urlscan.io logo urlscan.io
SecurityTrails logo

trk81.zzzperform.com Open in urlscan Pro
2606:4700:e2::ac40:8d0c  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html#eQXCaD.z53mhn4ix?f2XHw2cc64M4cxZmVcdcJrcyc6mRdhXRScbbb4P
Effective URL: https://trk81.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f
Submission: On October 07 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 12 domains to perform 17 HTTP transactions. The main IP is 2606:4700:e2::ac40:8d0c, located in United States and belongs to CLOUDFLARENET, US. The main domain is trk81.zzzperform.com.
TLS certificate: Issued by E1 on October 1st 2022. Valid for: 3 months.
This is the only time trk81.zzzperform.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
1 1 82.81.85.250 8551 (BEZEQ-INT...)
1 5.9.200.36 24940 (HETZNER-AS)
5 2606:4700:303... 13335 (CLOUDFLAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
3 65.60.58.179 32475 (SINGLEHOP...)
2 3 51.68.82.147 16276 (OVH)
1 1 34.147.1.177 396982 (GOOGLE-CL...)
1 2 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 1 34.91.234.242 396982 (GOOGLE-CL...)
2 2606:4700:e2:... 13335 (CLOUDFLAR...)
17 8
1    2a00:1450:4001:830::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
storage.googleapis.com
1    82.81.85.250 (Jerusalem, Israel)

ASN8551 (BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone, IL)
PTR: bzq-82-81-85-250.red.bezeqint.net
dischargebackhanded.com
1    5.9.200.36 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.36.200.9.5.clients.your-server.de
leafrisingstar.com
5    2606:4700:3032::6815:1cae (United States)

ASN13335 (CLOUDFLARENET, US)
lynku.jukminung.com
kixa.jukminung.com
3    2606:4700:3030::ac43:bfdd (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
3    65.60.58.179 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
otto.sherlowcke.com
3    51.68.82.147 (France)

ASN16276 (OVH, FR)
www.wewillserv.com
1    34.147.1.177 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 177.1.147.34.bc.googleusercontent.com
admoustache.go2affise.com
2    2a06:98c1:3121::c (United States)

ASN13335 (CLOUDFLARENET, US)
myofferplus.com
carrytraff.com
1    34.91.234.242 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 242.234.91.34.bc.googleusercontent.com
track.gositego.live
2    2606:4700:e2::ac40:8d0c (United States)

ASN13335 (CLOUDFLARENET, US)
trk81.zzzperform.com
Apex Domain
Subdomains		 Transfer
5 jukminung.com
lynku.jukminung.com
kixa.jukminung.com — Cisco Umbrella Rank: 260728
25 KB
3 wewillserv.com
www.wewillserv.com — Cisco Umbrella Rank: 646049
6 KB
3 sherlowcke.com
otto.sherlowcke.com
7 KB
3 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 261287
3 KB
2 zzzperform.com
trk81.zzzperform.com
12 KB
1 carrytraff.com
carrytraff.com — Cisco Umbrella Rank: 324875
586 B
1 gositego.live
track.gositego.live — Cisco Umbrella Rank: 207537
223 B
1 myofferplus.com
myofferplus.com — Cisco Umbrella Rank: 359357
1 KB
1 go2affise.com
admoustache.go2affise.com — Cisco Umbrella Rank: 225144
210 B
1 leafrisingstar.com
leafrisingstar.com
450 B
1 dischargebackhanded.com
dischargebackhanded.com
304 B
1 googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 696
699 B
17 12
Domain Requested by
4 lynku.jukminung.com leafrisingstar.com
storage.googleapis.com
lynku.jukminung.com
3 www.wewillserv.com 2 redirects otto.sherlowcke.com
3 otto.sherlowcke.com lynku.jukminung.com
otto.sherlowcke.com
3 cdn.addlnk.com lynku.jukminung.com
myofferplus.com
kixa.jukminung.com
2 trk81.zzzperform.com kixa.jukminung.com
storage.googleapis.com
1 carrytraff.com 1 redirects
1 kixa.jukminung.com myofferplus.com
1 track.gositego.live 1 redirects
1 myofferplus.com www.wewillserv.com
1 admoustache.go2affise.com 1 redirects
1 leafrisingstar.com storage.googleapis.com
1 dischargebackhanded.com 1 redirects
1 storage.googleapis.com
17 13

This site contains no links.

Subject Issuer Validity Valid
storage.googleapis.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
leafrisingstar.com
Sectigo RSA Domain Validation Secure Server CA		 2021-12-29 -
2023-01-13		 a year crt.sh
*.jukminung.com
E1		 2022-09-19 -
2022-12-18		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-15 -
2023-05-15		 a year crt.sh
otto.sherlowcke.com
R3		 2022-09-13 -
2022-12-12		 3 months crt.sh
www.wewillserv.com
R3		 2022-08-10 -
2022-11-08		 3 months crt.sh
*.zzzperform.com
E1		 2022-10-01 -
2022-12-30		 3 months crt.sh

This page contains 2 frames:

Frame: https://trk81.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f&code=3dY3VvBDU7PDw5OUNCRENFQkgRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbABqagQ1NzY3CGqBDD1DPj8QcnoURUdGRxiNlBxMHYCUiYUjI4eQiyhZKY2Wjy5eL5.joKc1NaylnDqBqqtnbWcjTXNpNQhxfXFvDoKBhXYSeYaCF315hY2AHJJ-IG2QnIyQkYdWXVdaS1SEl52UoKmmVIOKV2lpaGt3IFhrcTo5QSeAPz40LE5.f3x2aXh2YH.LR05NUkpQVD9IbGp3cXFSR5SSlZBMdJOSm6BbU3edqKalnmlsbDYvMjE5NzpANkI7K19udHCCekFIR0xESk4Ze5EdVR6DjSJaI4VZWShYWVtbXF0ukGRlM2NkNamdOWlqa2wAZ2gENTY2B2txbgw9DXR7hhJ4dICIexd7gYccTU5PH4yPiSRVVVZXKJyenZMuX2BhYmNkZDWlqpuprzw8cHNmdnlnBzk4OT07PT1FD3WHfoEVSEkXin6AHByPgIKDIlNTVlpXWF1cKo6aoZ4wMKigoDU1rZ6krzuEqnRmbiNNc2k1CGxucg0.P0BBQkNERUVGR0lKSktNTk9QUVJTVFVWV1hZWltcXV1fYGFiY2RlZmdoaWlrbG0xMjM0NTY3ODk6Ozw9Pj5AEHR7iBVGR0hISktMTU5PUFFSU1RVVVdXWVpbXF0tpaSkMqlhZHCtZZFvkJF3dy90N3JzdHVDgDh3QHt8fX5MiUGIS4tSj0dfZolVdB.LjZCKJYqUVH18ZZCaLaCjpDJiM6CWpTg4oaauPTABcHcFNjc3ODo6Oz0.DoZ0EkNERHdIF3uLkhxfhZCOjYZCc2hrRneUnpGUmqmXnaSWpKGVoWOnnJ9nsaVleGd1P0hueXd2bytcUVQvZnp3inmHkoSAg4B9iYGFgoaLhIWUhouWkpiQmpSck5WXmpebnpafcoaarqSyZSFFb21qdHuEcnh-cX98cHw.gHR3gUOHhI6BhIodkYKEIlRXJJiWiylbXiuQnaAwYTGglpg2Z2c4pq6rPTE2&_tdf=24
Frame ID: 9F0B1BFC0DFDF92BC21B1186B7CB4A45
Requests: 14 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1665100800
Frame ID: 2DC8471CAB85EBF7CD950190C8E1A4BF
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Loading...

Page URL History Show full URLs

  1. https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html Page URL
  2. http://dischargebackhanded.com/anchoreQXCaD.z53mhn4ix?f2XHw2cc64M4cxZmVcdcJrcyc6mRdhXRScbbb4P HTTP 302
    https://leafrisingstar.com/17615862a1e9bd79000/d41VNaQMcWl5UTanZD8Q1x2Lj~E3NvMbQuHNYSA/1k0AwwO7USoPuw0A... Page URL
  3. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1291919164&pubid=690063 Page URL
  4. https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream... Page URL
  5. https://otto.sherlowcke.com/?utm_term=7151592062251434044&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
  6. https://otto.sherlowcke.com/proc.php?72ad1d20cd50d17a121f724741ff617d3a12794c Page URL
  7. https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website... Page URL
  8. https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website... HTTP 302
    https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website... HTTP 302
    https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000f82700beb73b5691f4cc3324455... HTTP 302
    https://myofferplus.com/rc/a91581ead4?affclick=633f8f181b0b600001e97f0f&pubid=503 Page URL
  9. https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubb4fe9477d86244d196641ab8f15be... HTTP 302
    https://kixa.jukminung.com/rc/19aff8b744?affclick=633f8f198957c80001ea61d4&pubid=930_8063a697_503 Page URL
  10. https://carrytraff.com/l/27000695f96a812e27e0?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f HTTP 302
    https://trk81.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8f... Page URL

Page Statistics

17
Requests

100 %
HTTPS

45 %
IPv6

12
Domains

13
Subdomains

8
IPs

5
Countries

55 kB
Transfer

123 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html Page URL
  2. http://dischargebackhanded.com/anchoreQXCaD.z53mhn4ix?f2XHw2cc64M4cxZmVcdcJrcyc6mRdhXRScbbb4P HTTP 302
    https://leafrisingstar.com/17615862a1e9bd79000/d41VNaQMcWl5UTanZD8Q1x2Lj~E3NvMbQuHNYSA/1k0AwwO7USoPuw0Ahrxe145utT79xbdkh3w/FHFJMDerDl~c Page URL
  3. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1291919164&pubid=690063 Page URL
  4. https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pub2f915713718a4b2f9dd277c0a2ced5b9&2=690063 Page URL
  5. https://otto.sherlowcke.com/?utm_term=7151592062251434044&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
  6. https://otto.sherlowcke.com/proc.php?72ad1d20cd50d17a121f724741ff617d3a12794c Page URL
  7. https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d Page URL
  8. https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=5902eb1cd2e6169fa431421cced8a57c&eyer=0.29066010177855617&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
    https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.29066010177855617&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
    https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000f82700beb73b5691f4cc3324455384901007-202210-flb*5467509-4538f*M7151592062251434044*sl_5467509-4538f*a7abe2183efd810441b34a281585ba50363df95f*13260-d1f8b31e-4de5762b*13260 HTTP 302
    https://myofferplus.com/rc/a91581ead4?affclick=633f8f181b0b600001e97f0f&pubid=503 Page URL
  9. https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubb4fe9477d86244d196641ab8f15be83a&sub2=8063a697_503 HTTP 302
    https://kixa.jukminung.com/rc/19aff8b744?affclick=633f8f198957c80001ea61d4&pubid=930_8063a697_503 Page URL
  10. https://carrytraff.com/l/27000695f96a812e27e0?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f HTTP 302
    https://trk81.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://dischargebackhanded.com/anchoreQXCaD.z53mhn4ix?f2XHw2cc64M4cxZmVcdcJrcyc6mRdhXRScbbb4P HTTP 302
  • https://leafrisingstar.com/17615862a1e9bd79000/d41VNaQMcWl5UTanZD8Q1x2Lj~E3NvMbQuHNYSA/1k0AwwO7USoPuw0Ahrxe145utT79xbdkh3w/FHFJMDerDl~c
Request Chain 11
  • https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=5902eb1cd2e6169fa431421cced8a57c&eyer=0.29066010177855617&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
  • https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d&eyeg=3&eyer=0.29066010177855617&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=otto.sherlowcke.com HTTP 302
  • https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000f82700beb73b5691f4cc3324455384901007-202210-flb*5467509-4538f*M7151592062251434044*sl_5467509-4538f*a7abe2183efd810441b34a281585ba50363df95f*13260-d1f8b31e-4de5762b*13260 HTTP 302
  • https://myofferplus.com/rc/a91581ead4?affclick=633f8f181b0b600001e97f0f&pubid=503
Request Chain 13
  • https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubb4fe9477d86244d196641ab8f15be83a&sub2=8063a697_503 HTTP 302
  • https://kixa.jukminung.com/rc/19aff8b744?affclick=633f8f198957c80001ea61d4&pubid=930_8063a697_503

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
fqH9HaA.html
storage.googleapis.com/reaganstarkyjs/ 		117 B
699 B 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2648
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-length
117
content-type
text/html
date
Fri, 07 Oct 2022 01:45:33 GMT
etag
"8b91320949ba565a91951a397b8a7554"
expires
Fri, 07 Oct 2022 02:45:33 GMT
last-modified
Mon, 27 Jun 2022 08:45:29 GMT
server
UploadServer
x-goog-generation
1656319529407368
x-goog-hash
crc32c=JgA0VQ== md5=i5EyCUm6VlqRlRo5e4p1VA==
x-goog-metageneration
2
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
117
x-guploader-uploadid
ADPycdtkm6i7sVOjICQXC5cJh5egHtguPC0IwBPL6fgSJvtENWkWS6gqnLfNgDZYEz7sS-mM14k1VofTL5I3GQMqUX-ftBPI1_jM
FHFJMDerDl~c
leafrisingstar.com/17615862a1e9bd79000/d41VNaQMcWl5UTanZD8Q1x2Lj~E3NvMbQuHNYSA/1k0AwwO7USoPuw0Ahrxe145utT79xbdkh3w/
Redirect Chain
  • http://dischargebackhanded.com/anchoreQXCaD.z53mhn4ix?f2XHw2cc64M4cxZmVcdcJrcyc6mRdhXRScbbb4P
  • https://leafrisingstar.com/17615862a1e9bd79000/d41VNaQMcWl5UTanZD8Q1x2Lj~E3NvMbQuHNYSA/1k0AwwO7USoPuw0Ahrxe145utT79xbdkh3w/FHFJMDerDl~c
137 B
450 B 		Document
General
Check archive.org
Download Go to
Full URL
https://leafrisingstar.com/17615862a1e9bd79000/d41VNaQMcWl5UTanZD8Q1x2Lj~E3NvMbQuHNYSA/1k0AwwO7USoPuw0Ahrxe145utT79xbdkh3w/FHFJMDerDl~c
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
5.9.200.36 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.36.200.9.5.clients.your-server.de
Software
Apache /
Resource Hash

Request headers

Referer
https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html#eQXCaD.z53mhn4ix?f2XHw2cc64M4cxZmVcdcJrcyc6mRdhXRScbbb4P
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
137
Content-Type
text/html; charset=UTF-8
Date
Fri, 07 Oct 2022 02:29:42 GMT
Server
Apache

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 07 Oct 2022 02:18:16 GMT
Location
https://leafrisingstar.com/17615862a1e9bd79000/d41VNaQMcWl5UTanZD8Q1x2Lj%7EE3NvMbQuHNYSA/1k0AwwO7USoPuw0Ahrxe145utT79xbdkh3w/FHFJMDerDl%7Ec
Server
Apache
9e8aef8068
lynku.jukminung.com/rc/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1291919164&pubid=690063
Requested by
Host: leafrisingstar.com
URL: https://leafrisingstar.com/17615862a1e9bd79000/d41VNaQMcWl5UTanZD8Q1x2Lj~E3NvMbQuHNYSA/1k0AwwO7USoPuw0Ahrxe145utT79xbdkh3w/FHFJMDerDl~c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a21cf8802ed17d48df4e1b1a5408a158b10a201cd500e4a80e57e7ba04305877

Request headers

Referer
https://leafrisingstar.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
756335f03f9f9b5e-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Fri, 07 Oct 2022 02:29:43 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V4BWy7Y29iCCYpMyWSvOBqbxbJplIELKoM3FBctAwLmIF1cgshFGd6x5eQjLlBfpykSiYenlnKuk9IS7InVw0uPdJ4hs%2FH2J2okRNk6YhLsEgdzO94tJYJM9vMqUQwIkRT5mqsKUBg5tlXzwE3mn7w1I"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1291919164&pubid=690063
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 02:29:43 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
SK3KBGMKJ4YWWVBV
age
6812
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
eBDdEZo2g3ixnFPTboxVSgjMRQX3dQ63xWWEjrbl2vu0jkNe5fS7HtGt8F3jGl6QdU4QACxpR9I=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zGmjbOkIJXK3i5Mm1jKm7pE4LXH5bYu3U6jCULsYe0EaODbtLTk5WweGpMpBXJwq3Iw4naRfH08xHpLeurb%2FtHBbWAg4p11J1w1uzsbjru7MRGLe5SzlwCxaAeB8moFkmM%2BNG%2FqNxQCQtOWwgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
756335f19cec9bdd-FRA
invisible.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 2DC8 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1665100800
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a7af7b24d24798b04d4a054566eaf7a9cbc11ca26f721f56a36e7317a550481

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 02:29:43 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tP0K%2B%2F993vXhker1crUTS3MRCdqyfsglDqQZb3rK65dIQjrAKvEWdFGBpf7u1Nx%2Bd4Gg%2FvP3jHar0ME2hSdIvgTuM%2BPigdecA8cSwk6pWHx%2BesIsZAP0%2FTyT4bg4Z2yRLKje44%2FqKDAGCH4KipgJnE7F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
756335f1d8e59b5e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pica.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 2DC8 		21 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
291cf0bfd82247cc8c792c20bfc3d2fd280e3e1831e0bf54dc7341a666230f4a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 02:29:43 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=06scl07Y57x8gJHU8bZmIQFB6lZmWUSTYVW3pB81rVEKuYTyjw5Yammdxie9ZFUGKx%2BKIg1KaKGV3bVYR1Wo%2Fbdxbw5etYmiolLryFxH4GvxfsT4vYDA6cA31jKLHeNMV%2FJHa35EKPUaam94OrO6lssx"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
756335f219179b5e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
/
otto.sherlowcke.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pub2f915713718a4b2f9dd277c0a2ced5b9&2=690063
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1291919164&pubid=690063
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.1.9
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 07 Oct 2022 02:29:43 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://otto.sherlowcke.com/?utm_term=7151592062251434044&ver=4viyaptcjo
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-powered-by
PHP/8.1.9
756335f03f9f9b5e
lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 2DC8 		2 B
696 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/cv/result/756335f03f9f9b5e
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1665100800
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 07 Oct 2022 02:29:43 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sW0wA2PrH6PnYpdnNYCrvoLiE5k3uM62oNv%2Bg3XLmuBlaC76A6QDNPootmlKf%2B8HvNpVZ2wvYfuAPgJ6ASuZNKhqqp6XF8gdYt%2Bv6QIZe%2B%2B2LQJw%2FuO6I88ualWRkJourEsyPU4ChMjnMWkwx4Fhwoj9"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
756335f4aa755c0e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
/
otto.sherlowcke.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://otto.sherlowcke.com/?utm_term=7151592062251434044&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Requested by
Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pub2f915713718a4b2f9dd277c0a2ced5b9&2=690063
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.1.9
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Referer
https://otto.sherlowcke.com/?utm_medium=2c1d6fcd4cc55c1538e271f58234122bd508fe6f&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pub2f915713718a4b2f9dd277c0a2ced5b9&2=690063
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 07 Oct 2022 02:29:43 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-powered-by
PHP/8.1.9
proc.php
otto.sherlowcke.com/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://otto.sherlowcke.com/proc.php?72ad1d20cd50d17a121f724741ff617d3a12794c
Requested by
Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/?utm_term=7151592062251434044&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
65.60.58.179 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.1.9
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Referer
https://otto.sherlowcke.com/?utm_term=7151592062251434044&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 07 Oct 2022 02:29:44 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-powered-by
PHP/8.1.9
/
www.wewillserv.com/ 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Requested by
Host: otto.sherlowcke.com
URL: https://otto.sherlowcke.com/proc.php?72ad1d20cd50d17a121f724741ff617d3a12794c
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.68.82.147 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://otto.sherlowcke.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Type
text/html
Date
Fri, 07 Oct 2022 02:29:44 GMT
Transfer-Encoding
chunked
a91581ead4
myofferplus.com/rc/
Redirect Chain
  • https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
  • https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccb...
  • https://admoustache.go2affise.com/sl?id=5f0efd61dabed1d602e0fe6a&pid=503&sub1=33000f82700beb73b5691f4cc3324455384901007-202210-flb*5467509-4538f*M7151592062251434044*sl_5467509-4538f*a7abe2183efd81...
  • https://myofferplus.com/rc/a91581ead4?affclick=633f8f181b0b600001e97f0f&pubid=503
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://myofferplus.com/rc/a91581ead4?affclick=633f8f181b0b600001e97f0f&pubid=503
Requested by
Host: www.wewillserv.com
URL: https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.wewillserv.com/?sl=5467509-4538f&data1=Track1&data2=Track2&tag=M7151592062251434044&website=13260-d1f8b31e-4de5762b&placement=13260&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2fbf8f4f3f3f2fce2eeeee8ede7e9ee9d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
756335fd4f7190a9-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Fri, 07 Oct 2022 02:29:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N71%2BFBRnwQoMX3V0c%2Blnt5GSEcs7LQuD%2BdZOgd4lgyWhpa8xqlCxcwIi284MYl9LiI%2BKHmv5AbljtLzqmk6%2FC42pvzpoqfEOC%2ByQzaMbdpyn0Fzx6xj41Jk2irCFvOMh3AsjehuIzHzj%2Bf9bNdg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin
*
content-length
0
date
Fri, 07 Oct 2022 02:29:44 GMT
location
https://myofferplus.com/rc/a91581ead4?affclick=633f8f181b0b600001e97f0f&pubid=503
server
nginx
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=633f8f181b0b600001e97f0f&pubid=503
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 02:29:45 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
72BQ43Z832DMHS8A
age
1970
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iw6CDNdDHdpGbPA3REIdHo%2BEbBKjr75cwJqLuBMtIQFnzfeqU73rWf0ZoluDfQRDaelQMVeGsVcbj4nFCkd4%2B8f9ZE%2BFHYFpwngn1ZG9tw2J%2Bdso0YH0%2FmrogkloUkWCGZTd%2Bny0vgRmbh3X7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
756335fe4a40bbef-FRA
19aff8b744
kixa.jukminung.com/rc/
Redirect Chain
  • https://track.gositego.live/sl?id=62dfc1354b8cd38db57f7466&pid=930&sub1=pubb4fe9477d86244d196641ab8f15be83a&sub2=8063a697_503
  • https://kixa.jukminung.com/rc/19aff8b744?affclick=633f8f198957c80001ea61d4&pubid=930_8063a697_503
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kixa.jukminung.com/rc/19aff8b744?affclick=633f8f198957c80001ea61d4&pubid=930_8063a697_503
Requested by
Host: myofferplus.com
URL: https://myofferplus.com/rc/a91581ead4?affclick=633f8f181b0b600001e97f0f&pubid=503
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1cae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e079f5083364643631f963cc70c74aa701c1c2bc67d95c3c6d3b8cbc4a5dcfa4

Request headers

Referer
https://myofferplus.com/rc/a91581ead4?affclick=633f8f181b0b600001e97f0f&pubid=503
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
756336024e2f9b5e-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Fri, 07 Oct 2022 02:29:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v5kKcUCubgIPoEKMO4drQRnBJ%2FtL7WSazWmF2%2FaLA5EHh7fLhwUGXgS2BWmBkSAF264ZmAB2ppp5TgYhU0G4pqLeM8BbTOyJhcS4PloLRUQgC060rXiW1gD4nsbPO%2Bn6At0JTMLVWK6hRv6o4MbueSA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin
*
content-length
0
date
Fri, 07 Oct 2022 02:29:45 GMT
location
https://kixa.jukminung.com/rc/19aff8b744?affclick=633f8f198957c80001ea61d4&pubid=930_8063a697_503
server
nginx
redirect.css
cdn.addlnk.com/ 		1 KB
1016 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: kixa.jukminung.com
URL: https://kixa.jukminung.com/rc/19aff8b744?affclick=633f8f198957c80001ea61d4&pubid=930_8063a697_503
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:bfdd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Fri, 07 Oct 2022 02:29:46 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
72BQ43Z832DMHS8A
age
1971
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fzHcPgdWeODU8z4MdTf8%2BDPU0DrTW2XVemOxykzWamy8Ew724rY%2FQDZ7%2B1TtwglmS%2FY19BEheEkp89nZqDW%2FEc7TH2a8R1LtNmjKhuav78t3pm2LcKQmxbE1QjDTut2B%2Fhzmmm3lkGW4mXNklg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
75633602fe3dbbef-FRA
Primary Request 27000695f96a812e27e0.js
trk81.zzzperform.com/l/
Redirect Chain
  • https://carrytraff.com/l/27000695f96a812e27e0?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f
  • https://trk81.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f
36 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trk81.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f
Requested by
Host: kixa.jukminung.com
URL: https://kixa.jukminung.com/rc/19aff8b744?affclick=633f8f198957c80001ea61d4&pubid=930_8063a697_503
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8d0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Referer
https://kixa.jukminung.com/rc/19aff8b744?affclick=633f8f198957c80001ea61d4&pubid=930_8063a697_503
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1753
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
75633606ecb290be-FRA
content-encoding
br
content-type
text/html
date
Fri, 07 Oct 2022 02:29:46 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Thu, 15 Oct 2020 14:13:33 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HvEcUgieTEzOD%2FKG7Os366Ie02%2B1fksXuRlYci0kujLeS4m1t5kXeT2xn8UBUINyb%2BQNBj3YqgPJwFQmLa4h%2F78QV2qVQ4b%2FI9zcHm80bQT2c8B5%2BuyKglC1ifAsaSfJeHxCZeEwzBhORGCqpmFkOQC%2BNA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
756336065cd09bd4-FRA
date
Fri, 07 Oct 2022 02:29:46 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://trk81.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CcJqQ1ZFXTJdkzwB%2FBcDz9mdZRDgZ5x1xWwuopeJ5c0cJfOPaTRkreOUr%2BWFqRePLK3Nc0%2FQtW2f08tOJgZPky9YD7jSTZOu4%2F0q13%2BckG0cpdrhJ39MkECwvLIfeASwVOzG89TlU67Y8xNhlg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
27000695f96a812e27e0.js
trk81.zzzperform.com/l/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://trk81.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f&code=3dY3VvBDU7PDw5OUNCRENFQkgRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbABqagQ1NzY3CGqBDD1DPj8QcnoURUdGRxiNlBxMHYCUiYUjI4eQiyhZKY2Wjy5eL5.joKc1NaylnDqBqqtnbWcjTXNpNQhxfXFvDoKBhXYSeYaCF315hY2AHJJ-IG2QnIyQkYdWXVdaS1SEl52UoKmmVIOKV2lpaGt3IFhrcTo5QSeAPz40LE5.f3x2aXh2YH.LR05NUkpQVD9IbGp3cXFSR5SSlZBMdJOSm6BbU3edqKalnmlsbDYvMjE5NzpANkI7K19udHCCekFIR0xESk4Ze5EdVR6DjSJaI4VZWShYWVtbXF0ukGRlM2NkNamdOWlqa2wAZ2gENTY2B2txbgw9DXR7hhJ4dICIexd7gYccTU5PH4yPiSRVVVZXKJyenZMuX2BhYmNkZDWlqpuprzw8cHNmdnlnBzk4OT07PT1FD3WHfoEVSEkXin6AHByPgIKDIlNTVlpXWF1cKo6aoZ4wMKigoDU1rZ6krzuEqnRmbiNNc2k1CGxucg0.P0BBQkNERUVGR0lKSktNTk9QUVJTVFVWV1hZWltcXV1fYGFiY2RlZmdoaWlrbG0xMjM0NTY3ODk6Ozw9Pj5AEHR7iBVGR0hISktMTU5PUFFSU1RVVVdXWVpbXF0tpaSkMqlhZHCtZZFvkJF3dy90N3JzdHVDgDh3QHt8fX5MiUGIS4tSj0dfZolVdB.LjZCKJYqUVH18ZZCaLaCjpDJiM6CWpTg4oaauPTABcHcFNjc3ODo6Oz0.DoZ0EkNERHdIF3uLkhxfhZCOjYZCc2hrRneUnpGUmqmXnaSWpKGVoWOnnJ9nsaVleGd1P0hueXd2bytcUVQvZnp3inmHkoSAg4B9iYGFgoaLhIWUhouWkpiQmpSck5WXmpebnpafcoaarqSyZSFFb21qdHuEcnh-cX98cHw.gHR3gUOHhI6BhIodkYKEIlRXJJiWiylbXiuQnaAwYTGglpg2Z2c4pq6rPTE2&_tdf=24
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/reaganstarkyjs/fqH9HaA.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8d0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://trk81.zzzperform.com/l/27000695f96a812e27e0.js?sub=pub48c90fab24ad4e1b873f76e7c2075d97&source=b8fb511f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
75633607790d5b50-FRA
date
Fri, 07 Oct 2022 02:29:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CgkzIlHU8w6dOL%2BJEKloCwnK%2B7sOSoESIha7sTa5VAwxDlXhD6B2Dqw5STQeAez9g7zOBHAVESxR9oJd6%2BxPxosD982ETrLkcRgdR56gBwVqQNQKZ2m1OFsOy%2BywXFvWJzF4WrYszIPMpBO9Uh7%2BUBkyHA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| Y6VV number| r4nnnn number| l4nnnn number| t6u function| EKm8V

9 Cookies

Domain/Path Name / Value
leafrisingstar.com/ Name: uid15295
Value: 1291919164-20221006222942-cc439fec01c97da5f7f167a6a2e63952-
lynku.jukminung.com/ Name: AWSALB
Value: dfZJbPyR/Wv65DH6ZOnON+j88b/olWFgeNEqMZa1hFlHVaiAhMzq7kkKPMHk+dybj4QzEop4dwVsD7krCKTt78+ltngHujdMfS0hF4nk1nZfYC0QRD/GzZ7Fvvlq
.jukminung.com/ Name: __cf_bm
Value: yNHZ1iLfztxasgu05rYYar_nS0IbXy5FcnYEnevQZcY-1665109783-0-AUe6Y6dss8aoWZQgfhnTV1xOjdS8czzq7K0xEjbPS11sHbbFdTCllRxQpJsigB1kpWLC5YZHSdpmmxrlUnOqdoRx5TfdNkDUcUE5C4njmxtBbCca+d8L/rtZdvkDGyW/UQ==
otto.sherlowcke.com/ Name: u
Value: 859a54f24678c44125fd5aa53d904311
admoustache.go2affise.com/ Name: afclick
Value: 633f8f181b0b600001e97f0f
myofferplus.com/ Name: AWSALB
Value: cK3FqwuLNGpAeuOzFmuYeCJlfkT1qEFV1WOfCn4WQpAScxtH8bWHJeRkE31mu3iQRcbQ8u6FFFXkoINfQzcgUvRNMHQMNDNk9GN8qWGWfEa2q0rFSBREscwull5j
track.gositego.live/ Name: afclick
Value: 633f8f198957c80001ea61d4
kixa.jukminung.com/ Name: AWSALB
Value: si3HMV6CrW5mqvYN8O7YzxmCxQcUwAg3lyqd0HC+hwsUnKtEhbLLuqxgdsNIhUMgbpQQPCBhMPlqHWNqMDU/d9zdIh5e6ux9DuZJesw29asvz0jw8qFUy6opN7GI
trk81.zzzperform.com/ Name: BSESSID
Value: trka645438e-4f78-4813-8fcc-0c0236ab3130