urlscan.io logo urlscan.io
SecurityTrails logo

lp.urban-vpn.com Open in urlscan Pro
2a02:6ea0:c700::18  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=0...
Effective URL: https://lp.urban-vpn.com/vpn-extention/v2/?click_id=f00ok1ga0ixV4dOJcyg10xk0gTzZ02&offer_id=1012&aff_id=1002&adv_id=1000
Submission: On October 14 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 6 countries across 17 domains to perform 26 HTTP transactions. The main IP is 2a02:6ea0:c700::18, located in and belongs to . The main domain is lp.urban-vpn.com.
TLS certificate: Issued by R3 on October 12th 2022. Valid for: 3 months.
This is the only time lp.urban-vpn.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.21.81.52 13335 (CLOUDFLAR...)
1 188.114.97.3 13335 (CLOUDFLAR...)
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2 2606:4700:e2:... 13335 (CLOUDFLAR...)
1 62.212.87.141 60781 (LEASEWEB-...)
1 185.32.28.169 15699 (AS_ADAM A...)
1 94.237.103.119 202053 (UPCLOUD)
2 2 107.20.106.95 14618 (AMAZON-AES)
2 2 3.226.146.143 14618 (AMAZON-AES)
1 34.91.234.242 396982 (GOOGLE-CL...)
1 188.72.236.34 35415 (WEBZILLA)
1 1 139.45.197.239 9002 (RETN-AS)
2 2 47.241.193.57 ()
1 2a02:6ea0:c70... ()
26 10
1    104.21.81.52 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)
bercioles.com
1    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
poqueras.com
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
dakotatraff.com
2    2606:4700:e2::ac40:8c0c (United States)

ASN13335 (CLOUDFLARENET, US)
trk105.zzzperform.com
1    62.212.87.141 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
wwpushnews.com
1    185.32.28.169 (Spain)

ASN15699 (AS_ADAM Adam Datacenter, ES)
goaserver.com
1    94.237.103.119 (Finland)

ASN202053 (UPCLOUD, FI)
PTR: 94-237-103-119.de-fra1.upcloud.host
1d658ac571c.nobhere.com
2    107.20.106.95 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-106-95.compute-1.amazonaws.com
brko.admobe.com
zoro.admobe.com
2    3.226.146.143 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-146-143.compute-1.amazonaws.com
operaterefinedcompletelytheproduct.vip
initiateintenselystrongtheproduct.vip
1    34.91.234.242 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 242.234.91.34.bc.googleusercontent.com
track.gositego.live
1    188.72.236.34 (Netherlands)

ASN35415 (WEBZILLA, NL)
ti-files.org
1    139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)
hrenbjkdas.com
2    47.241.193.57 (None, )

ASN- ()
gulimedia.offerstrack.net
urbanvpn.offerstrack.net
1    2a02:6ea0:c700::18 (None, )

ASN- ()
lp.urban-vpn.com
Apex Domain
Subdomains		 Transfer
2 offerstrack.net
gulimedia.offerstrack.net
urbanvpn.offerstrack.net
403 B
2 admobe.com
brko.admobe.com — Cisco Umbrella Rank: 478432
zoro.admobe.com
677 B
2 zzzperform.com
trk105.zzzperform.com
13 KB
1 urban-vpn.com
lp.urban-vpn.com
1 initiateintenselystrongtheproduct.vip
initiateintenselystrongtheproduct.vip
388 B
1 hrenbjkdas.com
hrenbjkdas.com — Cisco Umbrella Rank: 577342
770 B
1 ti-files.org
ti-files.org — Cisco Umbrella Rank: 310416
8 KB
1 gositego.live
track.gositego.live — Cisco Umbrella Rank: 403913
473 B
1 operaterefinedcompletelytheproduct.vip
operaterefinedcompletelytheproduct.vip
359 B
1 nobhere.com
1d658ac571c.nobhere.com
1 KB
1 goaserver.com
goaserver.com
363 B
1 wwpushnews.com
wwpushnews.com
1 KB
1 dakotatraff.com
dakotatraff.com — Cisco Umbrella Rank: 96546
577 B
1 poqueras.com
poqueras.com — Cisco Umbrella Rank: 88135
1 KB
1 bercioles.com
bercioles.com — Cisco Umbrella Rank: 83558
1 KB
0 jsdelivr.net Failed
cdn.jsdelivr.net Failed
0 googletagmanager.com Failed
www.googletagmanager.com Failed
26 17
Domain Requested by
2 trk105.zzzperform.com 1 redirects poqueras.com
1 lp.urban-vpn.com ti-files.org
lp.urban-vpn.com
1 urbanvpn.offerstrack.net 1 redirects
1 gulimedia.offerstrack.net 1 redirects
1 initiateintenselystrongtheproduct.vip 1 redirects
1 zoro.admobe.com 1 redirects
1 hrenbjkdas.com 1 redirects
1 ti-files.org
1 track.gositego.live
1 operaterefinedcompletelytheproduct.vip 1 redirects
1 brko.admobe.com 1 redirects
1 1d658ac571c.nobhere.com
1 goaserver.com wwpushnews.com
1 wwpushnews.com bercioles.com
1 dakotatraff.com 1 redirects
1 poqueras.com bercioles.com
1 bercioles.com
0 cdn.jsdelivr.net Failed lp.urban-vpn.com
0 www.googletagmanager.com Failed lp.urban-vpn.com
26 19

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-09-09 -
2023-09-09		 a year crt.sh
*.zzzperform.com
E1		 2022-10-01 -
2022-12-30		 3 months crt.sh
trk.billysrv.com
R3		 2022-08-22 -
2022-11-20		 3 months crt.sh
goaserver.com
R3		 2022-09-18 -
2022-12-17		 3 months crt.sh
nobhere.com
R3		 2022-08-26 -
2022-11-24		 3 months crt.sh
track.gositego.live
Sectigo RSA Domain Validation Secure Server CA		 2022-05-31 -
2023-05-28		 a year crt.sh
ti-files.org
R3		 2022-09-22 -
2022-12-21		 3 months crt.sh
1511598999.rsc.cdn77.org
R3		 2022-10-12 -
2023-01-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://lp.urban-vpn.com/vpn-extention/v2/?click_id=f00ok1ga0ixV4dOJcyg10xk0gTzZ02&offer_id=1012&aff_id=1002&adv_id=1000
Frame ID: 96214A31ADD19A7BAF431CAC6D2C5B8B
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m... Page URL
  2. https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
  3. https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
    https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
  4. https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=40Y3VvB... HTTP 302
    https://wwpushnews.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fgoaserver.com%2Ftra... Page URL
  5. https://1d658ac571c.nobhere.com/?p=2781&media_type=mainstream&click_id=1665736648goa63491fc87a064&pi=314 Page URL
  6. https://brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5wkadxfo1dp6m... HTTP 302
    https://operaterefinedcompletelytheproduct.vip/-mx-TYFDDOfpBJJSlrLqmEdq_GZhD5WjA-wF_rLkbiA?clck=5wkadxfo1dp6mqlyhoxs04cgs,1... HTTP 302
    https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=cMU9PKcJZXzquJ2vY6s8c6_O9sdUBY4m&sub2=6jcR Page URL
  7. https://ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_6jcR&s3=63491fcaebc... Page URL
  8. https://hrenbjkdas.com/link?z=5428407&var=338447&ymid=AMofSWMPKgUANlYCAERFFwASADlDlikA HTTP 302
    https://zoro.admobe.com/DQjtVT/?utm_source=6852&utm_campaign=12068102&cid=604705712372977814&sid=542... HTTP 302
    https://initiateintenselystrongtheproduct.vip/MBRRunYmMvNhAF7xTTaphPhYGKC-JCHhI5JlLgtjdpw?cid=604705712372977814&sid=54284... HTTP 302
    https://gulimedia.offerstrack.net/index.php?offer_id=568&aff_id=305&aff_sub1=AJLJOtrzYMwIp2dwL-szDuZBtwsTZEDZ&... HTTP 302
    https://urbanvpn.offerstrack.net/index.php?offer_id=1012&aff_id=1002&aff_sub1=JHgk0004J00Z0Fa1Vy59cyO70ehWd0 HTTP 302
    https://lp.urban-vpn.com/vpn-extention/v2/?click_id=f00ok1ga0ixV4dOJcyg10xk0gTzZ02&offer_id=1012&aff_... Page URL

Page Statistics

26
Requests

31 %
HTTPS

21 %
IPv6

17
Domains

19
Subdomains

10
IPs

6
Countries

26 kB
Transfer

65 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=03LLBsgq4eG8JcDYNVda4F43e_1N3b4ALbs6sRCXFUMt6LRXm Page URL
  2. https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
  3. https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
    https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
  4. https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=40Y3VvBDU7PDw-PEBBQERHQ0MRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2npwEyNDM0BWd.CTpAOzwNb3cRQkRDRBWKkRlJGn2RhoIgIISNiCVWJoqTjCtbLJygnaQyMqmimTd.p6ihp6Fdh61jLwJrd2tpCHx7f3AMc4B8EXdzf4d6Fox5GmeKloaKi4FQV1FURU5.kZeOmqOgTn2EUWNjYmVxV4.iqHFweF63NjUrI0V1dnNtYG9tV3aCPkVESUFHSzY-Y2FuaGhJPouJjIdDa4qJkpdSSm6Un52clWBjY2pjZmVta250am5veCBUY2lld282PTxBOT9DDnCGEkoTeIIXTxh6Tk4dTU5QUFFSI4VZWihYWSqeki5eX2BhMpmaNmdoaDmdo6A.bz9mbXgEamZyem0JbXN5Dj9AQRF.gXsWR0dISRqOkI.FIFFSU1RVVlYnl5yNm6EuLp.ilaWoljZoZ2hsamxsdD6kdm1wBDc4BnltbwtzgIF.gkpAQYODhot8inqNSX.Mi04gk4SGhyZXV1peW1xhYC6SnqWiNDSspKQ5ObGiqLM-iG51Z28kTnRqNgltb3MOP0BBQkNERUZGR0hKS0tMTk9QUVJTVFVWV1hZWltcXV5eYGFiY2RlZmdoaWpqbG1ub3AxMjM0NTY3ODk6Ozw8Pg5yeYYTREVGRkhJSktMTU5PUFFSU1NVVVdYWVpbK6OiojCnX2Juq2OPbY6PdbJqr3Ktbm9wPnszcjt2d3h5R4Q8g0aGTYpCWmGEUG8ahoiLhSCFj094d2CLlSibnp8tXS6bkaAzM5yhqThoOaivPW5vbzAyMjM1NgZ.bAo7PDxvQA9zg4oUV32IhoV.OmtgYz5vjJaJjJKhj5WcjpyZjZlbn5SXX6mdmq2cqnR9o66sq6QgUUZJJFtvbH9ufId5dXh1cn52end7gHl6iXuAi4eNhY.JkYiKjI.MkJOLlGd7j6OZp5dTd6GfnKattqSqsaOxbmJuMHJmaXM1eXaAc3Z8D4N0dhRGSRaKiH0bTVAdgo.SIlMjkoiKKFlZKpignS9gZQ__&_tdf=22 HTTP 302
    https://wwpushnews.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fgoaserver.com%2Ftracking_sl.php%3Fhash%3D5d4ce6e096b07d9fb281439916e67b74%26aff_sub%3Dbmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459%26source%3D139445%26sub_source%3Dww&vId=bmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459&hash=270226461dc64814f22c&ete=true&pn=true Page URL
  5. https://1d658ac571c.nobhere.com/?p=2781&media_type=mainstream&click_id=1665736648goa63491fc87a064&pi=314 Page URL
  6. https://brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5wkadxfo1dp6mqlyhoxs04cgs,16543664,5,2781&sid=2781 HTTP 302
    https://operaterefinedcompletelytheproduct.vip/-mx-TYFDDOfpBJJSlrLqmEdq_GZhD5WjA-wF_rLkbiA?clck=5wkadxfo1dp6mqlyhoxs04cgs,16543664,5,2781&sid=2781 HTTP 302
    https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=cMU9PKcJZXzquJ2vY6s8c6_O9sdUBY4m&sub2=6jcR Page URL
  7. https://ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_6jcR&s3=63491fcaebc7f10001a5cde6 Page URL
  8. https://hrenbjkdas.com/link?z=5428407&var=338447&ymid=AMofSWMPKgUANlYCAERFFwASADlDlikA HTTP 302
    https://zoro.admobe.com/DQjtVT/?utm_source=6852&utm_campaign=12068102&cid=604705712372977814&sid=5428407_338447 HTTP 302
    https://initiateintenselystrongtheproduct.vip/MBRRunYmMvNhAF7xTTaphPhYGKC-JCHhI5JlLgtjdpw?cid=604705712372977814&sid=5428407_338447 HTTP 302
    https://gulimedia.offerstrack.net/index.php?offer_id=568&aff_id=305&aff_sub1=AJLJOtrzYMwIp2dwL-szDuZBtwsTZEDZ&source_id=v56c5oj_EEc55j HTTP 302
    https://urbanvpn.offerstrack.net/index.php?offer_id=1012&aff_id=1002&aff_sub1=JHgk0004J00Z0Fa1Vy59cyO70ehWd0 HTTP 302
    https://lp.urban-vpn.com/vpn-extention/v2/?click_id=f00ok1ga0ixV4dOJcyg10xk0gTzZ02&offer_id=1012&aff_id=1002&adv_id=1000 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
  • https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
Request Chain 3
  • https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=40Y3VvBDU7PDw-PEBBQERHQ0MRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2npwEyNDM0BWd.CTpAOzwNb3cRQkRDRBWKkRlJGn2RhoIgIISNiCVWJoqTjCtbLJygnaQyMqmimTd.p6ihp6Fdh61jLwJrd2tpCHx7f3AMc4B8EXdzf4d6Fox5GmeKloaKi4FQV1FURU5.kZeOmqOgTn2EUWNjYmVxV4.iqHFweF63NjUrI0V1dnNtYG9tV3aCPkVESUFHSzY-Y2FuaGhJPouJjIdDa4qJkpdSSm6Un52clWBjY2pjZmVta250am5veCBUY2lld282PTxBOT9DDnCGEkoTeIIXTxh6Tk4dTU5QUFFSI4VZWihYWSqeki5eX2BhMpmaNmdoaDmdo6A.bz9mbXgEamZyem0JbXN5Dj9AQRF.gXsWR0dISRqOkI.FIFFSU1RVVlYnl5yNm6EuLp.ilaWoljZoZ2hsamxsdD6kdm1wBDc4BnltbwtzgIF.gkpAQYODhot8inqNSX.Mi04gk4SGhyZXV1peW1xhYC6SnqWiNDSspKQ5ObGiqLM-iG51Z28kTnRqNgltb3MOP0BBQkNERUZGR0hKS0tMTk9QUVJTVFVWV1hZWltcXV5eYGFiY2RlZmdoaWpqbG1ub3AxMjM0NTY3ODk6Ozw8Pg5yeYYTREVGRkhJSktMTU5PUFFSU1NVVVdYWVpbK6OiojCnX2Juq2OPbY6PdbJqr3Ktbm9wPnszcjt2d3h5R4Q8g0aGTYpCWmGEUG8ahoiLhSCFj094d2CLlSibnp8tXS6bkaAzM5yhqThoOaivPW5vbzAyMjM1NgZ.bAo7PDxvQA9zg4oUV32IhoV.OmtgYz5vjJaJjJKhj5WcjpyZjZlbn5SXX6mdmq2cqnR9o66sq6QgUUZJJFtvbH9ufId5dXh1cn52end7gHl6iXuAi4eNhY.JkYiKjI.MkJOLlGd7j6OZp5dTd6GfnKattqSqsaOxbmJuMHJmaXM1eXaAc3Z8D4N0dhRGSRaKiH0bTVAdgo.SIlMjkoiKKFlZKpignS9gZQ__&_tdf=22 HTTP 302
  • https://wwpushnews.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fgoaserver.com%2Ftracking_sl.php%3Fhash%3D5d4ce6e096b07d9fb281439916e67b74%26aff_sub%3Dbmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459%26source%3D139445%26sub_source%3Dww&vId=bmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459&hash=270226461dc64814f22c&ete=true&pn=true
Request Chain 6
  • https://brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5wkadxfo1dp6mqlyhoxs04cgs,16543664,5,2781&sid=2781 HTTP 302
  • https://operaterefinedcompletelytheproduct.vip/-mx-TYFDDOfpBJJSlrLqmEdq_GZhD5WjA-wF_rLkbiA?clck=5wkadxfo1dp6mqlyhoxs04cgs,16543664,5,2781&sid=2781 HTTP 302
  • https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=cMU9PKcJZXzquJ2vY6s8c6_O9sdUBY4m&sub2=6jcR

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redirect
bercioles.com/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=03LLBsgq4eG8JcDYNVda4F43e_1N3b4ALbs6sRCXFUMt6LRXm
Protocol
HTTP/1.1
Server
104.21.81.52 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34149322801fc418dae7f3ee06d79db3d174edfbb829ea41d18ab9f612a9028e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
759efe3cf81275c9-LHR
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Fri, 14 Oct 2022 08:37:27 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FF5uqiXC%2Fg0PvphWlZMgs3miEZbhclyN2Fo5SEBEK7Fi4iZz9ouMns4DNsV62YJFUjybOfVKYVWX7lNPsnShfX8ZBPnzJSdDNA54pUPB97dTYJiJFmkeww%2Ff7N7l4Chv"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy
origin
vary
accept-encoding
slope
poqueras.com/noid/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Requested by
Host: bercioles.com
URL: http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=03LLBsgq4eG8JcDYNVda4F43e_1N3b4ALbs6sRCXFUMt6LRXm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
http://bercioles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache
cf-cache-status
DYNAMIC
cf-ray
759efe3eec3471fe-LHR
content-encoding
br
content-type
text/html;charset=ISO-8859-1
date
Fri, 14 Oct 2022 08:37:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JeR72Rqoj1rOR%2BKJU8IHyjh3bnyp4HIOlyUDa3ZYqe%2BD45wsfsZpNgElrR7KWntsJ54bceeehisrYtRHyPCDHjlWapN1VGIut2Usr1B3ysot9KlUcedS5%2BYUryO0V1w%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
270226461dc64814f22c.js
trk105.zzzperform.com/l/
Redirect Chain
  • https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false
  • https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
36 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
Requested by
Host: poqueras.com
URL: https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8c0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

Referer
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
2204
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=315360000
cf-cache-status
HIT
cf-ray
759efe414c3c72c6-LHR
content-encoding
br
content-type
text/html
date
Fri, 14 Oct 2022 08:37:27 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Tue, 20 Aug 2019 14:25:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=99yNHiCX9FYVfpM7obdJEsdtafESkN1v70J9uz5NfPgDbrd8qGcsEo8W1vVSa4Ht2oLVaJIsXwlq%2FOzZcYXo44WgYeKZRH2Ed0fNPTprM4%2FMyvE77fkEgqykVE3sly2xUuwyb4Gw4LyMmg1DDpYpmrEwWHg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
759efe4039808e14-LHR
date
Fri, 14 Oct 2022 08:37:27 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ogw7DqWWqwFSILkOl1bdaWHCN6nh%2FaUtW5xUoGzU%2BzaRgGalX%2BN20SNxQWxD8fa8q4bXRYkguQmP8qAYWmb2qY9wML8WzhOqQvRXN5%2FREglyg5Qti5gAs5FLoBEnyJrVr94bKbJ2Be%2B%2BJfe6PKA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
gw2.js
wwpushnews.com/
Redirect Chain
  • https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=40Y3VvBDU7PDw-PEBBQERHQ0MRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK4KVm2FhMKWVmzU1n645anBrbD2npwEyNDM0BWd....
  • https://wwpushnews.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fgoaserver.com%2Ftracking_sl.php%3Fhash%3D5d4ce6e096b07d9fb281439916e67b74%26aff_sub%3Dbmconv_20221014103728_b82eeb49_...
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wwpushnews.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fgoaserver.com%2Ftracking_sl.php%3Fhash%3D5d4ce6e096b07d9fb281439916e67b74%26aff_sub%3Dbmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459%26source%3D139445%26sub_source%3Dww&vId=bmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459&hash=270226461dc64814f22c&ete=true&pn=true
Requested by
Host: bercioles.com
URL: http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=03LLBsgq4eG8JcDYNVda4F43e_1N3b4ALbs6sRCXFUMt6LRXm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
62.212.87.141 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://trk105.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
max-age=315360000
Content-Encoding
gzip
Content-Type
text/html
Date
Fri, 14 Oct 2022 08:37:24 GMT
ETag
W/"5f88590d-589"
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified
Thu, 15 Oct 2020 14:13:33 GMT
Transfer-Encoding
chunked

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
759efe41ecce72c6-LHR
date
Fri, 14 Oct 2022 08:37:28 GMT
location
https://wwpushnews.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fgoaserver.com%2Ftracking_sl.php%3Fhash%3D5d4ce6e096b07d9fb281439916e67b74%26aff_sub%3Dbmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459%26source%3D139445%26sub_source%3Dww&vId=bmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459&hash=270226461dc64814f22c&ete=true&pn=true
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zJgMXCpdkdL8ixQpxgJWeAasNZ%2Fm1RfDXSLsElV85jhDLTKrbrQpi96mUtTr1fSYv%2FnXFJQ82U2SWh4iRHAb8BUrTCQGxO0D3AaBaRb8%2BBy3msVx0ugmLmqH9noTnlAJxs3FznD7JWOFnX3aZ4lpTMqgFBU%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
tracking_sl.php
goaserver.com/ 		0
363 B 		Document
General
Check archive.org
Download Go to
Full URL
https://goaserver.com/tracking_sl.php?hash=5d4ce6e096b07d9fb281439916e67b74&aff_sub=bmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459&source=139445&sub_source=ww
Requested by
Host: wwpushnews.com
URL: https://wwpushnews.com/l/270226461dc64814f22c?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Fgoaserver.com%2Ftracking_sl.php%3Fhash%3D5d4ce6e096b07d9fb281439916e67b74%26aff_sub%3Dbmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459%26source%3D139445%26sub_source%3Dww&vId=bmconv_20221014103728_b82eeb49_f309_480b_9fc5_0e61f01b5459&hash=270226461dc64814f22c&ete=true&pn=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.32.28.169 , Spain, ASN15699 (AS_ADAM Adam Datacenter, ES),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://wwpushnews.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 14 Oct 2022 08:37:28 GMT
Refresh
0; url=https://1d658ac571c.nobhere.com/?p=2781&media_type=mainstream&click_id=1665736648goa63491fc87a064&pi=314
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
/
1d658ac571c.nobhere.com/ 		963 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1d658ac571c.nobhere.com/?p=2781&media_type=mainstream&click_id=1665736648goa63491fc87a064&pi=314
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
94.237.103.119 , Finland, ASN202053 (UPCLOUD, FI),
Reverse DNS
94-237-103-119.de-fra1.upcloud.host
Software
/
Resource Hash
3267405146b9d52174e8feecc065ed2e17d6fffdeb3129dcfa49558cbfb44fa1

Request headers

Referer
https://goaserver.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 08:37:29 GMT
expires
Fri, 14 Oct 2022 08:37:29 GMT
last-modified
Fri, 14 Oct 2022 08:37:29 GMT
pragma
no-cache
vary
Accept-Encoding
x-robots-tag
noindex, nofollow
click
track.gositego.live/
Redirect Chain
  • https://brko.admobe.com/gsdagsdag/gsdagasd/?utm_source=1080&utm_campaign=11211032&clck=5wkadxfo1dp6mqlyhoxs04cgs,16543664,5,2781&sid=2781
  • https://operaterefinedcompletelytheproduct.vip/-mx-TYFDDOfpBJJSlrLqmEdq_GZhD5WjA-wF_rLkbiA?clck=5wkadxfo1dp6mqlyhoxs04cgs,16543664,5,2781&sid=2781
  • https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=cMU9PKcJZXzquJ2vY6s8c6_O9sdUBY4m&sub2=6jcR
248 B
473 B 		Document
General
Check archive.org
Download Go to
Full URL
https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=cMU9PKcJZXzquJ2vY6s8c6_O9sdUBY4m&sub2=6jcR
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.91.234.242 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
242.234.91.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
3ea7c0853c573272a7ed3c29375dfeac78e55955aeeace5200ae97a1fcc8aac6

Request headers

Referer
https://1d658ac571c.nobhere.com/?p=2781&media_type=mainstream&click_id=1665736648goa63491fc87a064&pi=314
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 14 Oct 2022 08:37:30 GMT
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
142
Content-Type
text/html
Date
Fri, 14 Oct 2022 08:37:30 GMT
Location
https://track.gositego.live/click?pid=3664&offer_id=17742&sub1=cMU9PKcJZXzquJ2vY6s8c6_O9sdUBY4m&sub2=6jcR
Server
nginx
GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921
ti-files.org/ 		7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_6jcR&s3=63491fcaebc7f10001a5cde6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.72.236.34 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Fri, 14 Oct 2022 08:37:30 GMT
Server
nginx
Transfer-Encoding
chunked
Primary Request /
lp.urban-vpn.com/vpn-extention/v2/
Redirect Chain
  • https://hrenbjkdas.com/link?z=5428407&var=338447&ymid=AMofSWMPKgUANlYCAERFFwASADlDlikA
  • https://zoro.admobe.com/DQjtVT/?utm_source=6852&utm_campaign=12068102&cid=604705712372977814&sid=5428407_338447
  • https://initiateintenselystrongtheproduct.vip/MBRRunYmMvNhAF7xTTaphPhYGKC-JCHhI5JlLgtjdpw?cid=604705712372977814&sid=5428407_338447
  • https://gulimedia.offerstrack.net/index.php?offer_id=568&aff_id=305&aff_sub1=AJLJOtrzYMwIp2dwL-szDuZBtwsTZEDZ&source_id=v56c5oj_EEc55j
  • https://urbanvpn.offerstrack.net/index.php?offer_id=1012&aff_id=1002&aff_sub1=JHgk0004J00Z0Fa1Vy59cyO70ehWd0
  • https://lp.urban-vpn.com/vpn-extention/v2/?click_id=f00ok1ga0ixV4dOJcyg10xk0gTzZ02&offer_id=1012&aff_id=1002&adv_id=1000
17 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://lp.urban-vpn.com/vpn-extention/v2/?click_id=f00ok1ga0ixV4dOJcyg10xk0gTzZ02&offer_id=1012&aff_id=1002&adv_id=1000
Requested by
Host: ti-files.org
URL: https://ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_6jcR&s3=63491fcaebc7f10001a5cde6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::18 -, , ASN (),
Reverse DNS
Software
CDN77-Turbo / PHP/8.0.22
Resource Hash

Request headers

Referer
https://ti-files.org/GcrKe5df719a4160df814a97c81d2d8cf908b45f4a921?q=&s1=3664_6jcR&s3=63491fcaebc7f10001a5cde6
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 14 Oct 2022 08:37:34 GMT
server
CDN77-Turbo
x-77-cache
MISS
x-77-nzt
AZySIRmcH9yh
x-77-nzt-ray
VhMGp5VylnM
x-77-pop
frankfurtDE
x-accel-expires
@1666773454
x-cache
MISS
x-powered-by
PHP/8.0.22

Redirect headers

content-length
0
date
Fri, 14 Oct 2022 08:37:33 GMT
location
https://lp.urban-vpn.com/vpn-extention/v2/?click_id=f00ok1ga0ixV4dOJcyg10xk0gTzZ02&offer_id=1012&aff_id=1002&adv_id=1000
bootstrap.min.css
lp.urban-vpn.com/styles/ 		0
0
main.min.css
lp.urban-vpn.com/styles/ 		0
0
js
www.googletagmanager.com/gtag/ 		0
0
js.cookie.min.js
cdn.jsdelivr.net/npm/js-cookie@3.0.1/dist/ 		0
0
offers-look.js
lp.urban-vpn.com/scripts/ 		0
0
logo.svg
lp.urban-vpn.com/assets/ 		0
0
ic-security.svg
lp.urban-vpn.com/assets/ 		0
0
ic-cyber-security.svg
lp.urban-vpn.com/assets/ 		0
0
ic-phishing.svg
lp.urban-vpn.com/assets/ 		0
0
jquery.min.js
lp.urban-vpn.com/scripts/ 		0
0
underscore-min.js
lp.urban-vpn.com/scripts/ 		0
0
helpers.js
lp.urban-vpn.com/scripts/ 		0
0
ext_urls_handler.js
lp.urban-vpn.com/scripts/ 		0
0
modal.js
lp.urban-vpn.com/scripts/ 		0
0
modal_base.js
lp.urban-vpn.com/scripts/ 		0
0
open-layers.min.js
lp.urban-vpn.com/scripts/ 		0
0
ip-location.js
lp.urban-vpn.com/scripts/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/styles/bootstrap.min.css?v=0.02
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/styles/main.min.css?v=0.02
Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-23MZGFFXPL
Domain
cdn.jsdelivr.net
URL
https://cdn.jsdelivr.net/npm/js-cookie@3.0.1/dist/js.cookie.min.js
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/scripts/offers-look.js
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/assets/logo.svg
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/assets/ic-security.svg
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/assets/ic-cyber-security.svg
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/assets/ic-phishing.svg
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/scripts/jquery.min.js
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/scripts/underscore-min.js
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/scripts/helpers.js?v=0.03
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/scripts/ext_urls_handler.js?v=0.05
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/scripts/modal.js?v=0.2
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/scripts/modal_base.js?v=0.2
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/scripts/open-layers.min.js?v=0.1
Domain
lp.urban-vpn.com
URL
https://lp.urban-vpn.com/scripts/ip-location.js?v=0.1

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

12 Cookies

Domain/Path Name / Value
trk105.zzzperform.com/ Name: BSESSID
Value: trk20e1a34b-7f37-4e1c-8578-07983e2d724d
.1d658ac571c.nobhere.com/ Name: rts-trck
Value: 1
.nobhere.com/ Name: t-uuid
Value: 5wkadxfoa6syoftwtcqgwwgkw
.nobhere.com/ Name: traffic-back
Value: ok
operaterefinedcompletelytheproduct.vip/ Name: session
Value: cMU9PKcJZXzquJ2vY6s8c6_O9sdUBY4m
track.gositego.live/ Name: afclick
Value: 63491fcaebc7f10001a5cde6
track.gositego.live/ Name: afoffers
Value: {"17742":1665736650}
ti-files.org/ Name: bd_context
Value: VyvNX3SMZog5JZ81rlosGfi20/+Q7yHAIsz+9z/aExH97Dr/SeQzcYgr6pjNV80AngPAxfDWbVtBgZ86lfN9JNu0hT7ePy5NM5M+mx6yKoQSJMrxPs8uysXWn9l/npee83qc5TPQcdJE99WwFZHY2kjIMKb1yU6M8+OW8Vz0qtMjfGARG7D4JTYQcBjI1Bz67AYarCsmM23Q0rV5fmCG4VV/d8/Kzfz7+dkUaAcDWcmLtB5a6Sf2fbE8ObWPnepd1ihxJU1huyvObNovhoP9iKqsc+Dl5JVP0Kgcm+j714HeU0qhnakCxODSxBf9NG57YpIBY85vP4zzqw==
hrenbjkdas.com/ Name: OAID
Value: c7c744a8008a4f2ca43d0ea2cd9379df
hrenbjkdas.com/ Name: oaidts
Value: 1665736651
hrenbjkdas.com/ Name: OXCCLK
Value: 6170254.1
hrenbjkdas.com/ Name: allcnt
Value: 1