Submitted URL: https://mediacpm.pl/serve/dl.php?user=MjM2MDM%3D
Effective URL: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3...
Submission: On September 30 via manual from TW — Scanned from DE

Summary

This website contacted 7 IPs in 3 countries across 10 domains to perform 20 HTTP transactions. The main IP is 95.168.170.165, located in Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is celeb-buzz-blog.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on July 5th 2022. Valid for: a year.
This is the only time celeb-buzz-blog.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 94.23.2.199 16276 (OVH)
1 2001:4860:480... 15169 (GOOGLE)
1 2 95.211.229.245 60781 (LEASEWEB-...)
1 1 85.17.23.6 60781 (LEASEWEB-...)
9 95.168.170.165 60781 (LEASEWEB-...)
3 213.227.152.225 60781 (LEASEWEB-...)
3 3 213.227.145.137 60781 (LEASEWEB-...)
1 1 173.192.101.24 36351 (SOFTLAYER)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 108.168.193.183 36351 (SOFTLAYER)
1 1 108.168.193.186 36351 (SOFTLAYER)
20 7
Apex Domain
Subdomains
Transfer
9 celeb-buzz-blog.com
celeb-buzz-blog.com
70 KB
3 ssaimg.com
www.ssaimg.com — Cisco Umbrella Rank: 91841
59 KB
3 picinow.com
beta.picinow.com — Cisco Umbrella Rank: 129947
ngp1.picinow.com — Cisco Umbrella Rank: 54446
ngp2.picinow.com — Cisco Umbrella Rank: 54636
552 B
3 wboptim.online
crtv.wboptim.online — Cisco Umbrella Rank: 15397
2 KB
3 wbidder2.com
wbidder2.com — Cisco Umbrella Rank: 81055
6 KB
2 exoclick.com
syndication.exoclick.com — Cisco Umbrella Rank: 30297
2 KB
2 tabici.com
cdn.tabici.com — Cisco Umbrella Rank: 306209
2 KB
2 mediacpm.pl
mediacpm.pl — Cisco Umbrella Rank: 240848
1 KB
1 xmlapiclickredirect2.com
xmlapiclickredirect2.com — Cisco Umbrella Rank: 159612
338 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 28
20 KB
20 10
Domain Requested by
9 celeb-buzz-blog.com syndication.exoclick.com
celeb-buzz-blog.com
3 www.ssaimg.com
3 crtv.wboptim.online 3 redirects
3 wbidder2.com celeb-buzz-blog.com
2 syndication.exoclick.com 1 redirects
2 cdn.tabici.com 1 redirects
2 mediacpm.pl
1 ngp2.picinow.com 1 redirects
1 ngp1.picinow.com 1 redirects
1 beta.picinow.com 1 redirects
1 xmlapiclickredirect2.com 1 redirects
1 www.google-analytics.com cdn.tabici.com
20 12

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-06-07 -
2023-06-06
a year crt.sh
cdn.tabici.com
R3
2022-08-08 -
2022-11-06
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.celeb-buzz-blog.com
AlphaSSL CA - SHA256 - G2
2022-07-05 -
2023-08-06
a year crt.sh
*.wbidder2.com
AlphaSSL CA - SHA256 - G2
2021-11-12 -
2022-12-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Frame ID: 30C344CAA6BB3A20C8241FB7903F3EF5
Requests: 20 HTTP requests in this frame

Screenshot

Page Title

Confirm Notifications

Page URL History Show full URLs

  1. https://mediacpm.pl/serve/dl.php?user=MjM2MDM%3D Page URL
  2. https://mediacpm.pl/serve/dlvalid.php?var1=23603&var2=&var3=aeccbdfaf&var4=1664547084 Page URL
  3. https://cdn.tabici.com/pop?wi=1934&subid=my_subid Page URL
  4. https://cdn.tabici.com/pop?wi=1934&subid=my_subid&handover=SPZWS5F2 HTTP 302
    http://syndication.exoclick.com/splash.php?idzone=1529540&type=8 Page URL
  5. http://syndication.exoclick.com/splash.php?idzone=1529540&type=8&p=https%3A%2F%2Fcdn.tabici.com%2F&tested=1&... HTTP 302
    https://xmlapiclickredirect2.com/click?c=3olz1x31h5l8okcvv5&f=500444&s=1529540&d=W7nuWTeyJpcCI6IjEzOC4xOTkuMz... HTTP 302
    https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=50044... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

20
Requests

80 %
HTTPS

25 %
IPv6

10
Domains

12
Subdomains

7
IPs

3
Countries

159 kB
Transfer

266 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mediacpm.pl/serve/dl.php?user=MjM2MDM%3D Page URL
  2. https://mediacpm.pl/serve/dlvalid.php?var1=23603&var2=&var3=aeccbdfaf&var4=1664547084 Page URL
  3. https://cdn.tabici.com/pop?wi=1934&subid=my_subid Page URL
  4. https://cdn.tabici.com/pop?wi=1934&subid=my_subid&handover=SPZWS5F2 HTTP 302
    http://syndication.exoclick.com/splash.php?idzone=1529540&type=8 Page URL
  5. http://syndication.exoclick.com/splash.php?idzone=1529540&type=8&p=https%3A%2F%2Fcdn.tabici.com%2F&tested=1&check=913ab49c4a82c3388310fc3f416cea14&screen_resolution=1600x1200&container_resolution=1600x1200&iframe=0 HTTP 302
    https://xmlapiclickredirect2.com/click?c=3olz1x31h5l8okcvv5&f=500444&s=1529540&d=W7nuWTeyJpcCI6IjEzOC4xOTkuMzguMTMzIiwiYnJvd3NlciI6IkNocm9tZSIsImJyb3dzZXJWZXJzaW9uIjoiMTA2LjAuNTI0OS42MSIsIm9zIjoiV2luZG93cyJ9t7cwa&b=0.00056&cp=0&exo_cid=5346272&exffir=eyJjIjoiOTEzYWI0OWM0YTgyYzMzODgzMTBmYzNmNDE2Y2VhMTQiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCJ9 HTTP 302
    https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://cdn.tabici.com/pop?wi=1934&subid=my_subid&handover=SPZWS5F2 HTTP 302
  • http://syndication.exoclick.com/splash.php?idzone=1529540&type=8
Request Chain 16
  • https://crtv.wboptim.online/icon?url=%2F%2Fbeta.picinow.com%2FadServe%2FwpnFeed%2FgetImage%3FauctionId%3D39b5bdc9-bef2-4d97-b3e0-a134ff11cdea_560_588473%26ai%3DiW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwzuOt1RE3H-ZABuv0PuooGm1DESfu_gbx_vtlkzhTyYj1rn0tcauJNBBTV-08k4LrxaZm9cxU29mYPyGYyeYlUHOi-z5jI1CXm39Us_z7eELTq_yTVHGIMcDk6E1GKaVK4HQzP5A_xxKVSZuRhg28S_d0qPW0-071ecMTSIzfVHbC3kR39c1F32dT0cACJl8mMetby4ztM1NKW6xQBvmxD8keEUnEhgFf0pEA2h1T_kq2JFMqQNR_M1iXtq7bcd_taV0S1uv9-vU_qqAIRb_A3mJfOhUtJbGvvKJ2D32nYkO0SQ5-aQgpCBPYtKlmKLTslYY7bCp2jObyC5SjuTAfylq-UhqJz05ZqgiRrWFvrBb_ZGtZ8QEGN2Zk8_VQJ2Q78YdjS-L9pRNqmLuROC7PCf8K6nKpawP2M47HCpNw1dg6FomxRguToAxy6Bh_hBiP2EVSvC0reTEH-Qrgw0dh0-CJJGBCLDYLqAmGQp7VuYWdh5hspDsCIcF5QwL5wMUf6xQObUE_FM8-x_dXYsICm6I-duryHpsmM9nYAcutDcRIs78ujt0Azp-j8QGh&s=2047&a=bid_onw_500444&uA=bid_500444&sub=1529540&d=34&ic=0 HTTP 302
  • https://beta.picinow.com/adServe/wpnFeed/getImage?auctionId=39b5bdc9-bef2-4d97-b3e0-a134ff11cdea_560_588473&ai=iW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwzuOt1RE3H-ZABuv0PuooGm1DESfu_gbx_vtlkzhTyYj1rn0tcauJNBBTV-08k4LrxaZm9cxU29mYPyGYyeYlUHOi-z5jI1CXm39Us_z7eELTq_yTVHGIMcDk6E1GKaVK4HQzP5A_xxKVSZuRhg28S_d0qPW0-071ecMTSIzfVHbC3kR39c1F32dT0cACJl8mMetby4ztM1NKW6xQBvmxD8keEUnEhgFf0pEA2h1T_kq2JFMqQNR_M1iXtq7bcd_taV0S1uv9-vU_qqAIRb_A3mJfOhUtJbGvvKJ2D32nYkO0SQ5-aQgpCBPYtKlmKLTslYY7bCp2jObyC5SjuTAfylq-UhqJz05ZqgiRrWFvrBb_ZGtZ8QEGN2Zk8_VQJ2Q78YdjS-L9pRNqmLuROC7PCf8K6nKpawP2M47HCpNw1dg6FomxRguToAxy6Bh_hBiP2EVSvC0reTEH-Qrgw0dh0-CJJGBCLDYLqAmGQp7VuYWdh5hspDsCIcF5QwL5wMUf6xQObUE_FM8-x_dXYsICm6I-duryHpsmM9nYAcutDcRIs78ujt0Azp-j8QGh HTTP 302
  • https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
Request Chain 17
  • https://crtv.wboptim.online/icon?url=%2F%2Fngp1.picinow.com%2FadServe%2FwpnFeed%2FgetImage%3FauctionId%3D354558e1-8181-49b7-be3c-4f9ff75d5715_560_588473%26ai%3DiW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwzuOt1RE3H-ZABuv0PuooGm1DESfu_gbx_vtlkzhTyYj1rn0tcauJNBBTV-08k4LrxaZm9cxilgLxKKFkx8-6TEQ3WRbaI1CXm39Us_z7eELTq_yTVHGIMcDk6E1GKaVK4HQzP5A_xxKVSZuRhlMGy0LEel26rGGtKhfoyhMl5n-H2rReAyq4qm_piKVw7_2lWX32UT72QOWa8L5hzkuzxh_UOVMHn0gjkcB16kQsv-8Unm3Vh_H9XXuTc8RRQdOF8VL0XuaEW1NDKwIbnfupAYYKG2b816UZWAeQ0P4iNCrO5YLjyAHSF8RkVIn8jA2SSmazx9a9lFGpkFqjz5njLvhiTyso2LRq78d80KjezyT7BgTLxGQotdRhi2_1Nd3nI4pJ3OJ5CaqVTAExwbemXBsUGDaFH4jKRM1Ktp2jkVhwBX30cK7FKA_j8RFTiHnQ8tl69ZsRlfqkLXdYCy2tFFlRkkynkdOOBNR0n0RkOvc8frQtypQ-FwEHAjV6sl2fKCcqCduBu1TzHnhuSFoQm2F6MsduXJwbDXnoog0JLterUzO5tNiAbtp9NeTI&s=2047&a=bid_onw_500444&uA=bid_501397&sub=1529540&d=16&ic=1 HTTP 302
  • https://ngp1.picinow.com/adServe/wpnFeed/getImage?auctionId=354558e1-8181-49b7-be3c-4f9ff75d5715_560_588473&ai=iW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwzuOt1RE3H-ZABuv0PuooGm1DESfu_gbx_vtlkzhTyYj1rn0tcauJNBBTV-08k4LrxaZm9cxilgLxKKFkx8-6TEQ3WRbaI1CXm39Us_z7eELTq_yTVHGIMcDk6E1GKaVK4HQzP5A_xxKVSZuRhlMGy0LEel26rGGtKhfoyhMl5n-H2rReAyq4qm_piKVw7_2lWX32UT72QOWa8L5hzkuzxh_UOVMHn0gjkcB16kQsv-8Unm3Vh_H9XXuTc8RRQdOF8VL0XuaEW1NDKwIbnfupAYYKG2b816UZWAeQ0P4iNCrO5YLjyAHSF8RkVIn8jA2SSmazx9a9lFGpkFqjz5njLvhiTyso2LRq78d80KjezyT7BgTLxGQotdRhi2_1Nd3nI4pJ3OJ5CaqVTAExwbemXBsUGDaFH4jKRM1Ktp2jkVhwBX30cK7FKA_j8RFTiHnQ8tl69ZsRlfqkLXdYCy2tFFlRkkynkdOOBNR0n0RkOvc8frQtypQ-FwEHAjV6sl2fKCcqCduBu1TzHnhuSFoQm2F6MsduXJwbDXnoog0JLterUzO5tNiAbtp9NeTI HTTP 302
  • https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
Request Chain 18
  • https://crtv.wboptim.online/icon?url=%2F%2Fngp2.picinow.com%2FadServe%2FwpnFeed%2FgetImage%3FauctionId%3Dc99732b8-da8e-48d0-b275-883a446082ea_560_588473%26ai%3DiW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwzuOt1RE3H-ZABuv0PuooGm1DESfu_gbx_vtlkzhTyYj1rn0tcauJNBBTV-08k4LrxaZm9cxU29mYPyGYyeYlUHOi-z5jI1CXm39Us_z7eELTq_yTVHGIMcDk6E1GKaVK4HQzP5A_xxKVSZuRhhJ15HIzzB6aLotRYZFMIeEl5n-H2rReAyq4qm_piKVw7_2lWX32UT72QOWa8L5hzkuzxh_UOVMHNsQeDR68LsFzuH_sIVkuHPhsxdQOKhWj9DAPsdIWBcsDo1iZdyD-7fWEJBv2-HFd16UZWAeQ0P4iNCrO5YLjyAHSF8RkVIn8jA2SSmazx9YC3DqNbo6TO5njLvhiTyso2LRq78d80KjezyT7BgTLxGQotdRhi2_1Nd3nI4pJ3OJ5CaqVTAExwbemXBsUGDaFH4jKRM1Ktp2jkVhwBX30cK7FKA_j8RFTiHnQ8tl69ZsRlfqkLXdYCy2tFFlRkkynkdOOBNR0n0SJm6yOuJhE1fpwk59ipsPuA8yftL2xQkeBu1TzHnhuSFoQm2F6MsduXJwbDXnoog0JLterUzO5tNiAbtp9NeTI&s=2047&a=bid_onw_500444&uA=bid_500444&sub=1529540&d=57&ic=1 HTTP 302
  • https://ngp2.picinow.com/adServe/wpnFeed/getImage?auctionId=c99732b8-da8e-48d0-b275-883a446082ea_560_588473&ai=iW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwzuOt1RE3H-ZABuv0PuooGm1DESfu_gbx_vtlkzhTyYj1rn0tcauJNBBTV-08k4LrxaZm9cxU29mYPyGYyeYlUHOi-z5jI1CXm39Us_z7eELTq_yTVHGIMcDk6E1GKaVK4HQzP5A_xxKVSZuRhhJ15HIzzB6aLotRYZFMIeEl5n-H2rReAyq4qm_piKVw7_2lWX32UT72QOWa8L5hzkuzxh_UOVMHNsQeDR68LsFzuH_sIVkuHPhsxdQOKhWj9DAPsdIWBcsDo1iZdyD-7fWEJBv2-HFd16UZWAeQ0P4iNCrO5YLjyAHSF8RkVIn8jA2SSmazx9YC3DqNbo6TO5njLvhiTyso2LRq78d80KjezyT7BgTLxGQotdRhi2_1Nd3nI4pJ3OJ5CaqVTAExwbemXBsUGDaFH4jKRM1Ktp2jkVhwBX30cK7FKA_j8RFTiHnQ8tl69ZsRlfqkLXdYCy2tFFlRkkynkdOOBNR0n0SJm6yOuJhE1fpwk59ipsPuA8yftL2xQkeBu1TzHnhuSFoQm2F6MsduXJwbDXnoog0JLterUzO5tNiAbtp9NeTI HTTP 302
  • https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
dl.php
mediacpm.pl/serve/
827 B
883 B
Document
General
Full URL
https://mediacpm.pl/serve/dl.php?user=MjM2MDM%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:ea5e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40
Resource Hash
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
752d8c2b48ba9295-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 30 Sep 2022 14:11:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0j4nJvxCYg6f7mlUDEebTZoY%2BlJCuM0K4acq9WHgoleBaHa2e%2F703NRfOZmHsmpZ3zlSxOaZJAa2rGWoFAINrhxlF9NCZKffcz9%2BIqeUSnoNaqdqlPmXUx%2Ff9rDVEqba8nYB6jXGYoFJA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
x-powered-by
PHP/5.6.40
dlvalid.php
mediacpm.pl/serve/
403 B
519 B
Document
General
Full URL
https://mediacpm.pl/serve/dlvalid.php?var1=23603&var2=&var3=aeccbdfaf&var4=1664547084
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:ea5e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40
Resource Hash
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://mediacpm.pl
Referer
https://mediacpm.pl/serve/dl.php?user=MjM2MDM%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
752d8c2d8bcc9295-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 30 Sep 2022 14:11:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELB9dz4na8DA1kQmplkaxneiD%2F6da8dkDuDkvSs1PmVn%2BDD0yhO4lk48v%2FR8EDGVo2c%2BGXlaReB8FVddj0EJhewgk5i%2BKvjo7f56D5Q5ZzZYkRCgEKeuJp1%2B0N93L4OlsDBx%2FHE5DaU3aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
DENY
x-powered-by
PHP/5.6.40
pop
cdn.tabici.com/
4 KB
2 KB
Document
General
Full URL
https://cdn.tabici.com/pop?wi=1934&subid=my_subid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.23.2.199 , France, ASN16276 (OVH, FR),
Reverse DNS
ns365170.ip-94-23-2.eu
Software
Apache /
Resource Hash
9d03e2656ab41cd55ff74b1edf1008d99c4cc6f91fddc07ebb1cc66b1049c01f
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://mediacpm.pl/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Upgrade, Keep-Alive
Content-Encoding
gzip
Content-Length
1490
Content-Type
text/html; charset=UTF-8
Date
Fri, 30 Sep 2022 14:11:24 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=2, max=1000
Pragma
no-cache
Server
Apache
Upgrade
h2,h2c
Vary
Accept-Encoding
X-Frame-Options
DENY
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: cdn.tabici.com
URL: https://cdn.tabici.com/pop?wi=1934&subid=my_subid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.tabici.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 30 Sep 2022 13:15:57 GMT
last-modified
Sun, 11 Sep 2022 13:50:09 GMT
server
Golfe2
age
3328
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19826
expires
Fri, 30 Sep 2022 15:15:57 GMT
splash.php
syndication.exoclick.com/
Redirect Chain
  • https://cdn.tabici.com/pop?wi=1934&subid=my_subid&handover=SPZWS5F2
  • http://syndication.exoclick.com/splash.php?idzone=1529540&type=8
1 KB
870 B
Document
General
Full URL
http://syndication.exoclick.com/splash.php?idzone=1529540&type=8
Protocol
HTTP/1.1
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://cdn.tabici.com/pop?wi=1934&subid=my_subid
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 30 Sep 2022 14:11:26 GMT
Server
nginx
Transfer-Encoding
chunked
X-Robots-Tag
noindex, follow

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 30 Sep 2022 14:11:25 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=2, max=999
Location
http://syndication.exoclick.com/splash.php?idzone=1529540&type=8
Pragma
no-cache
Server
Apache
X-Frame-Options
DENY
Primary Request index-cln-test.html
celeb-buzz-blog.com/elp/video-AK/
Redirect Chain
  • http://syndication.exoclick.com/splash.php?idzone=1529540&type=8&p=https%3A%2F%2Fcdn.tabici.com%2F&tested=1&check=913ab49c4a82c3388310fc3f416cea14&screen_resolution=1600x1200&container_resolution=1...
  • https://xmlapiclickredirect2.com/click?c=3olz1x31h5l8okcvv5&f=500444&s=1529540&d=W7nuWTeyJpcCI6IjEzOC4xOTkuMzguMTMzIiwiYnJvd3NlciI6IkNocm9tZSIsImJyb3dzZXJWZXJzaW9uIjoiMTA2LjAuNTI0OS42MSIsIm9zIjoiV2...
  • https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&typ...
25 KB
11 KB
Document
General
Full URL
https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Requested by
Host: syndication.exoclick.com
URL: http://syndication.exoclick.com/splash.php?idzone=1529540&type=8
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.168.170.165 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
de5ef06e186928aa15a36ab72101d2795c6be48bcbf9b14a2bf1579b9d25a91b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://syndication.exoclick.com/splash.php?idzone=1529540&type=8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html
date
Fri, 30 Sep 2022 14:11:27 GMT
etag
W/"62c3353d-6546"
last-modified
Mon, 04 Jul 2022 18:45:17 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Redirect headers

content-length
0
date
Fri, 30 Sep 2022 14:11:26 GMT
keep-alive
timeout=5
location
https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
style-new.css
celeb-buzz-blog.com/lp/plugin/css/
38 KB
25 KB
Stylesheet
General
Full URL
https://celeb-buzz-blog.com/lp/plugin/css/style-new.css
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.168.170.165 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
88463998ff9fa0fc4c6d6ca048e456779eaae4305b3e8ede91666b5c7ef4d9e3
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:27 GMT
content-encoding
gzip
last-modified
Fri, 03 Jul 2020 12:28:02 GMT
server
nginx
etag
W/"5eff2452-9791"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=2592000
expires
Sun, 30 Oct 2022 14:11:27 GMT
pageTemplate.min.css
celeb-buzz-blog.com/plugin/css/
2 KB
865 B
Stylesheet
General
Full URL
https://celeb-buzz-blog.com/plugin/css/pageTemplate.min.css
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.168.170.165 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
a44edde7abfe4086b29943ccf7c7443cfdda6b7a0460f54a2837ab889268d55c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:27 GMT
content-encoding
gzip
last-modified
Thu, 16 Jun 2022 09:39:41 GMT
server
nginx
etag
"62aafa5d-290"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=2592000
content-length
656
expires
Sun, 30 Oct 2022 14:11:27 GMT
pageTemplateClean.js
celeb-buzz-blog.com/lp/plugin/js/
5 KB
2 KB
Script
General
Full URL
https://celeb-buzz-blog.com/lp/plugin/js/pageTemplateClean.js
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.168.170.165 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
ea5d3e649d3937f0519df507456ed4c2fbea7f1b2fcbc8b937a21f6107951908
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:27 GMT
content-encoding
gzip
last-modified
Mon, 28 Mar 2022 09:35:16 GMT
server
nginx
etag
W/"62418154-1322"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
expires
Sun, 30 Oct 2022 14:11:27 GMT
script.js
celeb-buzz-blog.com/lp/loadcomplete/
7 KB
5 KB
Script
General
Full URL
https://celeb-buzz-blog.com/lp/loadcomplete/script.js
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.168.170.165 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
7c664050493a7973f724b768ad6a48e4b78eec90050015dc7152a08e7dbb32e7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:27 GMT
content-encoding
gzip
last-modified
Fri, 03 Jul 2020 09:24:48 GMT
server
nginx
etag
W/"5efef960-1d8a"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
expires
Sun, 30 Oct 2022 14:11:27 GMT
e-client.v2.js
celeb-buzz-blog.com/plugin/js/
33 KB
11 KB
Script
General
Full URL
https://celeb-buzz-blog.com/plugin/js/e-client.v2.js
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.168.170.165 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
3e0c01a6c467139034e28e06b14cfe72288008d377ef4c02219210058973a72a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:27 GMT
content-encoding
gzip
last-modified
Thu, 07 Jul 2022 08:43:02 GMT
server
nginx
etag
W/"62c69c96-82de"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
expires
Sun, 30 Oct 2022 14:11:27 GMT
bidder.js
celeb-buzz-blog.com/plugin/js/
17 KB
6 KB
Script
General
Full URL
https://celeb-buzz-blog.com/plugin/js/bidder.js
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.168.170.165 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
115c2d7f9fac10943e649ae4bf0cf767a51d44decdb6aa7f34f1361b85c6ff3a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:27 GMT
content-encoding
gzip
last-modified
Mon, 26 Sep 2022 10:39:07 GMT
server
nginx
etag
W/"6331814b-44a8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2592000
expires
Sun, 30 Oct 2022 14:11:27 GMT
arrow-blue4.png
celeb-buzz-blog.com/pageTemplate/
6 KB
7 KB
Image
General
Full URL
https://celeb-buzz-blog.com/pageTemplate/arrow-blue4.png
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.168.170.165 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
41173a98b0ae7b2001f183af16586aa6e6777195a5d100652f4365e310ae9372
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:27 GMT
last-modified
Thu, 16 Jun 2022 09:39:41 GMT
server
nginx
etag
"62aafa5d-194a"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
6474
expires
Sun, 30 Oct 2022 14:11:27 GMT
eclient30101
wbidder2.com/offer/
5 KB
2 KB
Fetch
General
Full URL
https://wbidder2.com/offer/eclient30101?affid=onw_500444&subid=1529540&days=8&cbjs=
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/plugin/js/bidder.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.152.225 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
5c2d50886534545a290add0c2b549f6d267cf89c41103bc1921fd8de01687012

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 30 Sep 2022 14:11:27 GMT
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
client
wbidder2.com/offer/
10 KB
3 KB
Fetch
General
Full URL
https://wbidder2.com/offer/client?affid=onw_500444&subid=1529540&days=8&count=5&adult=undefined
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/plugin/js/e-client.v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.152.225 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
a16e15ddcbc17a93bedec005a427aa0a873140f3bf804d6cd3bd2f24df94b26c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 30 Sep 2022 14:11:27 GMT
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
eclientclick
wbidder2.com/offer/
5 KB
2 KB
Fetch
General
Full URL
https://wbidder2.com/offer/eclientclick?affid=onw_500444&subid=1529540&days=8&count=1&adult=undefined
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/plugin/js/e-client.v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.227.152.225 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
5d2ce7f77ad8a3bd716cc4bb5e41d974d1409723bc0c0f5a3e09287b4633107b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 30 Sep 2022 14:11:27 GMT
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
youtube-eclient.png
celeb-buzz-blog.com/icons/
1 KB
2 KB
Image
General
Full URL
https://celeb-buzz-blog.com/icons/youtube-eclient.png
Requested by
Host: celeb-buzz-blog.com
URL: https://celeb-buzz-blog.com/elp/video-AK/index-cln-test.html?tag=500444&tag1=ADK&tag2=1529540&tag3=500444&tag4=ADK&clickid=3olz1x31h5l8okcvv5&country={country}&affid=500444&subid=1529540&as=adk&type=eclient30101&tn=120&tx=180
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.168.170.165 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
44732c891c3fffbf3ec24e05f43fb59908ed9e467f35f424f71a45a649f78f01
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:27 GMT
last-modified
Tue, 15 Mar 2022 16:54:11 GMT
server
nginx
etag
"6230c4b3-57c"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
1404
expires
Sun, 30 Oct 2022 14:11:27 GMT
69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
www.ssaimg.com/~lPYGowEUcpg/
Redirect Chain
  • https://crtv.wboptim.online/icon?url=%2F%2Fbeta.picinow.com%2FadServe%2FwpnFeed%2FgetImage%3FauctionId%3D39b5bdc9-bef2-4d97-b3e0-a134ff11cdea_560_588473%26ai%3DiW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwz...
  • https://beta.picinow.com/adServe/wpnFeed/getImage?auctionId=39b5bdc9-bef2-4d97-b3e0-a134ff11cdea_560_588473&ai=iW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwzuOt1RE3H-ZABuv0PuooGm1DESfu_gbx_vtlkzhTyYj1rn0tca...
  • https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
19 KB
19 KB
Image
General
Full URL
https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
Protocol
H2
Server
2606:4700:3038::6815:ebce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:28 GMT
cf-cache-status
HIT
last-modified
Sat, 05 Mar 2022 20:05:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
603
etag
"6223c28e-4c78"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7z2gUMY7vypLtDO0BI9tkJ2OlUU7Aq8m3LZLBZ5aNegt7C0NVfGCZnJqeo5PFC7Se2MNM6oK2jgOnYeVdkMgS9AAwNN9E2KAmYukKdMfy1uZM7Q3PK1OT8f52UOYR1Qb7Y6SmTlpQg0EpccFiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
752d8c44397f9046-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
19576

Redirect headers

access-control-allow-origin
*
location
https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
date
Fri, 30 Sep 2022 14:11:27 GMT
server
nginx
content-length
0
access-control-allow-methods
POST
69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
www.ssaimg.com/~lPYGowEUcpg/
Redirect Chain
  • https://crtv.wboptim.online/icon?url=%2F%2Fngp1.picinow.com%2FadServe%2FwpnFeed%2FgetImage%3FauctionId%3D354558e1-8181-49b7-be3c-4f9ff75d5715_560_588473%26ai%3DiW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwz...
  • https://ngp1.picinow.com/adServe/wpnFeed/getImage?auctionId=354558e1-8181-49b7-be3c-4f9ff75d5715_560_588473&ai=iW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwzuOt1RE3H-ZABuv0PuooGm1DESfu_gbx_vtlkzhTyYj1rn0tca...
  • https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
19 KB
20 KB
Image
General
Full URL
https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
Protocol
H2
Server
2606:4700:3038::6815:ebce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:28 GMT
cf-cache-status
HIT
last-modified
Sat, 05 Mar 2022 20:05:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
603
etag
"6223c28e-4c78"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7uyeX%2BOtDtQLAyHOwo1WysVHyTVojY3nxNmpZvrizU27yewWdxIiq%2BW%2FtSWGbAxFpoN4tV%2BvLv2r33ZJa8rTmfOPGm%2BwBgtCyyo0PnzWfbt53wXsxTgbVAPAYpcI5P9KqH7i83%2BarqxmlGyVA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
752d8c4439839046-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
19576

Redirect headers

access-control-allow-origin
*
location
https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
date
Fri, 30 Sep 2022 14:11:27 GMT
server
nginx
content-length
0
access-control-allow-methods
POST
69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
www.ssaimg.com/~lPYGowEUcpg/
Redirect Chain
  • https://crtv.wboptim.online/icon?url=%2F%2Fngp2.picinow.com%2FadServe%2FwpnFeed%2FgetImage%3FauctionId%3Dc99732b8-da8e-48d0-b275-883a446082ea_560_588473%26ai%3DiW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwz...
  • https://ngp2.picinow.com/adServe/wpnFeed/getImage?auctionId=c99732b8-da8e-48d0-b275-883a446082ea_560_588473&ai=iW7FkpYhLnhD1cdjco2gRDxZ5446WWdJzmnwzuOt1RE3H-ZABuv0PuooGm1DESfu_gbx_vtlkzhTyYj1rn0tca...
  • https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
19 KB
20 KB
Image
General
Full URL
https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
Protocol
H3
Server
2606:4700:3038::6815:ebce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Fri, 30 Sep 2022 14:11:28 GMT
cf-cache-status
HIT
last-modified
Sat, 05 Mar 2022 20:05:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
509
etag
"6223c28e-4c78"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKS8YY5VYt0CqxxFzNJ4SjG4vsuBbmH0mC9h9V4QJGq7SbprTvPvOyCycaNN3WUJ9VZPImdj0GoeyYjlEcMLMfyGeoUwcPjQGEudjS9HCGcyUMondU7Gk5mvjQSrP5oP3uRAtIWrzFDPyqQZbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
752d8c46285d9235-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
19576

Redirect headers

access-control-allow-origin
*
location
https://www.ssaimg.com/~lPYGowEUcpg/69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754.jpeg
date
Fri, 30 Sep 2022 14:11:28 GMT
server
nginx
content-length
0
access-control-allow-methods
POST

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| pageTemplate object| translations object| stringEl string| userLang string| string function| _0x3ab1 function| asyncGeneratorStep function| _0x2b02 function| _asyncToGenerator function| _slicedToArray function| _nonIterableRest function| _unsupportedIterableToArray function| _arrayLikeToArray function| _iterableToArrayLimit function| _arrayWithHoles function| eClient function| ownKeys function| _objectSpread function| _defineProperty function| _0xa55a function| _0x26ba function| getBidderUrl function| runEClient function| translate function| getLanguage

6 Cookies

Domain/Path Name / Value
cdn.tabici.com/ Name: PHPSESSID
Value: bnqlq7sppfek9sd6sqdgnfq28q
.cdn.tabici.com/ Name: _ga
Value: GA1.3.523162013.1664547085
.cdn.tabici.com/ Name: _gid
Value: GA1.3.1580861116.1664547085
cdn.tabici.com/ Name: _ti_pop_v
Value: 2147483647
.exoclick.com/ Name: __uvt
Value: a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226336f90e537879.70533308935030577%22%3B%7D
.exoclick.com/ Name: impressions
Value: mocxcllanxgxaacrcxblcgeimocxrebcnxgxaacrcxblcgeimoecaaeonxgxaacrcxblcgxcceimocemobbnxgxaacrcxblcgxcceimocxrexbnxgxaacrcxblcgeimoecaaeenxgxaacrcxblcgxcceimolcmsbonxgxaacrcxblcgxcceimssalcocnxgxaacrcxblcgxcceimsamrxebnxgxaacrcxblcgxcceimrbrxrcenxgxaacrcmebagxcce

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

beta.picinow.com
cdn.tabici.com
celeb-buzz-blog.com
crtv.wboptim.online
mediacpm.pl
ngp1.picinow.com
ngp2.picinow.com
syndication.exoclick.com
wbidder2.com
www.google-analytics.com
www.ssaimg.com
xmlapiclickredirect2.com
108.168.193.183
108.168.193.186
173.192.101.24
2001:4860:4802:32::178
213.227.145.137
213.227.152.225
2606:4700:3038::6815:ea5e
2606:4700:3038::6815:ebce
85.17.23.6
94.23.2.199
95.168.170.165
95.211.229.245
115c2d7f9fac10943e649ae4bf0cf767a51d44decdb6aa7f34f1361b85c6ff3a
3e0c01a6c467139034e28e06b14cfe72288008d377ef4c02219210058973a72a
41173a98b0ae7b2001f183af16586aa6e6777195a5d100652f4365e310ae9372
44732c891c3fffbf3ec24e05f43fb59908ed9e467f35f424f71a45a649f78f01
5c2d50886534545a290add0c2b549f6d267cf89c41103bc1921fd8de01687012
5d2ce7f77ad8a3bd716cc4bb5e41d974d1409723bc0c0f5a3e09287b4633107b
69bcf612b6ccefe6defe97f91656da792eced2b1217b62d366b9cdeb67929754
7c664050493a7973f724b768ad6a48e4b78eec90050015dc7152a08e7dbb32e7
88463998ff9fa0fc4c6d6ca048e456779eaae4305b3e8ede91666b5c7ef4d9e3
9d03e2656ab41cd55ff74b1edf1008d99c4cc6f91fddc07ebb1cc66b1049c01f
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
a16e15ddcbc17a93bedec005a427aa0a873140f3bf804d6cd3bd2f24df94b26c
a44edde7abfe4086b29943ccf7c7443cfdda6b7a0460f54a2837ab889268d55c
de5ef06e186928aa15a36ab72101d2795c6be48bcbf9b14a2bf1579b9d25a91b
ea5d3e649d3937f0519df507456ed4c2fbea7f1b2fcbc8b937a21f6107951908