw=1600&vh=1200
  • https://www.musict.ir/direct-to-ads.html
234 B
431 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.musict.ir/direct-to-ads.html
Requested by
Host: tare.pro
URL: http://tare.pro/go/216668/575137?wnw=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.78.22.41 , Iran, Islamic Republic Of, ASN48434 (TEBYAN, IR),
Reverse DNS
fwx.srv57.irwebspace.com
Software
nginx / WP Rocket/2.8.5
Resource Hash
c1035ecbffd6800b45af120f5cdf0601944d1dd8169b6e17ee5597a49024b7fe

Request headers

:method
GET
:authority
www.musict.ir
:scheme
https
:path
/direct-to-ads.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://tare.pro/go/216668/575137?wnw=true
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://tare.pro/go/216668/575137?wnw=true

Response headers

server
nginx
date
Wed, 13 Jan 2021 12:00:31 GMT
content-type
text/html; charset=UTF-8
content-length
192
vary
Accept-Encoding,User-Agent
x-accel-version
0.01
accept-ranges
bytes
cache-control
max-age=0, public
expires
Wed, 13 Jan 2021 12:00:31 GMT
content-encoding
gzip
x-powered-by
WP Rocket/2.8.5

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Wed, 13 Jan 2021 12:00:30 GMT
Location
https://www.musict.ir/direct-to-ads.html
Server
nginx
Content-Length
67
Connection
keep-alive
Primary Request Cookie set tr7jtd00z
www.profitablegate.com/ 		103 B
563 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.profitablegate.com/tr7jtd00z?key=e89d2a801428d8f0da5ba964db4fe345
Requested by
Host: www.musict.ir
URL: https://www.musict.ir/direct-to-ads.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash
ab030a8588ef9530d38a74d9e14b36ccdd792323af6352d4d5da9d19b9b95341
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubdomains

Request headers

Host
www.profitablegate.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://www.musict.ir/direct-to-ads.html
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.musict.ir/direct-to-ads.html

Response headers

Server
nginx/1.17.6
Date
Wed, 13 Jan 2021 12:00:31 GMT
Content-Type
text/html
Content-Length
103
Connection
keep-alive
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
u_pl=15108053; expires=Thu, 14 Jan 2021 12:00:31 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
X-Request-ID
9ebec8a035f156520444822e4c9459f7
Strict-Transport-Security
max-age=0; includeSubdomains

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Domain/Path Name / Value
www.profitablegate.com/ Name: u_pl
Value: 15108053