urlscan.io logo urlscan.io
SecurityTrails logo

freeusd.xyz Open in urlscan Pro
107.189.31.154  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://capitalonebankgroup.com/
Effective URL: https://freeusd.xyz/?cp=19833
Submission: On September 20 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 6 countries across 10 domains to perform 16 HTTP transactions. The main IP is 107.189.31.154, located in Luxembourg, Luxembourg and belongs to PONYNET, US. The main domain is freeusd.xyz.
TLS certificate: Issued by R3 on July 22nd 2021. Valid for: 3 months.
This is the only time freeusd.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2607:fad0:380... 32244 (LIQUIDWEB)
1 1 198.134.116.30 27257 (WEBAIR-IN...)
3 3 213.227.156.13 60781 (LEASEWEB-...)
1 5.9.5.202 24940 (HETZNER-AS)
1 104.21.80.230 13335 (CLOUDFLAR...)
1 172.67.171.70 13335 (CLOUDFLAR...)
1 2 107.21.8.49 14618 (AMAZON-AES)
1 107.189.31.154 53667 (PONYNET)
2 185.85.242.92 49683 (MASSIVEGRID)
4 136.243.55.84 24940 (HETZNER-AS)
2 185.85.240.72 49683 (MASSIVEGRID)
1 185.189.56.92 49683 (MASSIVEGRID)
16 11
2    2607:fad0:3801:4::1 (United States)

ASN32244 (LIQUIDWEB, US)
capitalonebankgroup.com
1    198.134.116.30 (Grapevine, United States)

ASN27257 (WEBAIR-INTERNET, US)
click.expmediadirect1.com
3    213.227.156.13 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
biggerpicture.g2afse.com
1    5.9.5.202 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.202.5.9.5.clients.your-server.de
armr.trckswrm.com
1    104.21.80.230 (None, )

ASN13335 (CLOUDFLARENET, US)
bercioles.com
1    172.67.171.70 (United States)

ASN13335 (CLOUDFLARENET, US)
poqueras.com
2    107.21.8.49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-8-49.compute-1.amazonaws.com
p.asce.xyz
1    107.189.31.154 (Luxembourg, Luxembourg)

ASN53667 (PONYNET, US)
freeusd.xyz
2    185.85.242.92 (London, United Kingdom)

ASN49683 (MASSIVEGRID, GB)
appsha-lon2.cointraffic.io
4    136.243.55.84 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.84.55.243.136.clients.your-server.de
ad.a-ads.com
static.a-ads.com
2    185.85.240.72 (Frankfurt am Main, Germany)

ASN49683 (MASSIVEGRID, GB)
apps-lon2.cointraffic.io
1    185.189.56.92 (Los Angeles, United States)

ASN49683 (MASSIVEGRID, GB)
files.cointraffic.io
Domain Requested by
3 biggerpicture.g2afse.com 3 redirects
2 apps-lon2.cointraffic.io appsha-lon2.cointraffic.io
2 static.a-ads.com ad.a-ads.com
2 ad.a-ads.com freeusd.xyz
2 appsha-lon2.cointraffic.io freeusd.xyz
appsha-lon2.cointraffic.io
2 p.asce.xyz 1 redirects poqueras.com
2 capitalonebankgroup.com capitalonebankgroup.com
1 files.cointraffic.io capitalonebankgroup.com
1 freeusd.xyz p.asce.xyz
1 poqueras.com bercioles.com
1 bercioles.com armr.trckswrm.com
1 armr.trckswrm.com capitalonebankgroup.com
1 click.expmediadirect1.com 1 redirects
16 13

This site contains links to these domains. Also see Links.

Domain
faucetlist.top
faucetpay.io
curvapay.com
dollarz.xyz
www.8pm.fun
7to11.club
Subject Issuer Validity Valid
armr.trckswrm.com
R3		 2021-07-17 -
2021-10-15		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-11-10 -
2021-11-09		 a year crt.sh
freeusd.xyz
R3		 2021-07-22 -
2021-10-20		 3 months crt.sh
appsha-lon2.cointraffic.io
Gandi Standard SSL CA 2		 2021-04-27 -
2022-05-11		 a year crt.sh
*.a-ads.com
Sectigo ECC Domain Validation Secure Server CA		 2020-12-02 -
2022-01-02		 a year crt.sh
apps-lon2.cointraffic.io
Gandi Standard SSL CA 2		 2021-04-27 -
2022-05-11		 a year crt.sh
files.cointraffic.io
Gandi Standard SSL CA 2		 2020-12-07 -
2021-12-15		 a year crt.sh

This page contains 3 frames:

Primary Page: https://freeusd.xyz/?cp=19833
Frame ID: F038CF7871FC99D6D01D6725CEFDF6F9
Requests: 11 HTTP requests in this frame

Frame: https://ad.a-ads.com/1568442?size=728x90&background_color=eeeeee
Frame ID: D453F4BF2DB5F429320EC71985A060A1
Requests: 3 HTTP requests in this frame

Frame: https://ad.a-ads.com/1568442?size=728x90&background_color=eeeeee
Frame ID: 992C8F58A05684BD8BDD6291EE771E0B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Free USD

Page URL History Show full URLs

  1. http://capitalonebankgroup.com/ Page URL
  2. http://capitalonebankgroup.com/page/bouncy.php?&bpae=Gbh%2Btqsmolx797uvSZcwm3RFI0KsUz6ucxT7%2Fpz%2BAKSzU8ES... Page URL
  3. http://click.expmediadirect1.com/click?i=h4f0fGwtC04_0 HTTP 302
    http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
    https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
    https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 302
    https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154 Page URL
  4. http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=AsQ... Page URL
  5. https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
  6. http://p.asce.xyz/go/216668/575137?wnw=false Page URL
  7. http://p.asce.xyz/ad/ad?p=216668&w=575137&t=f96e77581acaa9f3&r=aHR0cHMlM0ElMkYlMkZwb3F1ZXJhcy5... HTTP 303
    https://freeusd.xyz/?cp=19833 Page URL

Page Statistics

16
Requests

75 %
HTTPS

8 %
IPv6

10
Domains

13
Subdomains

11
IPs

6
Countries

617 kB
Transfer

682 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://capitalonebankgroup.com/ Page URL
  2. http://capitalonebankgroup.com/page/bouncy.php?&bpae=Gbh%2Btqsmolx797uvSZcwm3RFI0KsUz6ucxT7%2Fpz%2BAKSzU8ESxVLbu8AykA2ttu9THK9GmMqrYSoLqIPDTYX67rwOpxzMKlfnpWxtcw8nE1wPO1TSXeZ0hwCh0FYoBmRQ6rmCFsYpNs3Tvr7VnV5NZosL0qbYEtKgR%2B0PsuyewPG2uy8qlbQREJxiibQJ%2FSehs3tylOQ4E9875HW4PkHqO6mcoFCSk1K%2F0gVGH4or2G99YuFmpp7QHE7Jyja6sW6nZwXRDuHVWBEdOSF2zUWIgMCZrD7ZR9NqimkLHWZF23dfaXldiTJwxLa%2BbcAe2Z8NUgb9gFvUDOy4RwhvQam4hbaTuMyk2Ih7g0H7gBt%2FhXN9EPOd8dVut2vVlHP71Ln3FKkmq6M42uNZCDZejzgShK6IfvlFeLK0VolzlRY%3D&redirectType=js&inIframe=false&inPopUp=false Page URL
  3. http://click.expmediadirect1.com/click?i=h4f0fGwtC04_0 HTTP 302
    http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
    https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
    https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 302
    https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154 Page URL
  4. http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=AsQvqgYAAAF8AQbRlwAAAlEAAACaAAABMg Page URL
  5. https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
  6. http://p.asce.xyz/go/216668/575137?wnw=false Page URL
  7. http://p.asce.xyz/ad/ad?p=216668&w=575137&t=f96e77581acaa9f3&r=aHR0cHMlM0ElMkYlMkZwb3F1ZXJhcy5jb20lMkY=&vw=1600&vh=1200 HTTP 303
    https://freeusd.xyz/?cp=19833 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://click.expmediadirect1.com/click?i=h4f0fGwtC04_0 HTTP 302
  • http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
  • https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
  • https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 302
  • https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
capitalonebankgroup.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://capitalonebankgroup.com/
Protocol
HTTP/1.1
Server
2607:fad0:3801:4::1 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 / PHP/5.4.16
Resource Hash

Request headers

Host
capitalonebankgroup.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Mon, 20 Sep 2021 02:26:35 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By
PHP/5.4.16
Content-Length
1972
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
bouncy.php
capitalonebankgroup.com/page/ 		688 B
964 B 		Document
General
Check archive.org
Download Go to
Full URL
http://capitalonebankgroup.com/page/bouncy.php?&bpae=Gbh%2Btqsmolx797uvSZcwm3RFI0KsUz6ucxT7%2Fpz%2BAKSzU8ESxVLbu8AykA2ttu9THK9GmMqrYSoLqIPDTYX67rwOpxzMKlfnpWxtcw8nE1wPO1TSXeZ0hwCh0FYoBmRQ6rmCFsYpNs3Tvr7VnV5NZosL0qbYEtKgR%2B0PsuyewPG2uy8qlbQREJxiibQJ%2FSehs3tylOQ4E9875HW4PkHqO6mcoFCSk1K%2F0gVGH4or2G99YuFmpp7QHE7Jyja6sW6nZwXRDuHVWBEdOSF2zUWIgMCZrD7ZR9NqimkLHWZF23dfaXldiTJwxLa%2BbcAe2Z8NUgb9gFvUDOy4RwhvQam4hbaTuMyk2Ih7g0H7gBt%2FhXN9EPOd8dVut2vVlHP71Ln3FKkmq6M42uNZCDZejzgShK6IfvlFeLK0VolzlRY%3D&redirectType=js&inIframe=false&inPopUp=false
Requested by
Host: capitalonebankgroup.com
URL: http://capitalonebankgroup.com/
Protocol
HTTP/1.1
Server
2607:fad0:3801:4::1 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 / PHP/5.4.16
Resource Hash

Request headers

Host
capitalonebankgroup.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://capitalonebankgroup.com/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://capitalonebankgroup.com/

Response headers

Date
Mon, 20 Sep 2021 02:26:36 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By
PHP/5.4.16
Content-Length
688
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
recommendation
armr.trckswrm.com/
Redirect Chain
  • http://click.expmediadirect1.com/click?i=h4f0fGwtC04_0
  • http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source]
  • https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source]
  • https://biggerpicture.g2afse.com/click?pid=1&offer_id=188
  • https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154
211 B
288 B 		Document
General
Check archive.org
Download Go to
Full URL
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154
Requested by
Host: capitalonebankgroup.com
URL: http://capitalonebankgroup.com/page/bouncy.php?&bpae=Gbh%2Btqsmolx797uvSZcwm3RFI0KsUz6ucxT7%2Fpz%2BAKSzU8ESxVLbu8AykA2ttu9THK9GmMqrYSoLqIPDTYX67rwOpxzMKlfnpWxtcw8nE1wPO1TSXeZ0hwCh0FYoBmRQ6rmCFsYpNs3Tvr7VnV5NZosL0qbYEtKgR%2B0PsuyewPG2uy8qlbQREJxiibQJ%2FSehs3tylOQ4E9875HW4PkHqO6mcoFCSk1K%2F0gVGH4or2G99YuFmpp7QHE7Jyja6sW6nZwXRDuHVWBEdOSF2zUWIgMCZrD7ZR9NqimkLHWZF23dfaXldiTJwxLa%2BbcAe2Z8NUgb9gFvUDOy4RwhvQam4hbaTuMyk2Ih7g0H7gBt%2FhXN9EPOd8dVut2vVlHP71Ln3FKkmq6M42uNZCDZejzgShK6IfvlFeLK0VolzlRY%3D&redirectType=js&inIframe=false&inPopUp=false
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.9.5.202 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.202.5.9.5.clients.your-server.de
Software
/
Resource Hash

Request headers

Host
armr.trckswrm.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://capitalonebankgroup.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://capitalonebankgroup.com/page/bouncy.php?&bpae=Gbh%2Btqsmolx797uvSZcwm3RFI0KsUz6ucxT7%2Fpz%2BAKSzU8ESxVLbu8AykA2ttu9THK9GmMqrYSoLqIPDTYX67rwOpxzMKlfnpWxtcw8nE1wPO1TSXeZ0hwCh0FYoBmRQ6rmCFsYpNs3Tvr7VnV5NZosL0qbYEtKgR%2B0PsuyewPG2uy8qlbQREJxiibQJ%2FSehs3tylOQ4E9875HW4PkHqO6mcoFCSk1K%2F0gVGH4or2G99YuFmpp7QHE7Jyja6sW6nZwXRDuHVWBEdOSF2zUWIgMCZrD7ZR9NqimkLHWZF23dfaXldiTJwxLa%2BbcAe2Z8NUgb9gFvUDOy4RwhvQam4hbaTuMyk2Ih7g0H7gBt%2FhXN9EPOd8dVut2vVlHP71Ln3FKkmq6M42uNZCDZejzgShK6IfvlFeLK0VolzlRY%3D&redirectType=js&inIframe=false&inPopUp=false

Response headers

content-length
211
date
Mon, 20 Sep 2021 02:26:36 GMT

Redirect headers

server
nginx
date
Mon, 20 Sep 2021 02:26:36 GMT
content-length
0
location
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154
set-cookie
afclick=6147f15cb1e33300012d1999; expires=Tue, 20 Sep 2022 02:26:36 GMT; secure; SameSite=None afoffers={"188":1632104796}; expires=Tue, 20 Sep 2022 02:26:36 GMT; secure; SameSite=None
access-control-allow-origin
*
redirect
bercioles.com/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=AsQvqgYAAAF8AQbRlwAAAlEAAACaAAABMg
Requested by
Host: armr.trckswrm.com
URL: https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154
Protocol
HTTP/1.1
Server
104.21.80.230 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
185c84d27d02688035e29c885bf2c028a5ddac4f0cb2b18f8b677444dc450cbf

Request headers

Host
bercioles.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Mon, 20 Sep 2021 02:26:36 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
referrer-policy
origin
vary
accept-encoding
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EF29ozULg9j92RhjktaZzKF1hhKk4zZWj5Poi4lTPoYyAWJ3PFo3wj4OhEUas1u2yQlCjzJ1VXC07vC30nHP67ABmf6olR9KfxgEUcHoZwrzdiUUokNOjMa3EC6RfPrd"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
69179c230cfe3ac3-CDG
Content-Encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
slope
poqueras.com/noid/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Requested by
Host: bercioles.com
URL: http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=AsQvqgYAAAF8AQbRlwAAAlEAAACaAAABMg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.171.70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36d8a6a15aaf0bb71a13e8ac03a808deba4c31c2396edb211e82aa4f21350759

Request headers

:method
GET
:authority
poqueras.com
:scheme
https
:path
/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://bercioles.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://bercioles.com/

Response headers

date
Mon, 20 Sep 2021 02:26:36 GMT
content-type
text/html;charset=ISO-8859-1
referrer-policy
origin
cache-control
no-store, no-cache
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qq9SD4Un7L96xhx4gDPC1y7WyAF96relxgZeBZ1AHAaeXVnKhj1gbdIBHGhD9zbZ3EFOnf%2BTDf4Nj06Yt%2BJDOBCAvp34y%2BGNxqxlULzrNT%2FPhGU2Tu7hN5pznjeCGDg%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
69179c24aeab3a93-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
575137
p.asce.xyz/go/216668/ 		466 B
495 B 		Document
General
Check archive.org
Download Go to
Full URL
http://p.asce.xyz/go/216668/575137?wnw=false
Requested by
Host: poqueras.com
URL: https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Protocol
HTTP/1.1
Server
107.21.8.49 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-8-49.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8426d3c8331064688cf7580097f227cd315c2e76ba3ccec9474e75abb9c856ab

Request headers

Host
p.asce.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
https://poqueras.com/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://poqueras.com/

Response headers

Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 20 Sep 2021 02:26:37 GMT
Server
nginx
Vary
Accept-Encoding
Content-Length
307
Connection
keep-alive
Primary Request Cookie set /
freeusd.xyz/
Redirect Chain
  • http://p.asce.xyz/ad/ad?p=216668&w=575137&t=f96e77581acaa9f3&r=aHR0cHMlM0ElMkYlMkZwb3F1ZXJhcy5jb20lMkY=&vw=1600&vh=1200
  • https://freeusd.xyz/?cp=19833
12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://freeusd.xyz/?cp=19833
Requested by
Host: p.asce.xyz
URL: http://p.asce.xyz/go/216668/575137?wnw=false
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
107.189.31.154 Luxembourg, Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS
Software
nginx /
Resource Hash
a2c5640a4136a2d44076f104ca8c455348f3f66fc69add7b4a757a37edc89613
Security Headers
Name Value
Strict-Transport-Security max-age=8640000

Request headers

Host
freeusd.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://p.asce.xyz/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://p.asce.xyz/go/216668/575137?wnw=false

Response headers

Server
nginx
Date
Mon, 20 Sep 2021 02:26:37 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
PHPSESSID=j95sahr7uk3as6inkjmlutmf7a; path=/ r=19833; expires=Wed, 20-Oct-2021 02:26:37 GMT; Max-Age=2592000; path=/
Pragma
no-cache
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=8640000
Expires
Mon, 20 Sep 2021 02:27:37 GMT
Cache-Control
public
Content-Encoding
gzip

Redirect headers

Date
Mon, 20 Sep 2021 02:26:37 GMT
Location
https://freeusd.xyz/?cp=19833
Server
nginx
Content-Length
0
Connection
keep-alive
/
appsha-lon2.cointraffic.io/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appsha-lon2.cointraffic.io/js/?wkey=aYmi0xo8Df
Requested by
Host: freeusd.xyz
URL: https://freeusd.xyz/?cp=19833
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.85.242.92 London, United Kingdom, ASN49683 (MASSIVEGRID, GB),
Reverse DNS
Software
nginx /
Resource Hash
4ed36b7360ed81ceb491fe1a919d6c4bc04c54b1ed46d7f8769bf59699eda926

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://freeusd.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Sep 2021 02:26:37 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript
server
nginx
content-encoding
gzip
expires
0
1568442
ad.a-ads.com/ Frame D453 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1568442?size=728x90&background_color=eeeeee
Requested by
Host: freeusd.xyz
URL: https://freeusd.xyz/?cp=19833
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
136.243.55.84 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.84.55.243.136.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
f8b5ab9dfe16da21be6ac048fd5adf54035c04655c8c6bfa4a4566557520c213
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://freeusd.xyz/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://freeusd.xyz/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Mon, 20 Sep 2021 02:26:37 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://freeusd.xyz/
Content-Encoding
gzip
1568442
ad.a-ads.com/ Frame 992C 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.a-ads.com/1568442?size=728x90&background_color=eeeeee
Requested by
Host: freeusd.xyz
URL: https://freeusd.xyz/?cp=19833
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
136.243.55.84 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.84.55.243.136.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)
Resource Hash
f8b5ab9dfe16da21be6ac048fd5adf54035c04655c8c6bfa4a4566557520c213
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ad.a-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://freeusd.xyz/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://freeusd.xyz/

Response headers

Server
nginx/1.18.0 (Ubuntu)
Date
Mon, 20 Sep 2021 02:26:37 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Status
200 OK
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Powered-By
Phusion Passenger(R)
X-Original-Referer
https://freeusd.xyz/
Content-Encoding
gzip
728x90
static.a-ads.com/a-ads-banners/269043/ Frame D453 		279 KB
280 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/269043/728x90?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1568442?size=728x90&background_color=eeeeee
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
136.243.55.84 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.84.55.243.136.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
1cc1a9f9e94a846e8374e3632582d5232aa5bfa715c7e4defcc8fb12ac3a0f69

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Mon, 20 Sep 2021 02:26:37 GMT
Last-Modified
Fri, 17 Sep 2021 18:06:59 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
2FB9N0XB3KKN8TM2
ETag
"ed6ca48d3a8c5a9ede12fd4cadfe0560"
Content-Type
image/gif
Cache-Control
max-age=315360000
x-amz-replication-status
COMPLETED
Content-Length
286192
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
5zxAT42Jubd6Soe908oc4tW8clXwtJqY
x-amz-id-2
awfYWsMw1IrvrrdCnOjXrOcOKz13G4rxK8HCXR2ySh+r+489z3DCpUoGJXdT3FuqAyUo2++N6SY=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
728x90
static.a-ads.com/a-ads-banners/269043/ Frame 992C 		279 KB
280 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.a-ads.com/a-ads-banners/269043/728x90?region=eu-central-1
Requested by
Host: ad.a-ads.com
URL: https://ad.a-ads.com/1568442?size=728x90&background_color=eeeeee
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
136.243.55.84 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.84.55.243.136.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
1cc1a9f9e94a846e8374e3632582d5232aa5bfa715c7e4defcc8fb12ac3a0f69

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ad.a-ads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Mon, 20 Sep 2021 02:26:37 GMT
Last-Modified
Fri, 17 Sep 2021 18:06:59 GMT
Server
nginx/1.18.0 (Ubuntu)
x-amz-request-id
2FB9N0XB3KKN8TM2
ETag
"ed6ca48d3a8c5a9ede12fd4cadfe0560"
Content-Type
image/gif
Cache-Control
max-age=315360000
x-amz-replication-status
COMPLETED
Content-Length
286192
Connection
keep-alive
Accept-Ranges
bytes
x-amz-version-id
5zxAT42Jubd6Soe908oc4tW8clXwtJqY
x-amz-id-2
awfYWsMw1IrvrrdCnOjXrOcOKz13G4rxK8HCXR2ySh+r+489z3DCpUoGJXdT3FuqAyUo2++N6SY=
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ Frame D453 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 992C 		305 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
popunder.js
appsha-lon2.cointraffic.io/ats/ 		721 B
762 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://appsha-lon2.cointraffic.io/ats/popunder.js?v=1624271705790
Requested by
Host: appsha-lon2.cointraffic.io
URL: https://appsha-lon2.cointraffic.io/js/?wkey=aYmi0xo8Df
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.85.242.92 London, United Kingdom, ASN49683 (MASSIVEGRID, GB),
Reverse DNS
Software
nginx /
Resource Hash
02ca1e2a49e4525eb3b52a9a9d440baeac4556697c782f1874de554a1ae2ae8e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://freeusd.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 02:26:37 GMT
content-encoding
gzip
last-modified
Mon, 21 Jun 2021 10:43:15 GMT
server
nginx
etag
W/"60d06d43-2d1"
access-control-allow-methods
GET, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
tmp
apps-lon2.cointraffic.io/ 		475 B
931 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apps-lon2.cointraffic.io/tmp
Requested by
Host: appsha-lon2.cointraffic.io
URL: https://appsha-lon2.cointraffic.io/js/?wkey=aYmi0xo8Df
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.85.240.72 Frankfurt am Main, Germany, ASN49683 (MASSIVEGRID, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff9b51eb459b2bd73727d2a0e88fef48e0169ea141beb7c0092d1d3bd188888b

Request headers

Referer
https://freeusd.xyz/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Mon, 20 Sep 2021 02:26:38 GMT
server
nginx
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://freeusd.xyz
access-control-expose-headers
Content-Length,Content-Range
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires
0
tmp
apps-lon2.cointraffic.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://apps-lon2.cointraffic.io/tmp
Protocol
H2
Server
185.85.240.72 Frankfurt am Main, Germany, ASN49683 (MASSIVEGRID, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://freeusd.xyz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx
date
Mon, 20 Sep 2021 02:26:38 GMT
access-control-allow-origin
https://freeusd.xyz
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers
Content-Length,Content-Range
access-control-max-age
1728000
content-type
text/plain; charset=utf-8
content-length
0
script_130421.js
files.cointraffic.io/js/pnd/ 		87 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://files.cointraffic.io/js/pnd/script_130421.js
Requested by
Host: capitalonebankgroup.com
URL: http://capitalonebankgroup.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.189.56.92 Los Angeles, United States, ASN49683 (MASSIVEGRID, GB),
Reverse DNS
Software
nginx /
Resource Hash
c99f906cdd973cb07db964fd9cf7391a4ed7843d45972c284b8dc746215d8612

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://freeusd.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 02:26:38 GMT
content-encoding
gzip
etag
W/"60754f58-15cc0"
last-modified
Tue, 13 Apr 2021 07:59:20 GMT
server
nginx
alt-svc
h3-23=":443"; ma=86400
content-type
application/javascript

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster function| SHAMIR64 function| M function| X function| V function| Y function| md5_cmn function| md5_ff function| md5_gg function| md5_hh function| md5_ii function| safe_add function| bit_rol object| ctaYmi0xo8Df function| U6CC function| S2aa function| A7RR function| b2aa function| m5KK function| g0hh function| V5kk function| o5KK string| popns function| b133 object| CoinTrafficPnd

4 Cookies

Domain/Path Name / Value
biggerpicture.g2afse.com/ Name: afclick
Value: 6147f15cb1e33300012d1999
biggerpicture.g2afse.com/ Name: afoffers
Value: {"188":1632104796}
freeusd.xyz/ Name: PHPSESSID
Value: j95sahr7uk3as6inkjmlutmf7a
freeusd.xyz/ Name: r
Value: 19833